diff options
author | Takashi Iwai <tiwai@suse.de> | 2020-03-11 08:37:19 +0100 |
---|---|---|
committer | Jiri Kosina <jkosina@suse.cz> | 2020-03-11 11:58:58 +0100 |
commit | 42f502dfe132edb8d7a47e6c0641ed82d718ad0b (patch) | |
tree | a6cde51f41f83ff951b7e0a4b616a97452c7305b | |
parent | HID: hid-bigbenff: fix race condition for scheduled work during removal (diff) | |
download | linux-42f502dfe132edb8d7a47e6c0641ed82d718ad0b.tar.xz linux-42f502dfe132edb8d7a47e6c0641ed82d718ad0b.zip |
HID: hid-picolcd_fb: Use scnprintf() for avoiding potential buffer overflow
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
-rw-r--r-- | drivers/hid/hid-picolcd_fb.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/hid/hid-picolcd_fb.c b/drivers/hid/hid-picolcd_fb.c index e162a668fb7e..37ba05e8d94d 100644 --- a/drivers/hid/hid-picolcd_fb.c +++ b/drivers/hid/hid-picolcd_fb.c @@ -459,9 +459,9 @@ static ssize_t picolcd_fb_update_rate_show(struct device *dev, if (ret >= PAGE_SIZE) break; else if (i == fb_update_rate) - ret += snprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i); + ret += scnprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i); else - ret += snprintf(buf+ret, PAGE_SIZE-ret, "%u ", i); + ret += scnprintf(buf+ret, PAGE_SIZE-ret, "%u ", i); if (ret > 0) buf[min(ret, (size_t)PAGE_SIZE)-1] = '\n'; return ret; |