From 74dcd439bf8c16b01f9f5a9dffb2b171ed94e2e5 Mon Sep 17 00:00:00 2001 From: Lars-Peter Clausen Date: Tue, 5 Jun 2012 18:24:12 +0200 Subject: iio: iio_enum_available_read: Prevent possible buffer overflow Use scnprint instead of snprintf, because snprintf returns the number of bytes that would have been written to the buffer if there was enough space, and as a result writing to buf[len-1] might cause a access beyond the buffers limits. Reported-by: Dan Carpenter Signed-off-by: Lars-Peter Clausen Acked-by: Jonathan Cameron Signed-off-by: Greg Kroah-Hartman --- drivers/iio/industrialio-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'drivers/iio') diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c index 56a3c0bc996c..cf9ecd0ae7c9 100644 --- a/drivers/iio/industrialio-core.c +++ b/drivers/iio/industrialio-core.c @@ -300,7 +300,7 @@ ssize_t iio_enum_available_read(struct iio_dev *indio_dev, return 0; for (i = 0; i < e->num_items; ++i) - len += snprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]); + len += scnprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]); /* replace last space with a newline */ buf[len - 1] = '\n'; -- cgit v1.2.1