vsprintf() performs no bounds checking and can overflow - replace it
with the safer vsnprintf().

Also remove the useless '+ 1' that is a leftover of commit 66ed28ea096c
("m68k: sun3: Remove unused vsprintf() return value in prom_printf()").

Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
Compile-tested only.
---
 arch/m68k/sun3/prom/printf.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/m68k/sun3/prom/printf.c b/arch/m68k/sun3/prom/printf.c
index db5537ef1250..cb4934d39833 100644
--- a/arch/m68k/sun3/prom/printf.c
+++ b/arch/m68k/sun3/prom/printf.c
@@ -30,9 +30,9 @@ prom_printf(char *fmt, ...)
 
 #ifdef CONFIG_KGDB
 	ppbuf[0] = 'O';
-	vsprintf(ppbuf + 1, fmt, args) + 1;
+	vsnprintf(ppbuf + 1, sizeof(ppbuf) - 1, fmt, args);
 #else
-	vsprintf(ppbuf, fmt, args);
+	vsnprintf(ppbuf, sizeof(ppbuf), fmt, args);
 #endif
 
 	bptr = ppbuf;
-- 
Thorsten Blum <thorsten.blum@linux.dev>
GPG: 1D60 735E 8AEF 3BE4 73B6  9D84 7336 78FD 8DFE EAD4

On Sat, 17 Jan 2026 at 21:22, Thorsten Blum <thorsten.blum@linux.dev> wrote:
> vsprintf() performs no bounds checking and can overflow - replace it
> with the safer vsnprintf().
>
> Also remove the useless '+ 1' that is a leftover of commit 66ed28ea096c
> ("m68k: sun3: Remove unused vsprintf() return value in prom_printf()").
>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>

Reviewed-by: Geert Uytterhoeven <geert@linux-m68k.org>
i.e. will queue in the m68k tree for v6.20.

Gr{oetje,eeting}s,

                        Geert

-- 
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@linux-m68k.org

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
                                -- Linus Torvalds