On Wed, Jan 16, 2019 at 11:35 AM Pierre-Louis Bossart <[email protected]> wrote: > > > >> diff --git a/sound/soc/intel/skylake/skl-debug.c > >> b/sound/soc/intel/skylake/skl-debug.c > >> index 5d7ac2ee7a3c..bb28db734fb7 100644 > >> --- a/sound/soc/intel/skylake/skl-debug.c > >> +++ b/sound/soc/intel/skylake/skl-debug.c > >> @@ -43,7 +43,7 @@ static ssize_t skl_print_pins(struct skl_module_pin > >> *m_pin, char *buf, > >> ssize_t ret = 0; > >> > >> for (i = 0; i < max_pin; i++) > >> - ret += snprintf(buf + size, MOD_BUF - size, > >> + ret += scnprintf(buf + size, MOD_BUF - size, > >> "%s %d\n\tModule %d\n\tInstance %d\n\t" > >> "In-used %s\n\tType %s\n" > >> "\tState %d\n\tIndex %d\n", > >> > > While working on a Coccinelle script to find more cases of this, I > > noticed that this code is buggy: it keeps overwriting the same > > position in the buf string: "buf + size" and don't take "ret" into > > account at all. This needs to be: > > > > ret += scnprintf(buf + size + ret, MOD_BUF - size - ret, > > Thanks for the sighting. Indeed this looks like a bug, all other calls > to snprintf use "ret" to modify the destination/length. > > The only explanation I have for it not being noticed earlier is that > it's possibly not used - a 5mn test on 2 machines show the loop is > actually not run (max_pin == 0). > > It'll take me a bit of time to figure out what exactly this routine is > supposed to do, maybe we should do the cross-tree change first?
Sounds good to me. These patches are direct at maintainers, so please apply at will. :) Thanks! -- Kees Cook
