redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity

video: omap2: Use scnprintf() for avoiding potential buffer overflow

Browse source 
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200311093230.24900-3-tiwai@suse.de
This commit is contained in:
Takashi Iwai 2020-03-11 10:32:29 +01:00 committed by Bartlomiej Zolnierkiewicz
parent bf1b615ad9
commit 42f21e5452
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
drivers/video/fbdev/omap2/omapfb/omapfb-sysfs.c
View file

@ -147,11 +147,11 @@ static ssize_t show_overlays(struct device *dev,
if (ovl == fbdev->overlays[ovlnum]) if (ovl == fbdev->overlays[ovlnum])
break; break;
l += snprintf(buf + l, PAGE_SIZE - l, "%s%d", l += scnprintf(buf + l, PAGE_SIZE - l, "%s%d",
t == 0 ? "" : ",", ovlnum); t == 0 ? "" : ",", ovlnum);
} }
l += snprintf(buf + l, PAGE_SIZE - l, "\n"); l += scnprintf(buf + l, PAGE_SIZE - l, "\n");
omapfb_unlock(fbdev); omapfb_unlock(fbdev);
unlock_fb_info(fbi); unlock_fb_info(fbi);
@ -328,11 +328,11 @@ static ssize_t show_overlays_rotate(struct device *dev,
lock_fb_info(fbi); lock_fb_info(fbi);
for (t = 0; t < ofbi->num_overlays; t++) { for (t = 0; t < ofbi->num_overlays; t++) {
l += snprintf(buf + l, PAGE_SIZE - l, "%s%d", l += scnprintf(buf + l, PAGE_SIZE - l, "%s%d",
t == 0 ? "" : ",", ofbi->rotation[t]); t == 0 ? "" : ",", ofbi->rotation[t]);
} }
l += snprintf(buf + l, PAGE_SIZE - l, "\n"); l += scnprintf(buf + l, PAGE_SIZE - l, "\n");
unlock_fb_info(fbi); unlock_fb_info(fbi);