Skip to content

Commit

Permalink
HID: hid-sensor-custom: Use scnprintf() for avoiding potential buffer…
Browse files Browse the repository at this point in the history 
… overflow

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
  • Loading branch information
Takashi Iwai authored and Jiri Kosina committed Mar 11, 2020
1 parent 42f502d commit 62a1a58
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions drivers/hid/hid-sensor-custom.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -313,7 +313,7 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr,

while (i < ret) {
if (i + attribute->size > ret) {
len += snprintf(&buf[len],
len += scnprintf(&buf[len],
PAGE_SIZE - len,
"%d ", values[i]);
break;
Expand All @@ -336,10 +336,10 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr,
++i;
break;
}
len += snprintf(&buf[len], PAGE_SIZE - len,
len += scnprintf(&buf[len], PAGE_SIZE - len,
"%lld ", value);
}
len += snprintf(&buf[len], PAGE_SIZE - len, "\n");
len += scnprintf(&buf[len], PAGE_SIZE - len, "\n");

return len;
} else if (input)
Expand Down

0 comments on commit 62a1a58

Please sign in to comment.