Received: by 2002:a05:6a10:6d10:0:0:0:0 with SMTP id gq16csp3458552pxb; Tue, 19 Apr 2022 03:04:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzHnNW+Lu1auTa/aU/7XdsJAjxkXfLZHFHwFRqrOCKtRY79nSGrM6kI0dA+mPT43ZKE7KYj X-Received: by 2002:a17:906:f85:b0:6d6:e97b:d276 with SMTP id q5-20020a1709060f8500b006d6e97bd276mr12434568ejj.431.1650362678172; Tue, 19 Apr 2022 03:04:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1650362678; cv=none; d=google.com; s=arc-20160816; b=PhNmPnxmErt4oxFOXDRzDu150P6yzKSuKiiYyzhMzMdLLs5RTd2aRwIhAzY2HH2xHU nAxWnfEwY+t1NnRS3C8Qdru1hOmZAZen4DKpcTmIEKRxzXcIVhxdbD8k93FOBuaFzw+m iyYtgvCQ7o5/4mW995NZK/WoKj9G8LPUYO+YeEb9fKjiYgvSRpiQpjWKvJnMAIZz+KKQ xwLngGHSDlz/JDua0psIXvns0hJdfK8SNQxRlNLmude5d8JiuGXg9dSYV0+HKX0vtbn9 Q5zTit5OjbTAvA6okeErchenhR/n/TdGyVoUPix9Ue5cT+4TCzS0ZVHba0y5hzkQsGT3 DC6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=e6aanR29DII2HiUyORIPIK5DJJ7LsJZOVwho3f3W46A=; b=Aw6ZcjaOXD8QuF4dqmYY+7g87VFqrexL9Lrlpum9Evi8XmZJAcrD0sGRyjIGjn+bex XRfHC4TzghdVDoOE2O69XtYyQi0agvFRW2cSkC4B4a2NmUNkyMANNLPyXpZ3sWGqv0yl QmFnOW5Yubw0Qj8YFPjTYDo2o/wXKpmee2E/xkdPB0HaoiTO42pgdHOg9NpQ/KVgLncG /X4Vd8Ou8Y/9lEFnXF+thpcwRWqdtIZHEflkWRp4YYsFFAIK7O6/j01O4vSwsbE89SuS UlZ62jaPp9UGY005DdT8dhYcpBewxM8MSjqawONVaA080Wc5oZ1Pi68JCrLko269HuOg CFBw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=HPHH3rAE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i12-20020a50c3cc000000b00418c2b5beb9si7350487edf.411.2022.04.19.03.04.14; Tue, 19 Apr 2022 03:04:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=HPHH3rAE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343704AbiDRONC (ORCPT + 99 others); Mon, 18 Apr 2022 10:13:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S244368AbiDRN41 (ORCPT ); Mon, 18 Apr 2022 09:56:27 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7BC8E642E; Mon, 18 Apr 2022 06:04:58 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id C51BD60EF6; Mon, 18 Apr 2022 13:04:57 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D353EC385A1; Mon, 18 Apr 2022 13:04:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1650287097; bh=zEeKefMZYRslSx40JLS5O+6+t08QoeqPa7ZuL/Iyqg4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HPHH3rAECFYX1hu5VJ/hGn6Vt7XPQR0O7nRRgvofFL1w6iWX9BUYEQe40nafbJnIN 1Nt3LV4Tqrty/NR+lHtQZ1P6NL2evajkt51trvEE+orFFzmQ5GkELMu7zfWmaY3jLa tPIBRim9j2XFYvajEFle7dWn4dAGBQdmYRktxVQ8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Dan Carpenter , Helge Deller , Sasha Levin Subject: [PATCH 4.9 056/218] video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() Date: Mon, 18 Apr 2022 14:12:02 +0200 Message-Id: <20220418121201.216181667@linuxfoundation.org> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220418121158.636999985@linuxfoundation.org> References: <20220418121158.636999985@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.7 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Dan Carpenter [ Upstream commit 78482af095abd9f4f29f1aa3fe575d25c6ae3028 ] This code has two bugs: 1) "cnt" is 255 but the size of the buffer is 256 so the last byte is not used. 2) If we try to print more than 255 characters then "cnt" will be negative and that will trigger a WARN() in snprintf(). The fix for this is to use scnprintf() instead of snprintf(). We can re-write this code to be cleaner: 1) Rename "offset" to "off" because that's shorter. 2) Get rid of the "cnt" variable and just use "size - off" directly. 3) Get rid of the "read" variable and just increment "off" directly. Fixes: 96fe6a2109db ("fbdev: Add VESA Coordinated Video Timings (CVT) support") Signed-off-by: Dan Carpenter Signed-off-by: Helge Deller Signed-off-by: Sasha Levin --- drivers/video/fbdev/core/fbcvt.c | 53 +++++++++++++------------------- 1 file changed, 21 insertions(+), 32 deletions(-) diff --git a/drivers/video/fbdev/core/fbcvt.c b/drivers/video/fbdev/core/fbcvt.c index 55d2bd0ce5c0..64843464c661 100644 --- a/drivers/video/fbdev/core/fbcvt.c +++ b/drivers/video/fbdev/core/fbcvt.c @@ -214,9 +214,11 @@ static u32 fb_cvt_aspect_ratio(struct fb_cvt_data *cvt) static void fb_cvt_print_name(struct fb_cvt_data *cvt) { u32 pixcount, pixcount_mod; - int cnt = 255, offset = 0, read = 0; - u8 *buf = kzalloc(256, GFP_KERNEL); + int size = 256; + int off = 0; + u8 *buf; + buf = kzalloc(size, GFP_KERNEL); if (!buf) return; @@ -224,43 +226,30 @@ static void fb_cvt_print_name(struct fb_cvt_data *cvt) pixcount_mod = (cvt->xres * (cvt->yres/cvt->interlace)) % 1000000; pixcount_mod /= 1000; - read = snprintf(buf+offset, cnt, "fbcvt: %dx%d@%d: CVT Name - ", - cvt->xres, cvt->yres, cvt->refresh); - offset += read; - cnt -= read; + off += scnprintf(buf + off, size - off, "fbcvt: %dx%d@%d: CVT Name - ", + cvt->xres, cvt->yres, cvt->refresh); - if (cvt->status) - snprintf(buf+offset, cnt, "Not a CVT standard - %d.%03d Mega " - "Pixel Image\n", pixcount, pixcount_mod); - else { - if (pixcount) { - read = snprintf(buf+offset, cnt, "%d", pixcount); - cnt -= read; - offset += read; - } + if (cvt->status) { + off += scnprintf(buf + off, size - off, + "Not a CVT standard - %d.%03d Mega Pixel Image\n", + pixcount, pixcount_mod); + } else { + if (pixcount) + off += scnprintf(buf + off, size - off, "%d", pixcount); - read = snprintf(buf+offset, cnt, ".%03dM", pixcount_mod); - cnt -= read; - offset += read; + off += scnprintf(buf + off, size - off, ".%03dM", pixcount_mod); if (cvt->aspect_ratio == 0) - read = snprintf(buf+offset, cnt, "3"); + off += scnprintf(buf + off, size - off, "3"); else if (cvt->aspect_ratio == 3) - read = snprintf(buf+offset, cnt, "4"); + off += scnprintf(buf + off, size - off, "4"); else if (cvt->aspect_ratio == 1 || cvt->aspect_ratio == 4) - read = snprintf(buf+offset, cnt, "9"); + off += scnprintf(buf + off, size - off, "9"); else if (cvt->aspect_ratio == 2) - read = snprintf(buf+offset, cnt, "A"); - else - read = 0; - cnt -= read; - offset += read; - - if (cvt->flags & FB_CVT_FLAG_REDUCED_BLANK) { - read = snprintf(buf+offset, cnt, "-R"); - cnt -= read; - offset += read; - } + off += scnprintf(buf + off, size - off, "A"); + + if (cvt->flags & FB_CVT_FLAG_REDUCED_BLANK) + off += scnprintf(buf + off, size - off, "-R"); } printk(KERN_INFO "%s\n", buf); -- 2.34.1