* [PATCH] infiniband: hfi1: Use scnprintf() for avoiding potential buffer overflow
@ 2020-03-19 15:46 Takashi Iwai
2020-03-26 18:06 ` Jason Gunthorpe
0 siblings, 1 reply; 2+ messages in thread
From: Takashi Iwai @ 2020-03-19 15:46 UTC (permalink / raw)
To: linux-rdma
Cc: Mike Marciniszyn, Dennis Dalessandro, Doug Ledford, Jason Gunthorpe
Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit. Fix it by replacing with scnprintf().
Cc: Mike Marciniszyn <mike.marciniszyn@intel.com>
Cc: Dennis Dalessandro <dennis.dalessandro@intel.com>
Cc: Doug Ledford <dledford@redhat.com>
Cc: Jason Gunthorpe <jgg@ziepe.ca>
Cc: linux-rdma@vger.kernel.org
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
drivers/infiniband/hw/hfi1/fault.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/hw/hfi1/fault.c b/drivers/infiniband/hw/hfi1/fault.c
index 986c12153e62..0dfbcfb048ca 100644
--- a/drivers/infiniband/hw/hfi1/fault.c
+++ b/drivers/infiniband/hw/hfi1/fault.c
@@ -222,11 +222,11 @@ static ssize_t fault_opcodes_read(struct file *file, char __user *buf,
while (bit < bitsize) {
zero = find_next_zero_bit(fault->opcodes, bitsize, bit);
if (zero - 1 != bit)
- size += snprintf(data + size,
+ size += scnprintf(data + size,
datalen - size - 1,
"0x%lx-0x%lx,", bit, zero - 1);
else
- size += snprintf(data + size,
+ size += scnprintf(data + size,
datalen - size - 1, "0x%lx,",
bit);
bit = find_next_bit(fault->opcodes, bitsize, zero);
--
2.16.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] infiniband: hfi1: Use scnprintf() for avoiding potential buffer overflow
2020-03-19 15:46 [PATCH] infiniband: hfi1: Use scnprintf() for avoiding potential buffer overflow Takashi Iwai
@ 2020-03-26 18:06 ` Jason Gunthorpe
0 siblings, 0 replies; 2+ messages in thread
From: Jason Gunthorpe @ 2020-03-26 18:06 UTC (permalink / raw)
To: Takashi Iwai
Cc: linux-rdma, Mike Marciniszyn, Dennis Dalessandro, Doug Ledford
On Thu, Mar 19, 2020 at 04:46:41PM +0100, Takashi Iwai wrote:
> Since snprintf() returns the would-be-output size instead of the
> actual output size, the succeeding calls may go beyond the given
> buffer limit. Fix it by replacing with scnprintf().
>
> Cc: Mike Marciniszyn <mike.marciniszyn@intel.com>
> Cc: Dennis Dalessandro <dennis.dalessandro@intel.com>
> Cc: Doug Ledford <dledford@redhat.com>
> Cc: Jason Gunthorpe <jgg@ziepe.ca>
> Cc: linux-rdma@vger.kernel.org
> Signed-off-by: Takashi Iwai <tiwai@suse.de>
> ---
> drivers/infiniband/hw/hfi1/fault.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
Applied to for-next, thanks
Jason
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-03-26 18:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-19 15:46 [PATCH] infiniband: hfi1: Use scnprintf() for avoiding potential buffer overflow Takashi Iwai
2020-03-26 18:06 ` Jason Gunthorpe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).