HID: hid-sensor-custom: Use scnprintf() for avoiding potential buffer overflow (62a1a580) · Commits · 戴 / test

Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by:

Takashi Iwai <tiwai@suse.de> Signed-off-by:

Jiri Kosina <jkosina@suse.cz>

drivers/hid/hid-sensor-custom.c

+3 −3

Original line number	Diff line number	Diff line
		@@ -313,7 +313,7 @@ static ssize_t show_value(struct device dev, struct device_attribute attr,

		while (i < ret) {
		if (i + attribute->size > ret) {
		len += snprintf(&buf[len],
		len += scnprintf(&buf[len],
		PAGE_SIZE - len,
		"%d ", values[i]);
		break;
		@@ -336,10 +336,10 @@ static ssize_t show_value(struct device dev, struct device_attribute attr,
		++i;
		break;
		}
		len += snprintf(&buf[len], PAGE_SIZE - len,
		len += scnprintf(&buf[len], PAGE_SIZE - len,
		"%lld ", value);
		}
		len += snprintf(&buf[len], PAGE_SIZE - len, "\n");
		len += scnprintf(&buf[len], PAGE_SIZE - len, "\n");

		return len;
		} else if (input)

Admin message