tools lib api: Fix filename__write_int() writing uninitialized stack data

filename__write_int() formats an integer into a 64-byte buffer with
sprintf() then passes sizeof(buf) (64) as the write length.  This
writes all 64 bytes including uninitialized stack data past the
formatted string.  Most sysfs files reject the oversized write,
making the function always return -1.

Fix by capturing the sprintf() return value and using it as the
write length.

Reported-by: sashiko-bot <sashiko-bot@kernel.org>
Fixes: 3b00ea938653d136 ("tools lib api fs: Add sysfs__write_int function")
Cc: Kan Liang <kan.liang@intel.com>
Assisted-by: Claude:claude-opus-4.6
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>

diff --git a/tools/lib/api/fs/fs.c b/tools/lib/api/fs/fs.c
index 3cc302d4c47b166912a9dff39941a38a322cb870..d16911818d4d35696c5af027c50de8fe11280d73 100644 (file)
--- a/tools/lib/api/fs/fs.c
+++ b/tools/lib/api/fs/fs.c
@@ -376,12 +376,13 @@ int filename__write_int(const char *filename, int value)
 {
        int fd = open(filename, O_WRONLY), err = -1;
        char buf[64];
+       int len;
 
        if (fd < 0)
                return -errno;
 
-       sprintf(buf, "%d", value);
-       if (write(fd, buf, sizeof(buf)) == sizeof(buf))
+       len = sprintf(buf, "%d", value);
+       if (write(fd, buf, len) == len)
                err = 0;
 
        close(fd);