From 4345e2e5c75895232a17e6783e6233beadc650c4 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Wed, 11 Mar 2020 08:47:06 +0100 Subject: media: rc: Use scnprintf() for avoiding potential buffer overflow Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by: Takashi Iwai Signed-off-by: Sean Young Signed-off-by: Mauro Carvalho Chehab --- drivers/media/rc/nuvoton-cir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'drivers/media/rc/nuvoton-cir.c') diff --git a/drivers/media/rc/nuvoton-cir.c b/drivers/media/rc/nuvoton-cir.c index 5c2cd8d2d155..48a69bf23236 100644 --- a/drivers/media/rc/nuvoton-cir.c +++ b/drivers/media/rc/nuvoton-cir.c @@ -230,10 +230,10 @@ static ssize_t wakeup_data_show(struct device *dev, for (i = 0; i < fifo_len; i++) { duration = nvt_cir_wake_reg_read(nvt, CIR_WAKE_RD_FIFO_ONLY); duration = (duration & BUF_LEN_MASK) * SAMPLE_PERIOD; - buf_len += snprintf(buf + buf_len, PAGE_SIZE - buf_len, + buf_len += scnprintf(buf + buf_len, PAGE_SIZE - buf_len, "%d ", duration); } - buf_len += snprintf(buf + buf_len, PAGE_SIZE - buf_len, "\n"); + buf_len += scnprintf(buf + buf_len, PAGE_SIZE - buf_len, "\n"); spin_unlock_irqrestore(&nvt->lock, flags); -- cgit v1.2.3