Commit 74dcd439 authored by Lars-Peter Clausen's avatar Lars-Peter Clausen Committed by Greg Kroah-Hartman

iio: iio_enum_available_read: Prevent possible buffer overflow

Use scnprint instead of snprintf, because snprintf returns the number of bytes
that would have been written to the buffer if there was enough space, and as a
result writing to buf[len-1] might cause a access beyond the buffers limits.
Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: default avatarLars-Peter Clausen <lars@metafoo.de>
Acked-by: default avatarJonathan Cameron <jic23@kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent a21e6bfe
...@@ -300,7 +300,7 @@ ssize_t iio_enum_available_read(struct iio_dev *indio_dev, ...@@ -300,7 +300,7 @@ ssize_t iio_enum_available_read(struct iio_dev *indio_dev,
return 0; return 0;
for (i = 0; i < e->num_items; ++i) for (i = 0; i < e->num_items; ++i)
len += snprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]); len += scnprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]);
/* replace last space with a newline */ /* replace last space with a newline */
buf[len - 1] = '\n'; buf[len - 1] = '\n';
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment