Commit 06b522d6 authored Mar 11, 2020 by Takashi Iwai Committed by Bartlomiej Zolnierkiewicz Mar 20, 2020

video: uvesafb: Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200311093230.24900-4-tiwai@suse.de

parent 42f21e54

drivers/video/fbdev/uvesafb.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1560,7 +1560,7 @@ static ssize_t uvesafb_show_vbe_modes(struct device *dev,
		int ret = 0, i;

		for (i = 0; i < par->vbe_modes_cnt && ret < PAGE_SIZE; i++) {
		ret += snprintf(buf + ret, PAGE_SIZE - ret,
		ret += scnprintf(buf + ret, PAGE_SIZE - ret,
		"%dx%d-%d, 0x%.4x\n",
		par->vbe_modes[i].x_res, par->vbe_modes[i].y_res,
		par->vbe_modes[i].depth, par->vbe_modes[i].mode_id);