Use snprintf() to avoid the potential buffer overflow, and also check the return value to detect the too long path. Signed-off-by: Masahiro Yamada <masahiroy@xxxxxxxxxx> --- scripts/mod/modpost.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c index 522d5249d196..141370ebbfd3 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -2560,6 +2560,7 @@ int main(int argc, char **argv) for (mod = modules; mod; mod = mod->next) { char fname[PATH_MAX]; + int ret; if (mod->is_vmlinux || mod->from_dump) continue; @@ -2578,7 +2579,12 @@ int main(int argc, char **argv) add_moddevtable(&buf, mod); add_srcversion(&buf, mod); - sprintf(fname, "%s.mod.c", mod->name); + ret = snprintf(fname, sizeof(fname), "%s.mod.c", mod->name); + if (ret >= sizeof(fname)) { + error("%s: too long path was truncated\n", fname); + continue; + } + write_if_changed(&buf, fname); } -- 2.32.0