iwlwifi: replace sprintf with scnprintf for debugfs output
authorAbhijeet Kolekar <abhijeet.kolekar@intel.com>
Tue, 15 Apr 2008 04:16:04 +0000 (21:16 -0700)
committerJohn W. Linville <linville@tuxdriver.com>
Wed, 16 Apr 2008 19:59:57 +0000 (15:59 -0400)
The buffersize allocated is not accurate.
Writing to these buffers with scnprintf is safer.

Signed-off-by: Abhijeet Kolekar <abhijeet.kolekar@intel.com>
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
drivers/net/wireless/iwlwifi/iwl-debugfs.c

index 23632e54aab23223cd79b82eb92ba26cd1dc5cbf..cbea477eb07830a37800e16ce134da4a42f77bf4 100644 (file)
@@ -102,10 +102,14 @@ static ssize_t iwl_dbgfs_tx_statistics_read(struct file *file,
        struct iwl_priv *priv = (struct iwl_priv *)file->private_data;
        char buf[256];
        int pos = 0;
+       const size_t bufsz = sizeof(buf);
 
-       pos += sprintf(buf+pos, "mgmt: %u\n", priv->tx_stats[0].cnt);
-       pos += sprintf(buf+pos, "ctrl: %u\n", priv->tx_stats[1].cnt);
-       pos += sprintf(buf+pos, "data: %u\n", priv->tx_stats[2].cnt);
+       pos += scnprintf(buf + pos, bufsz - pos, "mgmt: %u\n",
+                                               priv->tx_stats[0].cnt);
+       pos += scnprintf(buf + pos, bufsz - pos, "ctrl: %u\n",
+                                               priv->tx_stats[1].cnt);
+       pos += scnprintf(buf + pos, bufsz - pos, "data: %u\n",
+                                               priv->tx_stats[2].cnt);
 
        return simple_read_from_buffer(user_buf, count, ppos, buf, pos);
 }
@@ -117,10 +121,14 @@ static ssize_t iwl_dbgfs_rx_statistics_read(struct file *file,
        struct iwl_priv *priv = (struct iwl_priv *)file->private_data;
        char buf[256];
        int pos = 0;
+       const size_t bufsz = sizeof(buf);
 
-       pos += sprintf(buf+pos, "mgmt: %u\n", priv->rx_stats[0].cnt);
-       pos += sprintf(buf+pos, "ctrl: %u\n", priv->rx_stats[1].cnt);
-       pos += sprintf(buf+pos, "data: %u\n", priv->rx_stats[2].cnt);
+       pos += scnprintf(buf + pos, bufsz - pos, "mgmt: %u\n",
+                                               priv->rx_stats[0].cnt);
+       pos += scnprintf(buf + pos, bufsz - pos, "ctrl: %u\n",
+                                               priv->rx_stats[1].cnt);
+       pos += scnprintf(buf + pos, bufsz - pos, "data: %u\n",
+                                               priv->rx_stats[2].cnt);
 
        return simple_read_from_buffer(user_buf, count, ppos, buf, pos);
 }
@@ -138,6 +146,7 @@ static ssize_t iwl_dbgfs_sram_read(struct file *file,
        int i;
        int pos = 0;
        struct iwl_priv *priv = (struct iwl_priv *)file->private_data;
+       const size_t bufsz = sizeof(buf);
 
        printk(KERN_DEBUG "offset is: 0x%x\tlen is: 0x%x\n",
        priv->dbgfs->sram_offset, priv->dbgfs->sram_len);
@@ -159,9 +168,9 @@ static ssize_t iwl_dbgfs_sram_read(struct file *file,
                                break;
                        }
                }
-               pos += sprintf(buf+pos, "0x%08x ", val);
+               pos += scnprintf(buf + pos, bufsz - pos, "0x%08x ", val);
        }
-       pos += sprintf(buf+pos, "\n");
+       pos += scnprintf(buf + pos, bufsz - pos, "\n");
        iwl_release_nic_access(priv);
 
        ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos);
@@ -210,44 +219,50 @@ static ssize_t iwl_dbgfs_stations_read(struct file *file, char __user *user_buf,
        if(!buf)
                return -ENOMEM;
 
-       pos += sprintf(buf+pos, "num of stations: %d\n\n",
+       pos += scnprintf(buf + pos, bufsz - pos, "num of stations: %d\n\n",
                        priv->num_stations);
 
        for (i = 0; i < max_sta; i++) {
                station = &priv->stations[i];
                if (station->used) {
-                       pos += sprintf(buf+pos, "station %d:\ngeneral data:\n",
-                                       i+1);
+                       pos += scnprintf(buf + pos, bufsz - pos,
+                                       "station %d:\ngeneral data:\n", i+1);
                        print_mac(mac, station->sta.sta.addr);
-                       pos += sprintf(buf+pos, "id: %u\n",
+                       pos += scnprintf(buf + pos, bufsz - pos, "id: %u\n",
                                        station->sta.sta.sta_id);
-                       pos += sprintf(buf+pos, "mode: %u\n",
+                       pos += scnprintf(buf + pos, bufsz - pos, "mode: %u\n",
                                        station->sta.mode);
-                       pos += sprintf(buf+pos, "flags: 0x%x\n",
+                       pos += scnprintf(buf + pos, bufsz - pos,
+                                       "flags: 0x%x\n",
                                        station->sta.station_flags_msk);
-                       pos += sprintf(buf+pos, "ps_status: %u\n",
-                                       station->ps_status);
-
-                       pos += sprintf(buf+pos, "tid data:\n");
-
-                       pos += sprintf(buf+pos, "seq_num\t\ttxq_id\t");
-                       pos += sprintf(buf+pos, "frame_count\twait_for_ba\t");
-                       pos += sprintf(buf+pos, "start_idx\tbitmap0\t");
-                       pos += sprintf(buf+pos, "bitmap1\trate_n_flags\n");
+                       pos += scnprintf(buf + pos, bufsz - pos,
+                                       "ps_status: %u\n", station->ps_status);
+                       pos += scnprintf(buf + pos, bufsz - pos, "tid data:\n");
+                       pos += scnprintf(buf + pos, bufsz - pos,
+                                       "seq_num\t\ttxq_id\t");
+                       pos += scnprintf(buf + pos, bufsz - pos,
+                                       "frame_count\twait_for_ba\t");
+                       pos += scnprintf(buf + pos, bufsz - pos,
+                                       "start_idx\tbitmap0\t");
+                       pos += scnprintf(buf + pos, bufsz - pos,
+                                       "bitmap1\trate_n_flags\n");
 
                        for (j = 0; j < MAX_TID_COUNT; j++) {
-                               pos += sprintf(buf+pos, "[%d]:\t\t%u\t",
-                                               j, station->tid[j].seq_number);
-                               pos += sprintf(buf+pos, "%u\t\t%u\t\t%u\t\t",
+                               pos += scnprintf(buf + pos, bufsz - pos,
+                                               "[%d]:\t\t%u\t", j,
+                                               station->tid[j].seq_number);
+                               pos += scnprintf(buf + pos, bufsz - pos,
+                                               "%u\t\t%u\t\t%u\t\t",
                                                station->tid[j].agg.txq_id,
                                                station->tid[j].agg.frame_count,
                                                station->tid[j].agg.wait_for_ba);
-                               pos += sprintf(buf+pos, "%u\t%llu\t%u\n",
+                               pos += scnprintf(buf + pos, bufsz - pos,
+                                               "%u\t%llu\t%u\n",
                                                station->tid[j].agg.start_idx,
                                                (unsigned long long)station->tid[j].agg.bitmap,
                                                station->tid[j].agg.rate_n_flags);
                        }
-                       pos += sprintf(buf+pos, "\n");
+                       pos += scnprintf(buf + pos, bufsz - pos, "\n");
                }
        }