Replace sprintf() by scnprintf() in order to avoid buffer overflows. Signed-off-by: Salah Triki <salah.triki@xxxxxxxxx> --- drivers/accessibility/speakup/speakup_soft.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/drivers/accessibility/speakup/speakup_soft.c b/drivers/accessibility/speakup/speakup_soft.c index c3f97c572fb6..19824e7006fe 100644 --- a/drivers/accessibility/speakup/speakup_soft.c +++ b/drivers/accessibility/speakup/speakup_soft.c @@ -153,18 +153,25 @@ static char *get_initstring(void) static char buf[40]; char *cp; struct var_t *var; + size_t len; + size_t n; memset(buf, 0, sizeof(buf)); cp = buf; + len = sizeof(buf); + var = synth_soft.vars; while (var->var_id != MAXVARS) { if (var->var_id != CAPS_START && var->var_id != CAPS_STOP && - var->var_id != PAUSE && var->var_id != DIRECT) - cp = cp + sprintf(cp, var->u.n.synth_fmt, - var->u.n.value); + var->var_id != PAUSE && var->var_id != DIRECT) { + n = scnprintf(cp, len, var->u.n.synth_fmt, + var->u.n.value); + cp = cp + n; + len = len - n; + } var++; } - cp = cp + sprintf(cp, "\n"); + cp = cp + scnprintf(cp, len, "\n"); return buf; } -- 2.25.1