From patchwork Wed Dec 13 16:42:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lee Jones X-Patchwork-Id: 13491640 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 68D7FC4167D for ; Wed, 13 Dec 2023 16:43:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To: Message-ID:Date:Subject:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=qahZdIW7Ah1IKXnkUD1Z2ZQo2wp18pGfSradA71ne0s=; b=24PTdWUuS6B29y G9qSl+6yZsUIHuOFE/x9+YMfAIRJ4+wdpwZaom0P22I2wJXNR0E2L8AqMxrXQb4zMV1+VmfP1MYzc Ylorxjv+kqpgEUhVlcFSfJnQwh7BJOH04ZYCsq+yF0IM76bp3yyTg0uVvvgKIYPvWtG/UG4MLSR44 68Z87Wmx6dPRp0/EwLhqatNuFw62fb5rDkDGlgOk2TsGc0/RYR4+y4+tN9rcYaGlahdXZ3MeKNmk9 5XD4iK91cRUnRT0sE+rmDYOBRp90r9iyHwnjBPYQO+0FUhFiUcVJVR+rLURp/UnrRNZJTrCRduuM+ 06h/F9ul2pxbHHv2WS9A==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux)) id 1rDSKG-00FUVS-2a; Wed, 13 Dec 2023 16:43:12 +0000 Received: from sin.source.kernel.org ([145.40.73.55]) by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux)) id 1rDSKD-00FUU3-2Z for linux-arm-kernel@lists.infradead.org; Wed, 13 Dec 2023 16:43:11 +0000 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id C0122CE2019; Wed, 13 Dec 2023 16:43:07 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7E5E0C433C8; Wed, 13 Dec 2023 16:43:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1702485787; bh=9MqdC0Lzr8nJH/eweGgenOuSKTiqYwlElEoxJCh++2Y=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=syOCzR1pFzH6D78Dms52k+7u8KamuzCVKnFQiO5Xo26CVrAFAO2+yMZ+w38Uo7IH3 Nl8bBxSJkTZ7cXOnuEhB0qQRuqJCUwul3a+s68hHqAVWntZ7ty0z2vPUgkM8YzyX/p 3+segpEX4C+XG5uJNn6EVnR2s4jWMjGl2mUPfLLr61dUw1idHZcHnCML4f1sW8Z9MB +jRGViIAwsHHD4PQs297yiEESHK7GKem8ZDn6hs6Fnyw79k02glVgxON0VgLIFlUSq En4wZ6/hxapsnOQOnlVhNfEvp6/7D+9nlZrxzfEbApLtlKdHCkAIgW8pDA69nX2za0 +hEiemazLugsw== From: Lee Jones To: lee@kernel.org, gregkh@linuxfoundation.org Subject: [PATCH 05/12] usb: gadget: udc: atmel: Replace snprintf() with the safer scnprintf() variant Date: Wed, 13 Dec 2023 16:42:34 +0000 Message-ID: <20231213164246.1021885-6-lee@kernel.org> X-Mailer: git-send-email 2.43.0.472.g3155946c3a-goog In-Reply-To: <20231213164246.1021885-1-lee@kernel.org> References: <20231213164246.1021885-1-lee@kernel.org> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20231213_084310_057745_DEC5248E X-CRM114-Status: GOOD ( 10.88 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Alexandre Belloni , linux-usb@vger.kernel.org, Claudiu Beznea , linux-kernel@vger.kernel.org, linux-arm-kernel@lists.infradead.org, Cristian Birsan Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org There is a general misunderstanding amongst engineers that {v}snprintf() returns the length of the data *actually* encoded into the destination array. However, as per the C99 standard {v}snprintf() really returns the length of the data that *would have been* written if there were enough space for it. This misunderstanding has led to buffer-overruns in the past. It's generally considered safer to use the {v}scnprintf() variants in their place (or even sprintf() in simple cases). So let's do that. Link: https://lwn.net/Articles/69419/ Link: https://github.com/KSPP/linux/issues/105 Cc: Cristian Birsan Cc: Nicolas Ferre Cc: Alexandre Belloni Cc: Claudiu Beznea Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Lee Jones --- drivers/usb/gadget/udc/atmel_usba_udc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/drivers/usb/gadget/udc/atmel_usba_udc.c b/drivers/usb/gadget/udc/atmel_usba_udc.c index 02b1bef5e22e2..b76885d78e8a7 100644 --- a/drivers/usb/gadget/udc/atmel_usba_udc.c +++ b/drivers/usb/gadget/udc/atmel_usba_udc.c @@ -94,7 +94,7 @@ static ssize_t queue_dbg_read(struct file *file, char __user *buf, inode_lock(file_inode(file)); list_for_each_entry_safe(req, tmp_req, queue, queue) { - len = snprintf(tmpbuf, sizeof(tmpbuf), + len = scnprintf(tmpbuf, sizeof(tmpbuf), "%8p %08x %c%c%c %5d %c%c%c\n", req->req.buf, req->req.length, req->req.no_interrupt ? 'i' : 'I', @@ -104,7 +104,6 @@ static ssize_t queue_dbg_read(struct file *file, char __user *buf, req->submitted ? 'F' : 'f', req->using_dma ? 'D' : 'd', req->last_transaction ? 'L' : 'l'); - len = min(len, sizeof(tmpbuf)); if (len > nbytes) break;