s390/con3270: Use scnprintf() instead of sprintf()

Use scnprintf() instead of sprintf() for those cases where the destination
is an array and the size of the array is known at compile time.

This prevents theoretical buffer overflows, but also avoids that people
again and again spend time to figure out if the code is actually safe.

Reviewed-by: Jan Polensky <japo@linux.ibm.com>
Signed-off-by: Heiko Carstens <hca@linux.ibm.com>

diff --git a/drivers/s390/char/con3270.c b/drivers/s390/char/con3270.c
index a367f95c7c53634e59df9f7f1afae25eec7ef68f..5a505972e5712df9bc3359e4a32ff62162026bcf 100644 (file)
--- a/drivers/s390/char/con3270.c
+++ b/drivers/s390/char/con3270.c
@@ -1662,7 +1662,7 @@ static void tty3270_escape_sequence(struct tty3270 *tp, u8 ch)
                else if (tp->esc_par[0] == 6) { /* Cursor report. */
                        char buf[40];
 
-                       sprintf(buf, "\033[%d;%dR", tp->cy + 1, tp->cx + 1);
+                       scnprintf(buf, sizeof(buf), "\033[%d;%dR", tp->cy + 1, tp->cx + 1);
                        kbd_puts_queue(&tp->port, buf);
                }
                return;