iio: iio_enum_available_read: Prevent possible buffer overflow
Use scnprint instead of snprintf, because snprintf returns the number of bytes that would have been written to the buffer if there was enough space, and as a result writing to buf[len-1] might cause a access beyond the buffers limits. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Lars-Peter Clausen <lars@metafoo.de> Acked-by: Jonathan Cameron <jic23@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Родитель
a21e6bfeb4
Коммит
74dcd439bf
|
@ -300,7 +300,7 @@ ssize_t iio_enum_available_read(struct iio_dev *indio_dev,
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
for (i = 0; i < e->num_items; ++i)
|
for (i = 0; i < e->num_items; ++i)
|
||||||
len += snprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]);
|
len += scnprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]);
|
||||||
|
|
||||||
/* replace last space with a newline */
|
/* replace last space with a newline */
|
||||||
buf[len - 1] = '\n';
|
buf[len - 1] = '\n';
|
||||||
|
|
Загрузка…
Ссылка в новой задаче