| Message ID | 20200311092718.24052-1-tiwai@suse.de (mailing list archive) |
|---|---|
| State | Accepted, archived |
| Delegated to: | Zhang Rui |
| Headers | show |
| Series | thermal: int340x_thermal: Use scnprintf() for avoiding potential buffer overflow | expand |
On Wed, 11 Mar 2020 10:27:18 +0100, Takashi Iwai wrote: > > Since snprintf() returns the would-be-output size instead of the > actual output size, the succeeding calls may go beyond the given > buffer limit. Fix it by replacing with scnprintf(). > > Signed-off-by: Takashi Iwai <tiwai@suse.de> A gentle reminder for this forgotten patch. Let me know if any further change is needed. thanks, Takashi > --- > drivers/thermal/intel/int340x_thermal/int3400_thermal.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > index efae0c02d898..529df7174239 100644 > --- a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > +++ b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > @@ -65,7 +65,7 @@ static ssize_t available_uuids_show(struct device *dev, > for (i = 0; i < INT3400_THERMAL_MAXIMUM_UUID; i++) { > if (priv->uuid_bitmap & (1 << i)) > if (PAGE_SIZE - length > 0) > - length += snprintf(&buf[length], > + length += scnprintf(&buf[length], > PAGE_SIZE - length, > "%s\n", > int3400_thermal_uuids[i]); > -- > 2.16.4 >
On Thu, 2020-03-19 at 16:50 +0100, Takashi Iwai wrote: > On Wed, 11 Mar 2020 10:27:18 +0100, > Takashi Iwai wrote: > > Since snprintf() returns the would-be-output size instead of the > > actual output size, the succeeding calls may go beyond the given > > buffer limit. Fix it by replacing with scnprintf(). > > > > Signed-off-by: Takashi Iwai <tiwai@suse.de> > Reviewed-by: Pandruvada, Srinivas <srinivas.pandruvada@linux.intel.com> > A gentle reminder for this forgotten patch. > Let me know if any further change is needed. > > > thanks, > > Takashi > > > --- > > drivers/thermal/intel/int340x_thermal/int3400_thermal.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git > > a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > > b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > > index efae0c02d898..529df7174239 100644 > > --- a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > > +++ b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c > > @@ -65,7 +65,7 @@ static ssize_t available_uuids_show(struct device > > *dev, > > for (i = 0; i < INT3400_THERMAL_MAXIMUM_UUID; i++) { > > if (priv->uuid_bitmap & (1 << i)) > > if (PAGE_SIZE - length > 0) > > - length += snprintf(&buf[length], > > + length += scnprintf(&buf[length], > > PAGE_SIZE - length, > > "%s\n", > > int3400_thermal_uuid > > s[i]); > > -- > > 2.16.4 > >
diff --git a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c index efae0c02d898..529df7174239 100644 --- a/drivers/thermal/intel/int340x_thermal/int3400_thermal.c +++ b/drivers/thermal/intel/int340x_thermal/int3400_thermal.c @@ -65,7 +65,7 @@ static ssize_t available_uuids_show(struct device *dev, for (i = 0; i < INT3400_THERMAL_MAXIMUM_UUID; i++) { if (priv->uuid_bitmap & (1 << i)) if (PAGE_SIZE - length > 0) - length += snprintf(&buf[length], + length += scnprintf(&buf[length], PAGE_SIZE - length, "%s\n", int3400_thermal_uuids[i]);
Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by: Takashi Iwai <tiwai@suse.de> --- drivers/thermal/intel/int340x_thermal/int3400_thermal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)