| Message ID | 20200311090739.20543-1-tiwai@suse.de (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Headers | show |
| Series | platform/x86: sony-laptop: Use scnprintf() for avoiding potential buffer overflow | expand |
On Wed, 11 Mar 2020 10:07:39 +0100, Takashi Iwai wrote: > > Since snprintf() returns the would-be-output size instead of the > actual output size, the succeeding calls may go beyond the given > buffer limit. Fix it by replacing with scnprintf(). > > Signed-off-by: Takashi Iwai <tiwai@suse.de> A gentle reminder about this forgotten patch. Let me know if any further change is needed. thanks, Takashi > --- > drivers/platform/x86/sony-laptop.c | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/drivers/platform/x86/sony-laptop.c b/drivers/platform/x86/sony-laptop.c > index fb088dd8529e..51309f7ceede 100644 > --- a/drivers/platform/x86/sony-laptop.c > +++ b/drivers/platform/x86/sony-laptop.c > @@ -827,10 +827,10 @@ static ssize_t sony_nc_handles_show(struct device *dev, > int i; > > for (i = 0; i < ARRAY_SIZE(handles->cap); i++) { > - len += snprintf(buffer + len, PAGE_SIZE - len, "0x%.4x ", > + len += scnprintf(buffer + len, PAGE_SIZE - len, "0x%.4x ", > handles->cap[i]); > } > - len += snprintf(buffer + len, PAGE_SIZE - len, "\n"); > + len += scnprintf(buffer + len, PAGE_SIZE - len, "\n"); > > return len; > } > @@ -2187,10 +2187,10 @@ static ssize_t sony_nc_thermal_profiles_show(struct device *dev, > > for (cnt = 0; cnt < THM_PROFILE_MAX; cnt++) { > if (!cnt || (th_handle->profiles & cnt)) > - idx += snprintf(buffer + idx, PAGE_SIZE - idx, "%s ", > + idx += scnprintf(buffer + idx, PAGE_SIZE - idx, "%s ", > snc_thermal_profiles[cnt]); > } > - idx += snprintf(buffer + idx, PAGE_SIZE - idx, "\n"); > + idx += scnprintf(buffer + idx, PAGE_SIZE - idx, "\n"); > > return idx; > } > -- > 2.16.4 >
On Thu, Mar 19, 2020 at 5:52 PM Takashi Iwai <tiwai@suse.de> wrote: > > On Wed, 11 Mar 2020 10:07:39 +0100, > Takashi Iwai wrote: > > > > Since snprintf() returns the would-be-output size instead of the > > actual output size, the succeeding calls may go beyond the given > > buffer limit. Fix it by replacing with scnprintf(). > > > > Signed-off-by: Takashi Iwai <tiwai@suse.de> > > A gentle reminder about this forgotten patch. > Let me know if any further change is needed. > > Pushed to my review and testing queue, thanks! > thanks, > > Takashi > > > --- > > drivers/platform/x86/sony-laptop.c | 8 ++++---- > > 1 file changed, 4 insertions(+), 4 deletions(-) > > > > diff --git a/drivers/platform/x86/sony-laptop.c b/drivers/platform/x86/sony-laptop.c > > index fb088dd8529e..51309f7ceede 100644 > > --- a/drivers/platform/x86/sony-laptop.c > > +++ b/drivers/platform/x86/sony-laptop.c > > @@ -827,10 +827,10 @@ static ssize_t sony_nc_handles_show(struct device *dev, > > int i; > > > > for (i = 0; i < ARRAY_SIZE(handles->cap); i++) { > > - len += snprintf(buffer + len, PAGE_SIZE - len, "0x%.4x ", > > + len += scnprintf(buffer + len, PAGE_SIZE - len, "0x%.4x ", > > handles->cap[i]); > > } > > - len += snprintf(buffer + len, PAGE_SIZE - len, "\n"); > > + len += scnprintf(buffer + len, PAGE_SIZE - len, "\n"); > > > > return len; > > } > > @@ -2187,10 +2187,10 @@ static ssize_t sony_nc_thermal_profiles_show(struct device *dev, > > > > for (cnt = 0; cnt < THM_PROFILE_MAX; cnt++) { > > if (!cnt || (th_handle->profiles & cnt)) > > - idx += snprintf(buffer + idx, PAGE_SIZE - idx, "%s ", > > + idx += scnprintf(buffer + idx, PAGE_SIZE - idx, "%s ", > > snc_thermal_profiles[cnt]); > > } > > - idx += snprintf(buffer + idx, PAGE_SIZE - idx, "\n"); > > + idx += scnprintf(buffer + idx, PAGE_SIZE - idx, "\n"); > > > > return idx; > > } > > -- > > 2.16.4 > >
diff --git a/drivers/platform/x86/sony-laptop.c b/drivers/platform/x86/sony-laptop.c index fb088dd8529e..51309f7ceede 100644 --- a/drivers/platform/x86/sony-laptop.c +++ b/drivers/platform/x86/sony-laptop.c @@ -827,10 +827,10 @@ static ssize_t sony_nc_handles_show(struct device *dev, int i; for (i = 0; i < ARRAY_SIZE(handles->cap); i++) { - len += snprintf(buffer + len, PAGE_SIZE - len, "0x%.4x ", + len += scnprintf(buffer + len, PAGE_SIZE - len, "0x%.4x ", handles->cap[i]); } - len += snprintf(buffer + len, PAGE_SIZE - len, "\n"); + len += scnprintf(buffer + len, PAGE_SIZE - len, "\n"); return len; } @@ -2187,10 +2187,10 @@ static ssize_t sony_nc_thermal_profiles_show(struct device *dev, for (cnt = 0; cnt < THM_PROFILE_MAX; cnt++) { if (!cnt || (th_handle->profiles & cnt)) - idx += snprintf(buffer + idx, PAGE_SIZE - idx, "%s ", + idx += scnprintf(buffer + idx, PAGE_SIZE - idx, "%s ", snc_thermal_profiles[cnt]); } - idx += snprintf(buffer + idx, PAGE_SIZE - idx, "\n"); + idx += scnprintf(buffer + idx, PAGE_SIZE - idx, "\n"); return idx; }
Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by: Takashi Iwai <tiwai@suse.de> --- drivers/platform/x86/sony-laptop.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)