sprintf() does not perform bounds checking on the destination buffer.
Replace it with scnprintf() to ensure the write stays within bounds.

No functional change intended.

Signed-off-by: Kathara Sasikumar <katharasasikumar007@gmail.com>
---
v2:
 - Updated commit message wording
 - Targeted the patch to net-next
---
 net/6lowpan/debugfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/6lowpan/debugfs.c b/net/6lowpan/debugfs.c
index 600b9563bfc5..d45ace484143 100644
--- a/net/6lowpan/debugfs.c
+++ b/net/6lowpan/debugfs.c
@@ -173,7 +173,7 @@ static void lowpan_dev_debugfs_ctx_init(struct net_device *dev,
 	if (WARN_ON_ONCE(id >= LOWPAN_IPHC_CTX_TABLE_SIZE))
 		return;
 
-	sprintf(buf, "%d", id);
+	scnprintf(buf, sizeof(buf), "%d", id);
 
 	root = debugfs_create_dir(buf, ctx);
 
-- 
2.51.0

On Tue, Jan 06, 2026 at 05:16:11PM +0000, Kathara Sasikumar wrote:
> sprintf() does not perform bounds checking on the destination buffer.
> Replace it with scnprintf() to ensure the write stays within bounds.
> 
> No functional change intended.
> 
> Signed-off-by: Kathara Sasikumar <katharasasikumar007@gmail.com>
> ---
> v2:
>  - Updated commit message wording
>  - Targeted the patch to net-next

Thanks for the updates.

On Tue,  6 Jan 2026 17:16:11 +0000 Kathara Sasikumar wrote:
> sprintf() does not perform bounds checking on the destination buffer.
> Replace it with scnprintf() to ensure the write stays within bounds.

Aren't compilers clever enough these days to warn about potential
overflows? AFAICT the buffer is 32B so it will definitely fit %d
no matter what.
-- 
pw-bot: reject