Since snprintf() returns the would-be-output size instead of the actual output size, the succeeding calls may go beyond the given buffer limit. Fix it by replacing with scnprintf(). Signed-off-by: Takashi Iwai <tiwai@xxxxxxx> --- drivers/acpi/pci_root.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c index d1e666ef3fcc..f92df2533e7e 100644 --- a/drivers/acpi/pci_root.c +++ b/drivers/acpi/pci_root.c @@ -153,7 +153,7 @@ static void decode_osc_bits(struct acpi_pci_root *root, char *msg, u32 word, buf[0] = '\0'; for (i = 0, entry = table; i < size; i++, entry++) if (word & entry->bit) - len += snprintf(buf + len, sizeof(buf) - len, "%s%s", + len += scnprintf(buf + len, sizeof(buf) - len, "%s%s", len ? " " : "", entry->desc); dev_info(&root->device->dev, "_OSC: %s [%s]\n", msg, buf); -- 2.16.4
