Commit ca44e47a authored by Takashi Iwai's avatar Takashi Iwai Committed by Kalle Valo
Browse files

ssb: Use scnprintf() for avoiding potential buffer overflow 



Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
parent 1da740e0

drivers/ssb/sprom.c

+2 −2
Original line number Diff line number Diff line
@@ -26,9 +26,9 @@ static int sprom2hex(const u16 *sprom, char *buf, size_t buf_len, 
	int i, pos = 0;



	for (i = 0; i < sprom_size_words; i++)

		pos += snprintf(buf + pos, buf_len - pos - 1,

		pos += scnprintf(buf + pos, buf_len - pos - 1,

				"%04X", swab16(sprom[i]) & 0xFFFF);

	pos += snprintf(buf + pos, buf_len - pos - 1, "\n");

	pos += scnprintf(buf + pos, buf_len - pos - 1, "\n");



	return pos + 1;

}

CRA Git | Maintained and supported by SUSTech CRA and CCSE