Commit ff33d0e2 authored by Takashi Iwai's avatar Takashi Iwai Committed by Martin K. Petersen

scsi: megaraid_sas: Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the actual
output size, the succeeding calls may go beyond the given buffer limit.
Fix it by replacing with scnprintf().

Also corrected the wrongly passed limit size.  The remaining buffer size
must be decremented.

Link: https://lore.kernel.org/r/20200315094241.9086-7-tiwai@suse.de
Cc: "James E . J . Bottomley" <jejb@linux.ibm.com>
Cc: "Martin K . Petersen" <martin.petersen@oracle.com>
Cc: Kashyap Desai <kashyap.desai@broadcom.com>
Cc: Sumit Saxena <sumit.saxena@broadcom.com>
Cc: Shivasharan S <shivasharan.srikanteshwara@broadcom.com>
Cc: linux-scsi@vger.kernel.org
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Signed-off-by: default avatarMartin K. Petersen <martin.petersen@oracle.com>
parent 6f0cf424
......@@ -2987,7 +2987,8 @@ megasas_dump_sys_regs(void __iomem *reg_set, char *buf)
u32 __iomem *reg = (u32 __iomem *)reg_set;
for (i = 0; i < sz / sizeof(u32); i++) {
bytes_wrote += snprintf(loc + bytes_wrote, PAGE_SIZE,
bytes_wrote += scnprintf(loc + bytes_wrote,
PAGE_SIZE - bytes_wrote,
"%08x: %08x\n", (i * 4),
readl(&reg[i]));
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment