* [PATCH] ACPI: fan: Use scnprintf() for avoiding potential buffer overflow
@ 2020-03-11 7:08 Takashi Iwai
2020-03-14 10:13 ` Rafael J. Wysocki
0 siblings, 1 reply; 2+ messages in thread
From: Takashi Iwai @ 2020-03-11 7:08 UTC (permalink / raw)
To: linux-acpi; +Cc: Zhang Rui, Rafael J . Wysocki, Len Brown
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().
Also adjust the argument to really match with the actually remaining
buffer size.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
drivers/acpi/fan.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/drivers/acpi/fan.c b/drivers/acpi/fan.c
index aaf4e8f348cf..873e039ad4b7 100644
--- a/drivers/acpi/fan.c
+++ b/drivers/acpi/fan.c
@@ -276,29 +276,29 @@ static ssize_t show_state(struct device *dev, struct device_attribute *attr, cha
int count;
if (fps->control == 0xFFFFFFFF || fps->control > 100)
- count = snprintf(buf, PAGE_SIZE, "not-defined:");
+ count = scnprintf(buf, PAGE_SIZE, "not-defined:");
else
- count = snprintf(buf, PAGE_SIZE, "%lld:", fps->control);
+ count = scnprintf(buf, PAGE_SIZE, "%lld:", fps->control);
if (fps->trip_point == 0xFFFFFFFF || fps->trip_point > 9)
- count += snprintf(&buf[count], PAGE_SIZE, "not-defined:");
+ count += scnprintf(&buf[count], PAGE_SIZE - count, "not-defined:");
else
- count += snprintf(&buf[count], PAGE_SIZE, "%lld:", fps->trip_point);
+ count += scnprintf(&buf[count], PAGE_SIZE - count, "%lld:", fps->trip_point);
if (fps->speed == 0xFFFFFFFF)
- count += snprintf(&buf[count], PAGE_SIZE, "not-defined:");
+ count += scnprintf(&buf[count], PAGE_SIZE - count, "not-defined:");
else
- count += snprintf(&buf[count], PAGE_SIZE, "%lld:", fps->speed);
+ count += scnprintf(&buf[count], PAGE_SIZE - count, "%lld:", fps->speed);
if (fps->noise_level == 0xFFFFFFFF)
- count += snprintf(&buf[count], PAGE_SIZE, "not-defined:");
+ count += scnprintf(&buf[count], PAGE_SIZE - count, "not-defined:");
else
- count += snprintf(&buf[count], PAGE_SIZE, "%lld:", fps->noise_level * 100);
+ count += scnprintf(&buf[count], PAGE_SIZE - count, "%lld:", fps->noise_level * 100);
if (fps->power == 0xFFFFFFFF)
- count += snprintf(&buf[count], PAGE_SIZE, "not-defined\n");
+ count += scnprintf(&buf[count], PAGE_SIZE - count, "not-defined\n");
else
- count += snprintf(&buf[count], PAGE_SIZE, "%lld\n", fps->power);
+ count += scnprintf(&buf[count], PAGE_SIZE - count, "%lld\n", fps->power);
return count;
}
--
2.16.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] ACPI: fan: Use scnprintf() for avoiding potential buffer overflow
2020-03-11 7:08 [PATCH] ACPI: fan: Use scnprintf() for avoiding potential buffer overflow Takashi Iwai
@ 2020-03-14 10:13 ` Rafael J. Wysocki
0 siblings, 0 replies; 2+ messages in thread
From: Rafael J. Wysocki @ 2020-03-14 10:13 UTC (permalink / raw)
To: Takashi Iwai; +Cc: linux-acpi, Zhang Rui, Len Brown
On Wednesday, March 11, 2020 8:08:51 AM CET Takashi Iwai wrote:
> Since snprintf() returns the would-be-output size instead of the
> actual output size, the succeeding calls may go beyond the given
> buffer limit. Fix it by replacing with scnprintf().
>
> Also adjust the argument to really match with the actually remaining
> buffer size.
>
> Signed-off-by: Takashi Iwai <tiwai@suse.de>
> ---
> drivers/acpi/fan.c | 20 ++++++++++----------
> 1 file changed, 10 insertions(+), 10 deletions(-)
>
> diff --git a/drivers/acpi/fan.c b/drivers/acpi/fan.c
> index aaf4e8f348cf..873e039ad4b7 100644
> --- a/drivers/acpi/fan.c
> +++ b/drivers/acpi/fan.c
> @@ -276,29 +276,29 @@ static ssize_t show_state(struct device *dev, struct device_attribute *attr, cha
> int count;
>
> if (fps->control == 0xFFFFFFFF || fps->control > 100)
> - count = snprintf(buf, PAGE_SIZE, "not-defined:");
> + count = scnprintf(buf, PAGE_SIZE, "not-defined:");
> else
> - count = snprintf(buf, PAGE_SIZE, "%lld:", fps->control);
> + count = scnprintf(buf, PAGE_SIZE, "%lld:", fps->control);
>
> if (fps->trip_point == 0xFFFFFFFF || fps->trip_point > 9)
> - count += snprintf(&buf[count], PAGE_SIZE, "not-defined:");
> + count += scnprintf(&buf[count], PAGE_SIZE - count, "not-defined:");
> else
> - count += snprintf(&buf[count], PAGE_SIZE, "%lld:", fps->trip_point);
> + count += scnprintf(&buf[count], PAGE_SIZE - count, "%lld:", fps->trip_point);
>
> if (fps->speed == 0xFFFFFFFF)
> - count += snprintf(&buf[count], PAGE_SIZE, "not-defined:");
> + count += scnprintf(&buf[count], PAGE_SIZE - count, "not-defined:");
> else
> - count += snprintf(&buf[count], PAGE_SIZE, "%lld:", fps->speed);
> + count += scnprintf(&buf[count], PAGE_SIZE - count, "%lld:", fps->speed);
>
> if (fps->noise_level == 0xFFFFFFFF)
> - count += snprintf(&buf[count], PAGE_SIZE, "not-defined:");
> + count += scnprintf(&buf[count], PAGE_SIZE - count, "not-defined:");
> else
> - count += snprintf(&buf[count], PAGE_SIZE, "%lld:", fps->noise_level * 100);
> + count += scnprintf(&buf[count], PAGE_SIZE - count, "%lld:", fps->noise_level * 100);
>
> if (fps->power == 0xFFFFFFFF)
> - count += snprintf(&buf[count], PAGE_SIZE, "not-defined\n");
> + count += scnprintf(&buf[count], PAGE_SIZE - count, "not-defined\n");
> else
> - count += snprintf(&buf[count], PAGE_SIZE, "%lld\n", fps->power);
> + count += scnprintf(&buf[count], PAGE_SIZE - count, "%lld\n", fps->power);
>
> return count;
> }
>
Applied as 5.7 material, thanks!
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-03-15 2:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-11 7:08 [PATCH] ACPI: fan: Use scnprintf() for avoiding potential buffer overflow Takashi Iwai
2020-03-14 10:13 ` Rafael J. Wysocki
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).