From: Takashi Iwai <tiwai@suse.de>
Date: Wed, 11 Mar 2020 08:04:39 +0000 (+0100)
Subject: mmc: vub300: Use scnprintf() for avoiding potential buffer overflow
X-Git-Tag: v5.7-rc1~150^2~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6bbcf74dd929d0b7d8588ffdd38803bb455873f1;p=thirdparty%2Flinux.git

mmc: vub300: Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20200311080439.13928-1-tiwai@suse.de
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
---

diff --git a/drivers/mmc/host/vub300.c b/drivers/mmc/host/vub300.c
index a5a90d133f1f3..739cf63ef6e2f 100644
--- a/drivers/mmc/host/vub300.c
+++ b/drivers/mmc/host/vub300.c
@@ -1363,7 +1363,7 @@ static void download_offload_pseudocode(struct vub300_mmc_host *vub300)
 	int retval;
 	for (n = 0; n < sdio_funcs; n++) {
 		struct sdio_func *sf = card->sdio_func[n];
-		l += snprintf(vub300->vub_name + l,
+		l += scnprintf(vub300->vub_name + l,
 			      sizeof(vub300->vub_name) - l, "_%04X%04X",
 			      sf->vendor, sf->device);
 	}