Commit 42f502df authored by Takashi Iwai's avatar Takashi Iwai Committed by Jiri Kosina
Browse files

HID: hid-picolcd_fb: Use scnprintf() for avoiding potential buffer overflow 



Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
parent 4eb1b01d

drivers/hid/hid-picolcd_fb.c

+2 −2
Original line number Diff line number Diff line
@@ -459,9 +459,9 @@ static ssize_t picolcd_fb_update_rate_show(struct device *dev, 
		if (ret >= PAGE_SIZE)

			break;

		else if (i == fb_update_rate)

			ret += snprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i);

			ret += scnprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i);

		else

			ret += snprintf(buf+ret, PAGE_SIZE-ret, "%u ", i);

			ret += scnprintf(buf+ret, PAGE_SIZE-ret, "%u ", i);

	if (ret > 0)

		buf[min(ret, (size_t)PAGE_SIZE)-1] = '\n';

	return ret;

CRA Git | Maintained and supported by SUSTech CRA and CCSE