From: Dan Carpenter dan.carpenter@oracle.com
stable inclusion from stable-5.10.52 commit ab4d76eb77371af83f8272fbe05bee8154756d0a bugzilla: 175542 https://gitee.com/openeuler/kernel/issues/I4DTKU
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
[ Upstream commit 54b909436ede47e0ee07f1765da27ec2efa41e84 ]
The scnprintf() function silently truncates the printf() and returns the number bytes that it was able to copy (not counting the NUL terminator). Thus, the highest value it can return here is "NAME_SIZE - 1" and the overflow check is dead code. Fix this by using the snprintf() function which returns the number of bytes that would have been copied if there was enough space and changing the condition from "> NAME_SIZE" to ">= NAME_SIZE".
Fixes: 92589c986b33 ("rtc-proc: permit the /proc/driver/rtc device to use other devices") Signed-off-by: Dan Carpenter dan.carpenter@oracle.com Signed-off-by: Alexandre Belloni alexandre.belloni@bootlin.com Link: https://lore.kernel.org/r/YJov/pcGmhLi2pEl@mwanda Signed-off-by: Sasha Levin sashal@kernel.org Signed-off-by: Chen Jun chenjun102@huawei.com Acked-by: Weilong Chen chenweilong@huawei.com Signed-off-by: Chen Jun chenjun102@huawei.com --- drivers/rtc/proc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/rtc/proc.c b/drivers/rtc/proc.c index 73344598fc1b..cbcdbb19d848 100644 --- a/drivers/rtc/proc.c +++ b/drivers/rtc/proc.c @@ -23,8 +23,8 @@ static bool is_rtc_hctosys(struct rtc_device *rtc) int size; char name[NAME_SIZE];
- size = scnprintf(name, NAME_SIZE, "rtc%d", rtc->id); - if (size > NAME_SIZE) + size = snprintf(name, NAME_SIZE, "rtc%d", rtc->id); + if (size >= NAME_SIZE) return false;
return !strncmp(name, CONFIG_RTC_HCTOSYS_DEVICE, NAME_SIZE);