summaryrefslogtreecommitdiffstats
path: root/drivers/hid/hid-sensor-custom.c
diff options
context:
space:
mode:
authorTakashi Iwai <tiwai@suse.de>2020-03-11 08:38:24 +0100
committerJiri Kosina <jkosina@suse.cz>2020-03-11 11:58:58 +0100
commit62a1a58039595698f644f560f00105bb4d5f5c7f (patch)
tree5b04a64465ee8f2ce07898bbc81854e6c7adf1cf /drivers/hid/hid-sensor-custom.c
parent42f502dfe132edb8d7a47e6c0641ed82d718ad0b (diff)
downloadlinux-62a1a58039595698f644f560f00105bb4d5f5c7f.tar.bz2
HID: hid-sensor-custom: Use scnprintf() for avoiding potential buffer overflow
Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Diffstat (limited to 'drivers/hid/hid-sensor-custom.c')
-rw-r--r--drivers/hid/hid-sensor-custom.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/drivers/hid/hid-sensor-custom.c b/drivers/hid/hid-sensor-custom.c
index fb827c295842..4d25577a8573 100644
--- a/drivers/hid/hid-sensor-custom.c
+++ b/drivers/hid/hid-sensor-custom.c
@@ -313,7 +313,7 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr,
while (i < ret) {
if (i + attribute->size > ret) {
- len += snprintf(&buf[len],
+ len += scnprintf(&buf[len],
PAGE_SIZE - len,
"%d ", values[i]);
break;
@@ -336,10 +336,10 @@ static ssize_t show_value(struct device *dev, struct device_attribute *attr,
++i;
break;
}
- len += snprintf(&buf[len], PAGE_SIZE - len,
+ len += scnprintf(&buf[len], PAGE_SIZE - len,
"%lld ", value);
}
- len += snprintf(&buf[len], PAGE_SIZE - len, "\n");
+ len += scnprintf(&buf[len], PAGE_SIZE - len, "\n");
return len;
} else if (input)