mirror of
https://github.com/torvalds/linux.git
synced 2025-01-01 15:51:46 +00:00
speakup: replace sprintf() by scnprintf()
Replace sprintf() by scnprintf() in order to avoid buffer overflows. Signed-off-by: Salah Triki <salah.triki@gmail.com> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org> Link: https://lore.kernel.org/r/20210630224248.2iq6o6krecx4cz5j@begin Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
f83461e658
commit
ec7b5eda8a
@ -153,18 +153,25 @@ static char *get_initstring(void)
|
||||
static char buf[40];
|
||||
char *cp;
|
||||
struct var_t *var;
|
||||
size_t len;
|
||||
size_t n;
|
||||
|
||||
memset(buf, 0, sizeof(buf));
|
||||
cp = buf;
|
||||
len = sizeof(buf);
|
||||
|
||||
var = synth_soft.vars;
|
||||
while (var->var_id != MAXVARS) {
|
||||
if (var->var_id != CAPS_START && var->var_id != CAPS_STOP &&
|
||||
var->var_id != PAUSE && var->var_id != DIRECT)
|
||||
cp = cp + sprintf(cp, var->u.n.synth_fmt,
|
||||
var->u.n.value);
|
||||
var->var_id != PAUSE && var->var_id != DIRECT) {
|
||||
n = scnprintf(cp, len, var->u.n.synth_fmt,
|
||||
var->u.n.value);
|
||||
cp = cp + n;
|
||||
len = len - n;
|
||||
}
|
||||
var++;
|
||||
}
|
||||
cp = cp + sprintf(cp, "\n");
|
||||
cp = cp + scnprintf(cp, len, "\n");
|
||||
return buf;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user