| Message ID | 20200315094241.9086-5-tiwai@suse.de (mailing list archive) |
|---|---|
| State | Mainlined |
| Commit | 473e554d656eb6d81df005a67f243b418554f5e5 |
| Headers | show |
| Series | scsi: Use scnprintf() for avoiding potential buffer overflow | expand |
diff --git a/drivers/scsi/gdth_proc.c b/drivers/scsi/gdth_proc.c index 381d849726ac..34149842cf1c 100644 --- a/drivers/scsi/gdth_proc.c +++ b/drivers/scsi/gdth_proc.c @@ -193,7 +193,7 @@ int gdth_show_info(struct seq_file *m, struct Scsi_Host *host) for (i = 1; i < MAX_RES_ARGS; i++) { if (reserve_list[i] == 0xff) break; - hlen += snprintf(hrec + hlen , 161 - hlen, ",%d", reserve_list[i]); + hlen += scnprintf(hrec + hlen , 161 - hlen, ",%d", reserve_list[i]); } } seq_printf(m,
Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Cc: "James E . J . Bottomley" <jejb@linux.ibm.com> Cc: "Martin K . Petersen" <martin.petersen@oracle.com> Cc: Achim Leubner <achim_leubner@adaptec.com> Cc: linux-scsi@vger.kernel.org Signed-off-by: Takashi Iwai <tiwai@suse.de> --- v1->v2: no change drivers/scsi/gdth_proc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)