Commit 42f21e54 authored by Takashi Iwai's avatar Takashi Iwai Committed by Bartlomiej Zolnierkiewicz
Browse files

video: omap2: Use scnprintf() for avoiding potential buffer overflow 



Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Signed-off-by: default avatarBartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200311093230.24900-3-tiwai@suse.de
parent bf1b615a

drivers/video/fbdev/omap2/omapfb/omapfb-sysfs.c

+4 −4
Original line number Diff line number Diff line
@@ -147,11 +147,11 @@ static ssize_t show_overlays(struct device *dev, 
			if (ovl == fbdev->overlays[ovlnum])

				break;



		l += snprintf(buf + l, PAGE_SIZE - l, "%s%d",

		l += scnprintf(buf + l, PAGE_SIZE - l, "%s%d",

				t == 0 ? "" : ",", ovlnum);

	}



	l += snprintf(buf + l, PAGE_SIZE - l, "\n");

	l += scnprintf(buf + l, PAGE_SIZE - l, "\n");



	omapfb_unlock(fbdev);

	unlock_fb_info(fbi);
@@ -328,11 +328,11 @@ static ssize_t show_overlays_rotate(struct device *dev, 
	lock_fb_info(fbi);



	for (t = 0; t < ofbi->num_overlays; t++) {

		l += snprintf(buf + l, PAGE_SIZE - l, "%s%d",

		l += scnprintf(buf + l, PAGE_SIZE - l, "%s%d",

				t == 0 ? "" : ",", ofbi->rotation[t]);

	}



	l += snprintf(buf + l, PAGE_SIZE - l, "\n");

	l += scnprintf(buf + l, PAGE_SIZE - l, "\n");



	unlock_fb_info(fbi);