scsi: BusLogic: Avoid unbounded vsprintf() use

Existing blogic_msg() invocations do not appear to overrun its internal buffer of a fixed length of 100, which would cause stack corruption, but it's easy to miss with possible further updates and a fix is cheap in performance terms, so limit the output produced into the buffer by using vscnprintf() rather than vsprintf(). Link: https://lore.kernel.org/r/alpine.DEB.2.21.2104201939390.44318@angie.orcam.me.uk Acked-by: Khalid Aziz <khalid@gonehiking.org> Signed-off-by: Maciej W. Rozycki <macro@orcam.me.uk> Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
author: Maciej W. Rozycki <macro@orcam.me.uk> 2021-04-20 20:01:52 +0200
committer: Martin K. Petersen <martin.petersen@oracle.com> 2021-08-01 13:26:38 -0400
commit: a40662c90d974a89d2f5d627542b63bed88e72f0 (patch)
tree: c400a7efc534ef75e6a5acd85d667069cf898ec9 /drivers/scsi/BusLogic.c
parent: 44d01fc86d952f5a8b8b32bdb4841504d5833d95 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/scsi/BusLogic.c b/drivers/scsi/BusLogic.c
index 4d8556fb5c68..0bcedd9d8d26 100644
--- a/drivers/scsi/BusLogic.c
+++ b/drivers/scsi/BusLogic.c
@@ -3436,7 +3436,7 @@ static void blogic_msg(enum blogic_msglevel msglevel, char *fmt,
 	int len = 0;
 
 	va_start(args, adapter);
-	len = vsprintf(buf, fmt, args);
+	len = vscnprintf(buf, sizeof(buf), fmt, args);
 	va_end(args);
 	if (msglevel == BLOGIC_ANNOUNCE_LEVEL) {
 		static int msglines = 0;
author	Maciej W. Rozycki <macro@orcam.me.uk>	2021-04-20 20:01:52 +0200
committer	Martin K. Petersen <martin.petersen@oracle.com>	2021-08-01 13:26:38 -0400
commit	a40662c90d974a89d2f5d627542b63bed88e72f0 (patch)
tree	c400a7efc534ef75e6a5acd85d667069cf898ec9 /drivers/scsi/BusLogic.c
parent	44d01fc86d952f5a8b8b32bdb4841504d5833d95 (diff)