[PATCH v2 2/7] ALSA: cs423x: fix format string overflow warning

From: Arnd Bergmann
Date: Tue Jul 18 2017 - 07:49:35 EST

Next message: Arnd Bergmann: "[PATCH v2 1/7] ALSA: als100: fix format string overflow warning"
Previous message: Arnd Bergmann: "[PATCH v2 3/7] ALSA: ad1848: fix format string overflow warning"
In reply to: Arnd Bergmann: "[PATCH v2 3/7] ALSA: ad1848: fix format string overflow warning"
Next in thread: Arnd Bergmann: "[PATCH v2 5/7] ALSA: mixart: fix string overflow warning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The snd_pcm name may overflow the card->longname total size:

sound/isa/cs423x/cs4231.c: In function 'snd_cs4231_probe':
sound/isa/cs423x/cs4231.c:115:26: error: ' at 0x' directive writing 6 bytes into a region of size between 1 and 80 [-Werror=format-overflow=] 0x%lx, irq %d, dma %d",
sprintf(card->longname, "%s at 0x%lx, irq %d, dma %d",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This changes the driver to use snprintf() so we truncate the string
instead of overflowing into the next field if that happens.

I decided to split out the second format string for the extra
DMA channel to keep the code simpler.

Signed-off-by: Arnd Bergmann <arnd@xxxxxxxx>
---
sound/isa/cs423x/cs4231.c | 18 +++++++++++-------
sound/isa/cs423x/cs4236.c | 20 +++++++++++---------
2 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/sound/isa/cs423x/cs4231.c b/sound/isa/cs423x/cs4231.c
index e8edd9017a2f..d90ab9558f7f 100644
--- a/sound/isa/cs423x/cs4231.c
+++ b/sound/isa/cs423x/cs4231.c
@@ -109,13 +109,17 @@ static int snd_cs4231_probe(struct device *dev, unsigned int n)
if (error < 0)
goto out;

- strcpy(card->driver, "CS4231");
- strcpy(card->shortname, chip->pcm->name);
-
- sprintf(card->longname, "%s at 0x%lx, irq %d, dma %d",
- chip->pcm->name, chip->port, irq[n], dma1[n]);
- if (dma2[n] >= 0)
- sprintf(card->longname + strlen(card->longname), "&%d", dma2[n]);
+ strlcpy(card->driver, "CS4231", sizeof(card->driver));
+ strlcpy(card->shortname, chip->pcm->name, sizeof(card->shortname));
+
+ if (dma2[n] < 0)
+ snprintf(card->longname, sizeof(card->longname),
+ "%s at 0x%lx, irq %d, dma %d",
+ chip->pcm->name, chip->port, irq[n], dma1[n]);
+ else
+ snprintf(card->longname, sizeof(card->longname),
+ "%s at 0x%lx, irq %d, dma %d&%d",
+ chip->pcm->name, chip->port, irq[n], dma1[n], dma2[n]);

error = snd_wss_mixer(chip);
if (error < 0)
diff --git a/sound/isa/cs423x/cs4236.c b/sound/isa/cs423x/cs4236.c
index 1f9a3b2be7a1..4c09756c7353 100644
--- a/sound/isa/cs423x/cs4236.c
+++ b/sound/isa/cs423x/cs4236.c
@@ -419,15 +419,17 @@ static int snd_cs423x_probe(struct snd_card *card, int dev)
if (err < 0)
return err;
}
- strcpy(card->driver, chip->pcm->name);
- strcpy(card->shortname, chip->pcm->name);
- sprintf(card->longname, "%s at 0x%lx, irq %i, dma %i",
- chip->pcm->name,
- chip->port,
- irq[dev],
- dma1[dev]);
- if (dma2[dev] >= 0)
- sprintf(card->longname + strlen(card->longname), "&%d", dma2[dev]);
+ strlcpy(card->driver, chip->pcm->name, sizeof(card->driver));
+ strlcpy(card->shortname, chip->pcm->name, sizeof(card->shortname));
+ if (dma2[dev] < 0)
+ snprintf(card->longname, sizeof(card->longname),
+ "%s at 0x%lx, irq %i, dma %i",
+ chip->pcm->name, chip->port, irq[dev], dma1[dev]);
+ else
+ snprintf(card->longname, sizeof(card->longname),
+ "%s at 0x%lx, irq %i, dma %i&%d",
+ chip->pcm->name, chip->port, irq[dev], dma1[dev],
+ dma2[dev]);

err = snd_wss_timer(chip, 0);
if (err < 0)
--
2.9.0

Next message: Arnd Bergmann: "[PATCH v2 1/7] ALSA: als100: fix format string overflow warning"
Previous message: Arnd Bergmann: "[PATCH v2 3/7] ALSA: ad1848: fix format string overflow warning"
In reply to: Arnd Bergmann: "[PATCH v2 3/7] ALSA: ad1848: fix format string overflow warning"
Next in thread: Arnd Bergmann: "[PATCH v2 5/7] ALSA: mixart: fix string overflow warning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]