[PATCH] drm/ttm: Use scnprintf() for avoiding potential buffer overflow
Christian König
christian.koenig at amd.com
Wed Mar 11 07:56:11 UTC 2020
Am 11.03.20 um 08:52 schrieb Huang Rui:
> On Wed, Mar 11, 2020 at 03:34:52PM +0800, Takashi Iwai wrote:
>> Since snprintf() returns the would-be-output size instead of the
>> actual output size, the succeeding calls may go beyond the given
>> buffer limit. Fix it by replacing with scnprintf().
>>
>> Signed-off-by: Takashi Iwai <tiwai at suse.de>
> Reviewed-by: Huang Rui <ray.huang at amd.com>
Reviewed-by: Christian König <christian.koenig at amd.com>
Takashi, should I push this to drm-misc-next or do you want to merge
that somehow else?
Thanks,
Christian.
>
>> ---
>> drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
>> index bf876faea592..faefaaef7909 100644
>> --- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
>> +++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c
>> @@ -604,7 +604,7 @@ static struct dma_pool *ttm_dma_pool_init(struct device *dev, gfp_t flags,
>> p = pool->name;
>> for (i = 0; i < ARRAY_SIZE(t); i++) {
>> if (type & t[i]) {
>> - p += snprintf(p, sizeof(pool->name) - (p - pool->name),
>> + p += scnprintf(p, sizeof(pool->name) - (p - pool->name),
>> "%s", n[i]);
>> }
>> }
>> --
>> 2.16.4
>>
More information about the dri-devel
mailing list