From: Takashi Iwai <tiwai@suse.de>
Date: Wed, 11 Mar 2020 07:09:58 +0000 (+0100)
Subject: ACPI: PCI: Use scnprintf() for avoiding potential buffer overflow
X-Git-Tag: v5.7-rc1~186^2^4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=edd66086449cdc2763d14afc65cd2023bf37306a;p=thirdparty%2Fkernel%2Flinux.git

ACPI: PCI: Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
---

diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c
index d1e666ef3fcc8..f92df2533e7ec 100644
--- a/drivers/acpi/pci_root.c
+++ b/drivers/acpi/pci_root.c
@@ -153,7 +153,7 @@ static void decode_osc_bits(struct acpi_pci_root *root, char *msg, u32 word,
 	buf[0] = '\0';
 	for (i = 0, entry = table; i < size; i++, entry++)
 		if (word & entry->bit)
-			len += snprintf(buf + len, sizeof(buf) - len, "%s%s",
+			len += scnprintf(buf + len, sizeof(buf) - len, "%s%s",
 					len ? " " : "", entry->desc);
 
 	dev_info(&root->device->dev, "_OSC: %s [%s]\n", msg, buf);