linux-pm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] cpufreq: Use scnprintf() for avoiding potential buffer overflow
@ 2020-03-11  7:13 Takashi Iwai
  2020-03-11  7:14 ` Viresh Kumar
  0 siblings, 1 reply; 2+ messages in thread
From: Takashi Iwai @ 2020-03-11  7:13 UTC (permalink / raw)
  To: Rafael J . Wysocki, Viresh Kumar; +Cc: linux-pm

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
 drivers/cpufreq/cpufreq_stats.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/drivers/cpufreq/cpufreq_stats.c b/drivers/cpufreq/cpufreq_stats.c
index f9bcf0f3ea30..94d959a8e954 100644
--- a/drivers/cpufreq/cpufreq_stats.c
+++ b/drivers/cpufreq/cpufreq_stats.c
@@ -90,35 +90,35 @@ static ssize_t show_trans_table(struct cpufreq_policy *policy, char *buf)
 	if (policy->fast_switch_enabled)
 		return 0;
 
-	len += snprintf(buf + len, PAGE_SIZE - len, "   From  :    To\n");
-	len += snprintf(buf + len, PAGE_SIZE - len, "         : ");
+	len += scnprintf(buf + len, PAGE_SIZE - len, "   From  :    To\n");
+	len += scnprintf(buf + len, PAGE_SIZE - len, "         : ");
 	for (i = 0; i < stats->state_num; i++) {
 		if (len >= PAGE_SIZE)
 			break;
-		len += snprintf(buf + len, PAGE_SIZE - len, "%9u ",
+		len += scnprintf(buf + len, PAGE_SIZE - len, "%9u ",
 				stats->freq_table[i]);
 	}
 	if (len >= PAGE_SIZE)
 		return PAGE_SIZE;
 
-	len += snprintf(buf + len, PAGE_SIZE - len, "\n");
+	len += scnprintf(buf + len, PAGE_SIZE - len, "\n");
 
 	for (i = 0; i < stats->state_num; i++) {
 		if (len >= PAGE_SIZE)
 			break;
 
-		len += snprintf(buf + len, PAGE_SIZE - len, "%9u: ",
+		len += scnprintf(buf + len, PAGE_SIZE - len, "%9u: ",
 				stats->freq_table[i]);
 
 		for (j = 0; j < stats->state_num; j++) {
 			if (len >= PAGE_SIZE)
 				break;
-			len += snprintf(buf + len, PAGE_SIZE - len, "%9u ",
+			len += scnprintf(buf + len, PAGE_SIZE - len, "%9u ",
 					stats->trans_table[i*stats->max_state+j]);
 		}
 		if (len >= PAGE_SIZE)
 			break;
-		len += snprintf(buf + len, PAGE_SIZE - len, "\n");
+		len += scnprintf(buf + len, PAGE_SIZE - len, "\n");
 	}
 
 	if (len >= PAGE_SIZE) {
-- 
2.16.4


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] cpufreq: Use scnprintf() for avoiding potential buffer overflow
  2020-03-11  7:13 [PATCH] cpufreq: Use scnprintf() for avoiding potential buffer overflow Takashi Iwai
@ 2020-03-11  7:14 ` Viresh Kumar
  0 siblings, 0 replies; 2+ messages in thread
From: Viresh Kumar @ 2020-03-11  7:14 UTC (permalink / raw)
  To: Takashi Iwai; +Cc: Rafael J . Wysocki, linux-pm

On 11-03-20, 08:13, Takashi Iwai wrote:
> Since snprintf() returns the would-be-output size instead of the
> actual output size, the succeeding calls may go beyond the given
> buffer limit.  Fix it by replacing with scnprintf().
> 
> Signed-off-by: Takashi Iwai <tiwai@suse.de>
> ---
>  drivers/cpufreq/cpufreq_stats.c | 14 +++++++-------
>  1 file changed, 7 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/cpufreq/cpufreq_stats.c b/drivers/cpufreq/cpufreq_stats.c
> index f9bcf0f3ea30..94d959a8e954 100644
> --- a/drivers/cpufreq/cpufreq_stats.c
> +++ b/drivers/cpufreq/cpufreq_stats.c
> @@ -90,35 +90,35 @@ static ssize_t show_trans_table(struct cpufreq_policy *policy, char *buf)
>  	if (policy->fast_switch_enabled)
>  		return 0;
>  
> -	len += snprintf(buf + len, PAGE_SIZE - len, "   From  :    To\n");
> -	len += snprintf(buf + len, PAGE_SIZE - len, "         : ");
> +	len += scnprintf(buf + len, PAGE_SIZE - len, "   From  :    To\n");
> +	len += scnprintf(buf + len, PAGE_SIZE - len, "         : ");
>  	for (i = 0; i < stats->state_num; i++) {
>  		if (len >= PAGE_SIZE)
>  			break;
> -		len += snprintf(buf + len, PAGE_SIZE - len, "%9u ",
> +		len += scnprintf(buf + len, PAGE_SIZE - len, "%9u ",
>  				stats->freq_table[i]);
>  	}
>  	if (len >= PAGE_SIZE)
>  		return PAGE_SIZE;
>  
> -	len += snprintf(buf + len, PAGE_SIZE - len, "\n");
> +	len += scnprintf(buf + len, PAGE_SIZE - len, "\n");
>  
>  	for (i = 0; i < stats->state_num; i++) {
>  		if (len >= PAGE_SIZE)
>  			break;
>  
> -		len += snprintf(buf + len, PAGE_SIZE - len, "%9u: ",
> +		len += scnprintf(buf + len, PAGE_SIZE - len, "%9u: ",
>  				stats->freq_table[i]);
>  
>  		for (j = 0; j < stats->state_num; j++) {
>  			if (len >= PAGE_SIZE)
>  				break;
> -			len += snprintf(buf + len, PAGE_SIZE - len, "%9u ",
> +			len += scnprintf(buf + len, PAGE_SIZE - len, "%9u ",
>  					stats->trans_table[i*stats->max_state+j]);
>  		}
>  		if (len >= PAGE_SIZE)
>  			break;
> -		len += snprintf(buf + len, PAGE_SIZE - len, "\n");
> +		len += scnprintf(buf + len, PAGE_SIZE - len, "\n");
>  	}
>  
>  	if (len >= PAGE_SIZE) {

Acked-by: Viresh Kumar <viresh.kumar@linaro.org>

-- 
viresh

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-03-11  7:14 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-11  7:13 [PATCH] cpufreq: Use scnprintf() for avoiding potential buffer overflow Takashi Iwai
2020-03-11  7:14 ` Viresh Kumar

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).