On 6/5/2012 5:24 PM, Lars-Peter Clausen wrote:
Use scnprint instead of snprintf, because snprintf returns the number of bytes that would have been written to the buffer if there was enough space, and as a result writing to buf[len-1] might cause a access beyond the buffers limits. Reported-by: Dan Carpenter<dan.carpenter@xxxxxxxxxx> Signed-off-by: Lars-Peter Clausen<lars@xxxxxxxxxx>
Acked-by: Jonathan Cameron <jic23@xxxxxxxxxx>
--- drivers/iio/industrialio-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c index 56a3c0b..cf9ecd0 100644 --- a/drivers/iio/industrialio-core.c +++ b/drivers/iio/industrialio-core.c @@ -300,7 +300,7 @@ ssize_t iio_enum_available_read(struct iio_dev *indio_dev, return 0; for (i = 0; i< e->num_items; ++i) - len += snprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]); + len += scnprintf(buf + len, PAGE_SIZE - len, "%s ", e->items[i]); /* replace last space with a newline */ buf[len - 1] = '\n';
_______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
