dmaengine: ppc4xx: Use scnprintf() for avoiding potential buffer overflow

tiwai · vinodkoul · commit 3a5a8a27545d · 2020-03-11T15:10:45.000+05:30
Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by: Takashi Iwai <tiwai@suse.de> Link: https://lore.kernel.org/r/20200311071606.4485-1-tiwai@suse.de Signed-off-by: Vinod Koul <vkoul@kernel.org>
diff --git a/drivers/dma/ppc4xx/adma.c b/drivers/dma/ppc4xx/adma.c
@@ -4303,7 +4303,7 @@ static ssize_t devices_show(struct device_driver *dev, char *buf)
 	for (i = 0; i < PPC440SPE_ADMA_ENGINES_NUM; i++) {
 		if (ppc440spe_adma_devices[i] == -1)
 			continue;
-		size += snprintf(buf + size, PAGE_SIZE - size,
+		size += scnprintf(buf + size, PAGE_SIZE - size,
 				 "PPC440SP(E)-ADMA.%d: %s\n", i,
 				 ppc_adma_errors[ppc440spe_adma_devices[i]]);
 	}

Original file line number	Diff line number	Diff line change
`@@ -4303,7 +4303,7 @@ static ssize_t devices_show(struct device_driver dev, char buf)`
`4303`	`4303`	`for (i = 0; i < PPC440SPE_ADMA_ENGINES_NUM; i++) {`
`4304`	`4304`	`if (ppc440spe_adma_devices[i] == -1)`
`4305`	`4305`	`continue;`
`4306`		`- size += snprintf(buf + size, PAGE_SIZE - size,`
	`4306`	`+ size += scnprintf(buf + size, PAGE_SIZE - size,`
`4307`	`4307`	`"PPC440SP(E)-ADMA.%d: %s\n", i,`
`4308`	`4308`	`ppc_adma_errors[ppc440spe_adma_devices[i]]);`
`4309`	`4309`	`}`