Commit 42f502df authored by Takashi Iwai's avatar Takashi Iwai Committed by Jiri Kosina

HID: hid-picolcd_fb: Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
parent 4eb1b01d
...@@ -459,9 +459,9 @@ static ssize_t picolcd_fb_update_rate_show(struct device *dev, ...@@ -459,9 +459,9 @@ static ssize_t picolcd_fb_update_rate_show(struct device *dev,
if (ret >= PAGE_SIZE) if (ret >= PAGE_SIZE)
break; break;
else if (i == fb_update_rate) else if (i == fb_update_rate)
ret += snprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i); ret += scnprintf(buf+ret, PAGE_SIZE-ret, "[%u] ", i);
else else
ret += snprintf(buf+ret, PAGE_SIZE-ret, "%u ", i); ret += scnprintf(buf+ret, PAGE_SIZE-ret, "%u ", i);
if (ret > 0) if (ret > 0)
buf[min(ret, (size_t)PAGE_SIZE)-1] = '\n'; buf[min(ret, (size_t)PAGE_SIZE)-1] = '\n';
return ret; return ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment