git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Lee Jones <lee@kernel.org>
	Wed, 13 Dec 2023 16:42:37 +0000 (16:42 +0000)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 17 Oct 2024 13:08:04 +0000 (15:08 +0200)
commit	bf509ca62fea8762b213b442cb15a77e2f619eb9
tree	0bf3c72ab2aa5abb4bab6edfe196396db746ced0	tree \| snapshot
parent	6ea76e19d6dfc6253bf46e7d8da8d148e75377e0	commit \| diff

usb: yurex: Replace snprintf() with the safer scnprintf() variant

[ Upstream commit 86b20af11e84c26ae3fde4dcc4f490948e3f8035 ]

There is a general misunderstanding amongst engineers that {v}snprintf()
returns the length of the data *actually* encoded into the destination
array.  However, as per the C99 standard {v}snprintf() really returns
the length of the data that *would have been* written if there were
enough space for it.  This misunderstanding has led to buffer-overruns
in the past.  It's generally considered safer to use the {v}scnprintf()
variants in their place (or even sprintf() in simple cases).  So let's
do that.

Whilst we're at it, let's define some magic numbers to increase
readability and ease of maintenance.

Link: https://lwn.net/Articles/69419/
Link: https://github.com/KSPP/linux/issues/105
Cc: Tomoki Sekiyama <tomoki.sekiyama@gmail.com>
Signed-off-by: Lee Jones <lee@kernel.org>
Link: https://lore.kernel.org/r/20231213164246.1021885-9-lee@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Stable-dep-of: 93907620b308 ("USB: misc: yurex: fix race between read and write")
Signed-off-by: Sasha Levin <sashal@kernel.org>