pinctrl: mediatek: Use scnprintf() for avoiding potential buffer overflow

Since snprintf() returns the would-be-output size instead of the
actual output size, the succeeding calls may go beyond the given
buffer limit.  Fix it by replacing with scnprintf().

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20200311090644.20287-1-tiwai@suse.de
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>

diff --git a/drivers/pinctrl/mediatek/pinctrl-paris.c b/drivers/pinctrl/mediatek/pinctrl-paris.c
index 3ee8086..3853ec3 100644 (file)
--- a/drivers/pinctrl/mediatek/pinctrl-paris.c
+++ b/drivers/pinctrl/mediatek/pinctrl-paris.c
@@ -611,7 +611,7 @@ ssize_t mtk_pctrl_show_one_pin(struct mtk_pinctrl *hw,
        } else if (pullen != MTK_DISABLE && pullen != MTK_ENABLE) {
                pullen = 0;
        }
-       len += snprintf(buf + len, bufLen - len,
+       len += scnprintf(buf + len, bufLen - len,
                        "%03d: %1d%1d%1d%1d%02d%1d%1d%1d%1d",
                        gpio,
                        pinmux,
@@ -625,10 +625,10 @@ ssize_t mtk_pctrl_show_one_pin(struct mtk_pinctrl *hw,
                        pullup);
 
        if (r1 != -1) {
-               len += snprintf(buf + len, bufLen - len, " (%1d %1d)\n",
+               len += scnprintf(buf + len, bufLen - len, " (%1d %1d)\n",
                        r1, r0);
        } else {
-               len += snprintf(buf + len, bufLen - len, "\n");
+               len += scnprintf(buf + len, bufLen - len, "\n");
        }
 
        return len;