Commit ec7b5eda authored by Samuel Thibault's avatar Samuel Thibault Committed by Greg Kroah-Hartman
Browse files

speakup: replace sprintf() by scnprintf() 



Replace sprintf() by scnprintf() in order to avoid buffer overflows.

Signed-off-by: default avatarSalah Triki <salah.triki@gmail.com>
Signed-off-by: default avatarSamuel Thibault <samuel.thibault@ens-lyon.org>
Link: https://lore.kernel.org/r/20210630224248.2iq6o6krecx4cz5j@begin


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent f83461e6

drivers/accessibility/speakup/speakup_soft.c

+11 −4
Original line number Diff line number Diff line
@@ -153,18 +153,25 @@ static char *get_initstring(void) 
	static char buf[40];

	char *cp;

	struct var_t *var;

	size_t len;

	size_t n;



	memset(buf, 0, sizeof(buf));

	cp = buf;

	len = sizeof(buf);



	var = synth_soft.vars;

	while (var->var_id != MAXVARS) {

		if (var->var_id != CAPS_START && var->var_id != CAPS_STOP &&

		    var->var_id != PAUSE && var->var_id != DIRECT)

			cp = cp + sprintf(cp, var->u.n.synth_fmt,

		    var->var_id != PAUSE && var->var_id != DIRECT) {

			n = scnprintf(cp, len, var->u.n.synth_fmt,

				      var->u.n.value);

			cp = cp + n;

			len = len - n;

		}

		var++;

	}

	cp = cp + sprintf(cp, "\n");

	cp = cp + scnprintf(cp, len, "\n");

	return buf;

}