[Freedreno] [PATCH] drm/msm: Use scnprintf() for avoiding potential buffer overflow
Jordan Crouse
jcrouse at codeaurora.org
Wed Mar 11 16:41:25 UTC 2020
On Wed, Mar 11, 2020 at 08:34:10AM +0100, Takashi Iwai wrote:
> Since snprintf() returns the would-be-output size instead of the
> actual output size, the succeeding calls may go beyond the given
> buffer limit. Fix it by replacing with scnprintf().
How embarrassing. I'm usually the guy singing the praises of scnprintf().
Thanks for the fix.
Reviewed-by: Jordan Crouse <jcrouse at codeaurora.org>
> Signed-off-by: Takashi Iwai <tiwai at suse.de>
> ---
> drivers/gpu/drm/msm/adreno/adreno_gpu.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/gpu/drm/msm/adreno/adreno_gpu.c b/drivers/gpu/drm/msm/adreno/adreno_gpu.c
> index 7fd29829b2fa..1d5c43c22269 100644
> --- a/drivers/gpu/drm/msm/adreno/adreno_gpu.c
> +++ b/drivers/gpu/drm/msm/adreno/adreno_gpu.c
> @@ -673,7 +673,7 @@ static char *adreno_gpu_ascii85_encode(u32 *src, size_t len)
> return NULL;
>
> for (i = 0; i < l; i++)
> - buf_itr += snprintf(buf + buf_itr, buffer_size - buf_itr, "%s",
> + buf_itr += scnprintf(buf + buf_itr, buffer_size - buf_itr, "%s",
> ascii85_encode(src[i], out));
>
> return buf;
> --
> 2.16.4
>
--
The Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum,
a Linux Foundation Collaborative Project
More information about the Freedreno
mailing list