Commit 23ab5261 authored by Takashi Iwai's avatar Takashi Iwai Committed by Jason Gunthorpe
Browse files

IB/hfi1: Use scnprintf() for avoiding potential buffer overflow 

Since snprintf() returns the would-be-output size instead of the actual
output size, the succeeding calls may go beyond the given buffer limit.
Fix it by replacing with scnprintf().

Link: https://lore.kernel.org/r/20200319154641.23711-1-tiwai@suse.de


Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Signed-off-by: default avatarJason Gunthorpe <jgg@mellanox.com>
parent 987914ab

drivers/infiniband/hw/hfi1/fault.c

+2 −2
Original line number Diff line number Diff line
@@ -222,11 +222,11 @@ static ssize_t fault_opcodes_read(struct file *file, char __user *buf, 
	while (bit < bitsize) {

		zero = find_next_zero_bit(fault->opcodes, bitsize, bit);

		if (zero - 1 != bit)

			size += snprintf(data + size,

			size += scnprintf(data + size,

					 datalen - size - 1,

					 "0x%lx-0x%lx,", bit, zero - 1);

		else

			size += snprintf(data + size,

			size += scnprintf(data + size,

					 datalen - size - 1, "0x%lx,",

					 bit);

		bit = find_next_bit(fault->opcodes, bitsize, zero);

CRA Git | Maintained and supported by SUSTech CRA and CCSE