mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 21:03:32 +00:00
Code Issues Releases Wiki Activity

video: uvesafb: Use scnprintf() for avoiding potential buffer overflow

Browse source 
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20200311093230.24900-4-tiwai@suse.de
This commit is contained in:
Takashi Iwai 2020-03-11 10:32:30 +01:00 committed by Bartlomiej Zolnierkiewicz
parent 42f21e5452
commit 06b522d6de
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
drivers/video/fbdev/uvesafb.c
View file

@ -1560,7 +1560,7 @@ static ssize_t uvesafb_show_vbe_modes(struct device *dev,
int ret = 0, i; int ret = 0, i;
for (i = 0; i < par->vbe_modes_cnt && ret < PAGE_SIZE; i++) { for (i = 0; i < par->vbe_modes_cnt && ret < PAGE_SIZE; i++) {
ret += snprintf(buf + ret, PAGE_SIZE - ret, ret += scnprintf(buf + ret, PAGE_SIZE - ret,
"%dx%d-%d, 0x%.4x\n", "%dx%d-%d, 0x%.4x\n",
par->vbe_modes[i].x_res, par->vbe_modes[i].y_res, par->vbe_modes[i].x_res, par->vbe_modes[i].y_res,
par->vbe_modes[i].depth, par->vbe_modes[i].mode_id); par->vbe_modes[i].depth, par->vbe_modes[i].mode_id);