Commit 41252c6d authored Mar 11, 2020 by Takashi Iwai Committed by Christian König Mar 11, 2020

drm/ttm: Use scnprintf() for avoiding potential buffer overflow



Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Huang Rui <ray.huang@amd.com>
Reviewed-by: Christian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/357174/


Signed-off-by: Christian König <christian.koenig@amd.com>

parent 6bfad4ab

drivers/gpu/drm/ttm/ttm_page_alloc_dma.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -604,7 +604,7 @@ static struct dma_pool ttm_dma_pool_init(struct device dev, gfp_t flags,
		p = pool->name;
		for (i = 0; i < ARRAY_SIZE(t); i++) {
		if (type & t[i]) {
		p += snprintf(p, sizeof(pool->name) - (p - pool->name),
		p += scnprintf(p, sizeof(pool->name) - (p - pool->name),
		"%s", n[i]);
		}
		}

Admin message