On Thu, Feb 27, 2014 at 11:44:38PM +0000, Russell King - ARM Linux wrote:
> On Thu, Feb 27, 2014 at 02:54:43PM -0800, Greg KH wrote:
> > On Wed, Feb 26, 2014 at 08:53:41PM -0300, Fabio Estevam wrote:
> > > diff --git a/drivers/staging/imx-drm/imx-ldb.c
> > > b/drivers/staging/imx-drm/imx-ldb.c
> > > index abf8517..daa54df 100644
> > > --- a/drivers/staging/imx-drm/imx-ldb.c
> > > +++ b/drivers/staging/imx-drm/imx-ldb.c
> > > @@ -334,12 +334,12 @@ static int imx_ldb_get_clk(struct imx_ldb *ldb, int
> > > chno)
> > > {
> > > char clkname[16];
> > >
> > > - sprintf(clkname, "di%d", chno);
> > > + snprintf(clkname, sizeof(clkname), "di%d", chno);
> >
> > Are you sure this can not overflow as well? Strings in C are nasty...
>
> Can you indicate how this would overflow?
>
> * snprintf - Format a string and place it in a buffer
> ...
> *
> * The return value is the number of characters which would be
> * generated for the given input, excluding the trailing null,
> * as per ISO C99. If the return is greater than or equal to
> * @size, the resulting string is truncated.
Ick, I forgot that snprintf() takes into account the trailing \0, you
are right, this is "safe".
Fabio, can you resend this please?
thanks,
greg k-h
_______________________________________________
devel mailing list
[email protected]
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
