On Tue, Feb 08, 2022 at 02:02:20PM +0300, Sergey Shtylyov wrote: > sprintf() (still used in the USB core for the sysfs output) is vulnerable > to the buffer overflow. Really? Where? If we have potential overflows, let's fix them as bug fixes and properly backport the fixes where needed. If these really are just using the "old-style" functions instead, then that's something totally different and you should not say "vulnerable" if it really is not at all. > Use the new-fangled sysfs_emit() instead. > > Found by Linux Verification Center (linuxtesting.org) with the SVACE static > analysis tool. You mean coccinelle, right? It's been checking for this for a while. Also properly wrap your changelog at 72 columns please. thanks, greg k-h
