[PATCH] fs/orangefs: use snprintf() instead of sprintf()

From: Amir Mohammad Jahangirzad
Date: Sun Jun 08 2025 - 12:36:41 EST

Next message: Pasha Tatashin: "Re: [RFC v2 11/16] luo: luo_sysfs: add sysfs state monitoring"
Previous message: Pasha Tatashin: "Re: [RFC v2 10/16] luo: luo_ioctl: add ioctl interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

sprintf() is discouraged for use with bounded destination buffers
as it does not prevent buffer overflows when the formatted output
exceeds the destination buffer size. snprintf() is a safer
alternative as it limits the number of bytes written and ensures
NUL-termination.

Replace sprintf() with snprintf() for copying the debug string
into a temporary buffer, using ORANGEFS_MAX_DEBUG_STRING_LEN as
the maximum size to ensure safe formatting and prevent memory
corruption in edge cases.

Signed-off-by: Amir Mohammad Jahangirzad <a.jahangirzad@xxxxxxxxx>
---
fs/orangefs/orangefs-debugfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/orangefs/orangefs-debugfs.c b/fs/orangefs/orangefs-debugfs.c
index f7095c91660c..e1613e0847e8 100644
--- a/fs/orangefs/orangefs-debugfs.c
+++ b/fs/orangefs/orangefs-debugfs.c
@@ -396,7 +396,7 @@ static ssize_t orangefs_debug_read(struct file *file,
goto out;

mutex_lock(&orangefs_debug_lock);
- sprintf_ret = sprintf(buf, "%s", (char *)file->private_data);
+ sprintf_ret = snprintf(buf, ORANGEFS_MAX_DEBUG_STRING_LEN, "%s", (char *)file->private_data);
mutex_unlock(&orangefs_debug_lock);

read_ret = simple_read_from_buffer(ubuf, count, ppos, buf, sprintf_ret);
--
2.43.0

Next message: Pasha Tatashin: "Re: [RFC v2 11/16] luo: luo_sysfs: add sysfs state monitoring"
Previous message: Pasha Tatashin: "Re: [RFC v2 10/16] luo: luo_ioctl: add ioctl interface"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]