[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20170718114820.3681255-3-arnd@arndb.de>
Date: Tue, 18 Jul 2017 13:48:06 +0200
From: Arnd Bergmann <arnd@...db.de>
To: Jaroslav Kysela <perex@...ex.cz>, Takashi Iwai <tiwai@...e.com>
Cc: Arnd Bergmann <arnd@...db.de>, alsa-devel@...a-project.org,
linux-kernel@...r.kernel.org
Subject: [PATCH v2 3/7] ALSA: ad1848: fix format string overflow warning
The snd_pcm name is too long to fit into the card shortname
or a part of the longname:
sound/isa/ad1848/ad1848.c: In function 'snd_ad1848_probe':
sound/isa/ad1848/ad1848.c:116:26: error: ' at 0x' directive writing 6 bytes into a region of size between 1 and 80 [-Werror=format-overflow=]
sprintf(card->longname, "%s at 0x%lx, irq %d, dma %d",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
sound/isa/ad1848/ad1848.c:116:2: note: 'sprintf' output between 22 and 128 bytes into a destination of size 80
sprintf(card->longname, "%s at 0x%lx, irq %d, dma %d",
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
chip->pcm->name, chip->port, irq[n], dma1[n]);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This changes the code to use length-checking functions that truncate
if necessary. The "[Thinkpad]" substring is now also part of the
snprintf(), as that could also overflow the buffer.
Signed-off-by: Arnd Bergmann <arnd@...db.de>
---
sound/isa/ad1848/ad1848.c | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/sound/isa/ad1848/ad1848.c b/sound/isa/ad1848/ad1848.c
index e739b1c85c25..7c8e92f62f3b 100644
--- a/sound/isa/ad1848/ad1848.c
+++ b/sound/isa/ad1848/ad1848.c
@@ -110,13 +110,17 @@ static int snd_ad1848_probe(struct device *dev, unsigned int n)
if (error < 0)
goto out;
- strcpy(card->driver, "AD1848");
- strcpy(card->shortname, chip->pcm->name);
-
- sprintf(card->longname, "%s at 0x%lx, irq %d, dma %d",
- chip->pcm->name, chip->port, irq[n], dma1[n]);
- if (thinkpad[n])
- strcat(card->longname, " [Thinkpad]");
+ strlcpy(card->driver, "AD1848", sizeof(card->driver));
+ strlcpy(card->shortname, chip->pcm->name, sizeof(card->shortname));
+
+ if (!thinkpad[n])
+ snprintf(card->longname, sizeof(card->longname),
+ "%s at 0x%lx, irq %d, dma %d",
+ chip->pcm->name, chip->port, irq[n], dma1[n]);
+ else
+ snprintf(card->longname, sizeof(card->longname),
+ "%s at 0x%lx, irq %d, dma %d [Thinkpad]",
+ chip->pcm->name, chip->port, irq[n], dma1[n]);
error = snd_card_register(card);
if (error < 0)
--
2.9.0
Powered by blists - more mailing lists