redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity

video: omap2: Use scnprintf() for avoiding potential buffer overflow 

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200311093230.24900-3-tiwai@suse.de
alistair/sunxi64-5.8
Takashi Iwai 2020-03-11 10:32:29 +01:00 committed by Bartlomiej Zolnierkiewicz
parent bf1b615ad9
commit 42f21e5452
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
drivers/video/fbdev/omap2/omapfb/omapfb-sysfs.c
View File

@ -147,11 +147,11 @@ static ssize_t show_overlays(struct device *dev,
if (ovl == fbdev->overlays[ovlnum])
break;
l += snprintf(buf + l, PAGE_SIZE - l, "%s%d",
l += scnprintf(buf + l, PAGE_SIZE - l, "%s%d",
t == 0 ? "" : ",", ovlnum);
}
l += snprintf(buf + l, PAGE_SIZE - l, "\n");
l += scnprintf(buf + l, PAGE_SIZE - l, "\n");
omapfb_unlock(fbdev);
unlock_fb_info(fbi);
@ -328,11 +328,11 @@ static ssize_t show_overlays_rotate(struct device *dev,
lock_fb_info(fbi);
for (t = 0; t < ofbi->num_overlays; t++) {
l += snprintf(buf + l, PAGE_SIZE - l, "%s%d",
l += scnprintf(buf + l, PAGE_SIZE - l, "%s%d",
t == 0 ? "" : ",", ofbi->rotation[t]);
}
l += snprintf(buf + l, PAGE_SIZE - l, "\n");
l += scnprintf(buf + l, PAGE_SIZE - l, "\n");
unlock_fb_info(fbi);