| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251112181851.13450-1-hariconscious@gmail.com>
Date: Wed, 12 Nov 2025 23:48:51 +0530
From: hariconscious@...il.com
To: cezary.rojewski@...el.com,
liam.r.girdwood@...ux.intel.com,
peter.ujfalusi@...ux.intel.com,
yung-chuan.liao@...ux.intel.com,
ranjani.sridharan@...ux.intel.com,
kai.vehmanen@...ux.intel.com,
pierre-louis.bossart@...ux.dev,
broonie@...nel.org
Cc: perex@...ex.cz,
tiwai@...e.com,
amadeuszx.slawinski@...ux.intel.com,
sakari.ailus@...ux.intel.com,
khalid@...nel.org,
shuah@...nel.org,
david.hunter.linux@...il.com,
linux-sound@...r.kernel.org,
linux-kernel@...r.kernel.org,
stable@...r.kernel.org,
HariKrishna Sagala <hariconscious@...il.com>
Subject: [PATCH v2] ASoC: Intel: avs: Fix potential buffer overflow by snprintf()
From: HariKrishna Sagala <hariconscious@...il.com>
snprintf() returns the would-be-filled size when the string overflows
the given buffer size, hence using this value may result in a buffer
overflow (although it's unrealistic).
This patch replaces it with a safer version, scnprintf() for papering
over such a potential issue.
Link: https://github.com/KSPP/linux/issues/105
'Fixes: 5a565ba23abe ("ASoC: Intel: avs: Probing and firmware tracing
over debugfs")'
Signed-off-by: HariKrishna Sagala <hariconscious@...il.com>
---
Thank you for the feedback and the suggestions.
Corrected the indentation & commit message.
V1:
https://lore.kernel.org/all/20251112120235.54328-2-hariconscious@gmail.com/
sound/soc/intel/avs/debugfs.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/sound/soc/intel/avs/debugfs.c b/sound/soc/intel/avs/debugfs.c
index 3534de46f9e4..cdb82392b9ee 100644
--- a/sound/soc/intel/avs/debugfs.c
+++ b/sound/soc/intel/avs/debugfs.c
@@ -119,9 +119,9 @@ static ssize_t probe_points_read(struct file *file, char __user *to, size_t coun
}
for (i = 0; i < num_desc; i++) {
- ret = snprintf(buf + len, PAGE_SIZE - len,
- "Id: %#010x Purpose: %d Node id: %#x\n",
- desc[i].id.value, desc[i].purpose, desc[i].node_id.val);
+ ret = scnprintf(buf + len, PAGE_SIZE - len,
+ "Id: %#010x Purpose: %d Node id: %#x\n",
+ desc[i].id.value, desc[i].purpose, desc[i].node_id.val);
if (ret < 0)
goto free_desc;
len += ret;
base-commit: 24172e0d79900908cf5ebf366600616d29c9b417
--
2.43.0
Powered by blists - more mailing lists