* [PATCH] rtc: fix snprintf() checking in is_rtc_hctosys()
@ 2021-05-11 7:19 Dan Carpenter
2021-05-24 22:36 ` Alexandre Belloni
0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2021-05-11 7:19 UTC (permalink / raw)
To: Alessandro Zummo, Kim, Milo
Cc: Alexandre Belloni, Andrew Morton, linux-rtc, linux-kernel,
kernel-janitors
The scnprintf() function silently truncates the printf() and returns
the number bytes that it was able to copy (not counting the NUL
terminator). Thus, the highest value it can return here is
"NAME_SIZE - 1" and the overflow check is dead code. Fix this by
using the snprintf() function which returns the number of bytes that
would have been copied if there was enough space and changing the
condition from "> NAME_SIZE" to ">= NAME_SIZE".
Fixes: 92589c986b33 ("rtc-proc: permit the /proc/driver/rtc device to use other devices")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
drivers/rtc/proc.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/rtc/proc.c b/drivers/rtc/proc.c
index 73344598fc1b..cbcdbb19d848 100644
--- a/drivers/rtc/proc.c
+++ b/drivers/rtc/proc.c
@@ -23,8 +23,8 @@ static bool is_rtc_hctosys(struct rtc_device *rtc)
int size;
char name[NAME_SIZE];
- size = scnprintf(name, NAME_SIZE, "rtc%d", rtc->id);
- if (size > NAME_SIZE)
+ size = snprintf(name, NAME_SIZE, "rtc%d", rtc->id);
+ if (size >= NAME_SIZE)
return false;
return !strncmp(name, CONFIG_RTC_HCTOSYS_DEVICE, NAME_SIZE);
--
2.30.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] rtc: fix snprintf() checking in is_rtc_hctosys()
2021-05-11 7:19 [PATCH] rtc: fix snprintf() checking in is_rtc_hctosys() Dan Carpenter
@ 2021-05-24 22:36 ` Alexandre Belloni
0 siblings, 0 replies; 2+ messages in thread
From: Alexandre Belloni @ 2021-05-24 22:36 UTC (permalink / raw)
To: Dan Carpenter, Alessandro Zummo, Kim, Milo
Cc: Alexandre Belloni, kernel-janitors, linux-rtc, linux-kernel,
Andrew Morton
On Tue, 11 May 2021 10:19:26 +0300, Dan Carpenter wrote:
> The scnprintf() function silently truncates the printf() and returns
> the number bytes that it was able to copy (not counting the NUL
> terminator). Thus, the highest value it can return here is
> "NAME_SIZE - 1" and the overflow check is dead code. Fix this by
> using the snprintf() function which returns the number of bytes that
> would have been copied if there was enough space and changing the
> condition from "> NAME_SIZE" to ">= NAME_SIZE".
Applied, thanks!
[1/1] rtc: fix snprintf() checking in is_rtc_hctosys()
commit: 54b909436ede47e0ee07f1765da27ec2efa41e84
Best regards,
--
Alexandre Belloni <alexandre.belloni@bootlin.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-05-24 22:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-11 7:19 [PATCH] rtc: fix snprintf() checking in is_rtc_hctosys() Dan Carpenter
2021-05-24 22:36 ` Alexandre Belloni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.