From f68334a85ee9120678c06a8da4a1711be7be86a2 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.de>
Date: Tue, 18 Feb 2020 09:22:08 +0100
Subject: [PATCH] md/raid0: Fix buffer overflow at debug print
Patch-mainline: Not yet, waiting for patch author posting upstream
References: bsc#1164051

The debug print text in dump_zones() is formatted via a loop of
snprintf().  Since snprintf() returns the number of would-be-printed
characters, not the actually output, the length calculation in the
loop overflows the actual buffer size, which leads to a WARNING in
vsnprintf().

Replace snprintf() with scnprintf() to calculate properly with the
actual output size.

Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Coly Li <colyli@suse.de>
---
 drivers/md/raid0.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c
index 322386ff5d22..3e16be05b98f 100644
--- a/drivers/md/raid0.c
+++ b/drivers/md/raid0.c
@@ -63,7 +63,7 @@ static void dump_zones(struct mddev *mddev)
 		int len = 0;
 
 		for (k = 0; k < conf->strip_zone[j].nb_dev; k++)
-			len += snprintf(line+len, 200-len, "%s%s", k?"/":"",
+			len += scnprintf(line+len, 200-len, "%s%s", k?"/":"",
 					bdevname(conf->devlist[j*raid_disks
 							       + k]->bdev, b));
 		pr_debug("md: zone%d=[%s]\n", j, line);
-- 
2.16.4