[PATCH] drm/ttm: Use scnprintf() for avoiding potential buffer overflow
Huang Rui
ray.huang at amd.com
Wed Mar 11 07:52:37 UTC 2020
On Wed, Mar 11, 2020 at 03:34:52PM +0800, Takashi Iwai wrote:
> Since snprintf() returns the would-be-output size instead of the
> actual output size, the succeeding calls may go beyond the given
> buffer limit. Fix it by replacing with scnprintf().
>
> Signed-off-by: Takashi Iwai <tiwai at suse.de>
Reviewed-by: Huang Rui <ray.huang at amd.com>
> ---
> drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
> index bf876faea592..faefaaef7909 100644
> --- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
> +++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
> @@ -604,7 +604,7 @@ static struct dma_pool *ttm_dma_pool_init(struct device *dev, gfp_t flags,
> p = pool->name;
> for (i = 0; i < ARRAY_SIZE(t); i++) {
> if (type & t[i]) {
> - p += snprintf(p, sizeof(pool->name) - (p - pool->name),
> + p += scnprintf(p, sizeof(pool->name) - (p - pool->name),
> "%s", n[i]);
> }
> }
> --
> 2.16.4
>
More information about the dri-devel
mailing list