summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2020-03-11 08:37:19 +0100
committerJiri Kosina <jkosina@suse.cz>2020-03-11 11:58:58 +0100
commit42f502dfe132edb8d7a47e6c0641ed82d718ad0b (patch)
treea6cde51f41f83ff951b7e0a4b616a97452c7305b
parentHID: hid-bigbenff: fix race condition for scheduled work during removal (diff)
downloadlinux-42f502dfe132edb8d7a47e6c0641ed82d718ad0b.tar.xz
linux-42f502dfe132edb8d7a47e6c0641ed82d718ad0b.zip
HID: hid-picolcd_fb: Use scnprintf() for avoiding potential buffer overflow
Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-rw-r--r--drivers/hid/hid-picolcd_fb.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/hid/hid-picolcd_fb.c b/drivers/hid/hid-picolcd_fb.c
index e162a668fb7e..37ba05e8d94d 100644
--- a/drivers/hid/hid-picolcd_fb.c
+++ b/drivers/hid/hid-picolcd_fb.c
@@ -459,9 +459,9 @@ static ssize_t picolcd_fb_update_rate_show(struct device *dev,
if (ret >= PAGE_SIZE)
break;
else if (i == fb_update_rate)
- ret += snprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i);
+ ret += scnprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i);
else
- ret += snprintf(buf+ret, PAGE_SIZE-ret, "%u ", i);
+ ret += scnprintf(buf+ret, PAGE_SIZE-ret, "%u ", i);
if (ret > 0)
buf[min(ret, (size_t)PAGE_SIZE)-1] = '\n';
return ret;