[PATCH 1/5] drm/amdgpu/pm: Use scnprintf() for avoiding potential buffer overflow
Takashi Iwai
tiwai at suse.de
Wed Mar 11 07:32:28 UTC 2020
BTW, please ignore the subject prefix '[1/5]', which was added
mistakenly while extracting a patch from the commit list.
This is a single patch.
thanks,
Takashi
On Wed, 11 Mar 2020 08:29:04 +0100,
Takashi Iwai wrote:
>
> Since snprintf() returns the would-be-output size instead of the
> actual output size, the succeeding calls may go beyond the given
> buffer limit. Fix it by replacing with scnprintf().
>
> Also adjust the size argument passed to scnprintf() so that it really
> cuts off at the right remaining buffer length.
>
> Signed-off-by: Takashi Iwai <tiwai at suse.de>
> ---
> drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
> index bc3cf04a1a94..4a737d074f4b 100644
> --- a/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
> +++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_pm.c
> @@ -448,7 +448,7 @@ static ssize_t amdgpu_get_pp_num_states(struct device *dev,
>
> buf_len = snprintf(buf, PAGE_SIZE, "states: %d\n", data.nums);
> for (i = 0; i < data.nums; i++)
> - buf_len += snprintf(buf + buf_len, PAGE_SIZE, "%d %s\n", i,
> + buf_len += scnprintf(buf + buf_len, PAGE_SIZE - buf_len, "%d %s\n", i,
> (data.states[i] == POWER_STATE_TYPE_INTERNAL_BOOT) ? "boot" :
> (data.states[i] == POWER_STATE_TYPE_BATTERY) ? "battery" :
> (data.states[i] == POWER_STATE_TYPE_BALANCED) ? "balanced" :
> --
> 2.16.4
>
More information about the amd-gfx
mailing list