ACPI: PCI: Use scnprintf() for avoiding potential buffer overflow Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by: Takashi Iwai <tiwai@suse.de> Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>

commit: edd66086449cdc2763d14afc65cd2023bf37306a [log] [tgz]
author: Takashi Iwai <tiwai@suse.de> Wed Mar 11 08:09:58 2020 +0100
committer: Rafael J. Wysocki <rafael.j.wysocki@intel.com> Sat Mar 14 11:15:10 2020 +0100
tree: 6d1060a8d1d244f8d6494a705b539045a0471fe0
parent: 2c523b344dfa65a3738e7039832044aa133c75fb [diff] [blame]
diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c
index d1e666e..f92df25 100644
--- a/drivers/acpi/pci_root.c
+++ b/drivers/acpi/pci_root.c

@@ -153,7 +153,7 @@ static void decode_osc_bits(struct acpi_pci_root *root, char *msg, u32 word,
 	buf[0] = '\0';
 	for (i = 0, entry = table; i < size; i++, entry++)
 		if (word & entry->bit)
-			len += snprintf(buf + len, sizeof(buf) - len, "%s%s",
+			len += scnprintf(buf + len, sizeof(buf) - len, "%s%s",
 					len ? " " : "", entry->desc);
 
 	dev_info(&root->device->dev, "_OSC: %s [%s]\n", msg, buf);
commit	edd66086449cdc2763d14afc65cd2023bf37306a	[log] [tgz]
author	Takashi Iwai <tiwai@suse.de>	Wed Mar 11 08:09:58 2020 +0100
committer	Rafael J. Wysocki <rafael.j.wysocki@intel.com>	Sat Mar 14 11:15:10 2020 +0100
tree	6d1060a8d1d244f8d6494a705b539045a0471fe0
parent	2c523b344dfa65a3738e7039832044aa133c75fb [diff] [blame]