forked from luck/tmp_suning_uos_patched
pinctrl: mediatek: Use scnprintf() for avoiding potential buffer overflow
Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by: Takashi Iwai <tiwai@suse.de> Link: https://lore.kernel.org/r/20200311090644.20287-1-tiwai@suse.de Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
This commit is contained in:
parent
492464cd46
commit
7eb42f9855
|
@ -611,7 +611,7 @@ ssize_t mtk_pctrl_show_one_pin(struct mtk_pinctrl *hw,
|
|||
} else if (pullen != MTK_DISABLE && pullen != MTK_ENABLE) {
|
||||
pullen = 0;
|
||||
}
|
||||
len += snprintf(buf + len, bufLen - len,
|
||||
len += scnprintf(buf + len, bufLen - len,
|
||||
"%03d: %1d%1d%1d%1d%02d%1d%1d%1d%1d",
|
||||
gpio,
|
||||
pinmux,
|
||||
|
@ -625,10 +625,10 @@ ssize_t mtk_pctrl_show_one_pin(struct mtk_pinctrl *hw,
|
|||
pullup);
|
||||
|
||||
if (r1 != -1) {
|
||||
len += snprintf(buf + len, bufLen - len, " (%1d %1d)\n",
|
||||
len += scnprintf(buf + len, bufLen - len, " (%1d %1d)\n",
|
||||
r1, r0);
|
||||
} else {
|
||||
len += snprintf(buf + len, bufLen - len, "\n");
|
||||
len += scnprintf(buf + len, bufLen - len, "\n");
|
||||
}
|
||||
|
||||
return len;
|
||||
|
|
Loading…
Reference in New Issue
Block a user