Commit 6bbcf74d authored Mar 11, 2020 by Takashi Iwai Committed by Ulf Hansson Mar 24, 2020

mmc: vub300: Use scnprintf() for avoiding potential buffer overflow



Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20200311080439.13928-1-tiwai@suse.de


Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>

parent 398b2500

drivers/mmc/host/vub300.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1363,7 +1363,7 @@ static void download_offload_pseudocode(struct vub300_mmc_host *vub300)
		int retval;
		for (n = 0; n < sdio_funcs; n++) {
		struct sdio_func *sf = card->sdio_func[n];
		l += snprintf(vub300->vub_name + l,
		l += scnprintf(vub300->vub_name + l,
		sizeof(vub300->vub_name) - l, "_%04X%04X",
		sf->vendor, sf->device);
		}

Admin message