iio: core: Use scnprintf() for avoiding potential buffer overflow (35a4eeb0) · Commits · 戴 / test

drivers/iio/industrialio-core.c

+17 −17

Original line number	Diff line number	Diff line
		@@ -566,46 +566,46 @@ static ssize_t __iio_format_value(char *buf, size_t len, unsigned int type,

		switch (type) {
		case IIO_VAL_INT:
		return snprintf(buf, len, "%d", vals[0]);
		return scnprintf(buf, len, "%d", vals[0]);
		case IIO_VAL_INT_PLUS_MICRO_DB:
		scale_db = true;
		/* fall through */
		case IIO_VAL_INT_PLUS_MICRO:
		if (vals[1] < 0)
		return snprintf(buf, len, "-%d.%06u%s", abs(vals[0]),
		return scnprintf(buf, len, "-%d.%06u%s", abs(vals[0]),
		-vals[1], scale_db ? " dB" : "");
		else
		return snprintf(buf, len, "%d.%06u%s", vals[0], vals[1],
		return scnprintf(buf, len, "%d.%06u%s", vals[0], vals[1],
		scale_db ? " dB" : "");
		case IIO_VAL_INT_PLUS_NANO:
		if (vals[1] < 0)
		return snprintf(buf, len, "-%d.%09u", abs(vals[0]),
		return scnprintf(buf, len, "-%d.%09u", abs(vals[0]),
		-vals[1]);
		else
		return snprintf(buf, len, "%d.%09u", vals[0], vals[1]);
		return scnprintf(buf, len, "%d.%09u", vals[0], vals[1]);
		case IIO_VAL_FRACTIONAL:
		tmp = div_s64((s64)vals[0] * 1000000000LL, vals[1]);
		tmp1 = vals[1];
		tmp0 = (int)div_s64_rem(tmp, 1000000000, &tmp1);
		return snprintf(buf, len, "%d.%09u", tmp0, abs(tmp1));
		return scnprintf(buf, len, "%d.%09u", tmp0, abs(tmp1));
		case IIO_VAL_FRACTIONAL_LOG2:
		tmp = shift_right((s64)vals[0] * 1000000000LL, vals[1]);
		tmp0 = (int)div_s64_rem(tmp, 1000000000LL, &tmp1);
		return snprintf(buf, len, "%d.%09u", tmp0, abs(tmp1));
		return scnprintf(buf, len, "%d.%09u", tmp0, abs(tmp1));
		case IIO_VAL_INT_MULTIPLE:
		{
		int i;
		int l = 0;

		for (i = 0; i < size; ++i) {
		l += snprintf(&buf[l], len - l, "%d ", vals[i]);
		l += scnprintf(&buf[l], len - l, "%d ", vals[i]);
		if (l >= len)
		break;
		}
		return l;
		}
		case IIO_VAL_CHAR:
		return snprintf(buf, len, "%c", (char)vals[0]);
		return scnprintf(buf, len, "%c", (char)vals[0]);
		default:
		return 0;
		}
		@@ -676,10 +676,10 @@ static ssize_t iio_format_avail_list(char buf, const int vals,
		if (len >= PAGE_SIZE)
		return -EFBIG;
		if (i < length - 1)
		len += snprintf(buf + len, PAGE_SIZE - len,
		len += scnprintf(buf + len, PAGE_SIZE - len,
		" ");
		else
		len += snprintf(buf + len, PAGE_SIZE - len,
		len += scnprintf(buf + len, PAGE_SIZE - len,
		"\n");
		if (len >= PAGE_SIZE)
		return -EFBIG;
		@@ -692,10 +692,10 @@ static ssize_t iio_format_avail_list(char buf, const int vals,
		if (len >= PAGE_SIZE)
		return -EFBIG;
		if (i < length / 2 - 1)
		len += snprintf(buf + len, PAGE_SIZE - len,
		len += scnprintf(buf + len, PAGE_SIZE - len,
		" ");
		else
		len += snprintf(buf + len, PAGE_SIZE - len,
		len += scnprintf(buf + len, PAGE_SIZE - len,
		"\n");
		if (len >= PAGE_SIZE)
		return -EFBIG;
		@@ -719,10 +719,10 @@ static ssize_t iio_format_avail_range(char buf, const int vals, int type)
		if (len >= PAGE_SIZE)
		return -EFBIG;
		if (i < 2)
		len += snprintf(buf + len, PAGE_SIZE - len,
		len += scnprintf(buf + len, PAGE_SIZE - len,
		" ");
		else
		len += snprintf(buf + len, PAGE_SIZE - len,
		len += scnprintf(buf + len, PAGE_SIZE - len,
		"]\n");
		if (len >= PAGE_SIZE)
		return -EFBIG;
		@@ -735,10 +735,10 @@ static ssize_t iio_format_avail_range(char buf, const int vals, int type)
		if (len >= PAGE_SIZE)
		return -EFBIG;
		if (i < 2)
		len += snprintf(buf + len, PAGE_SIZE - len,
		len += scnprintf(buf + len, PAGE_SIZE - len,
		" ");
		else
		len += snprintf(buf + len, PAGE_SIZE - len,
		len += scnprintf(buf + len, PAGE_SIZE - len,
		"]\n");
		if (len >= PAGE_SIZE)
		return -EFBIG;

Admin message