diff options
author | Takashi Iwai <tiwai@suse.de> | 2020-03-11 10:38:24 +0300 |
---|---|---|
committer | Jiri Kosina <jkosina@suse.cz> | 2020-03-11 13:58:58 +0300 |
commit | 62a1a58039595698f644f560f00105bb4d5f5c7f (patch) | |
tree | 5b04a64465ee8f2ce07898bbc81854e6c7adf1cf | |
parent | 42f502dfe132edb8d7a47e6c0641ed82d718ad0b (diff) | |
download | linux-62a1a58039595698f644f560f00105bb4d5f5c7f.tar.xz |
HID: hid-sensor-custom: Use scnprintf() for avoiding potential buffer overflow
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-rw-r--r-- | drivers/hid/hid-sensor-custom.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/drivers/hid/hid-sensor-custom.c b/drivers/hid/hid-sensor-custom.c index fb827c295842..4d25577a8573 100644 --- a/drivers/hid/hid-sensor-custom.c +++ b/drivers/hid/hid-sensor-custom.c @@ -313,7 +313,7 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr, while (i < ret) { if (i + attribute->size > ret) { - len += snprintf(&buf[len], + len += scnprintf(&buf[len], PAGE_SIZE - len, "%d ", values[i]); break; @@ -336,10 +336,10 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr, ++i; break; } - len += snprintf(&buf[len], PAGE_SIZE - len, + len += scnprintf(&buf[len], PAGE_SIZE - len, "%lld ", value); } - len += snprintf(&buf[len], PAGE_SIZE - len, "\n"); + len += scnprintf(&buf[len], PAGE_SIZE - len, "\n"); return len; } else if (input) |