Commit 41252c6d authored by Takashi Iwai's avatar Takashi Iwai Committed by Christian König

drm/ttm: Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Reviewed-by: default avatarHuang Rui <ray.huang@amd.com>
Reviewed-by: default avatarChristian König <christian.koenig@amd.com>
Link: https://patchwork.freedesktop.org/patch/357174/Signed-off-by: default avatarChristian König <christian.koenig@amd.com>
parent 6bfad4ab
...@@ -604,7 +604,7 @@ static struct dma_pool *ttm_dma_pool_init(struct device *dev, gfp_t flags, ...@@ -604,7 +604,7 @@ static struct dma_pool *ttm_dma_pool_init(struct device *dev, gfp_t flags,
p = pool->name; p = pool->name;
for (i = 0; i < ARRAY_SIZE(t); i++) { for (i = 0; i < ARRAY_SIZE(t); i++) {
if (type & t[i]) { if (type & t[i]) {
p += snprintf(p, sizeof(pool->name) - (p - pool->name), p += scnprintf(p, sizeof(pool->name) - (p - pool->name),
"%s", n[i]); "%s", n[i]);
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment