| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025111239-sturdily-entire-d281@gregkh>
Date: Wed, 12 Nov 2025 14:20:19 -0500
From: Greg KH <gregkh@...uxfoundation.org>
To: hariconscious@...il.com
Cc: cezary.rojewski@...el.com, liam.r.girdwood@...ux.intel.com,
peter.ujfalusi@...ux.intel.com, yung-chuan.liao@...ux.intel.com,
ranjani.sridharan@...ux.intel.com, kai.vehmanen@...ux.intel.com,
pierre-louis.bossart@...ux.dev, broonie@...nel.org, perex@...ex.cz,
tiwai@...e.com, amadeuszx.slawinski@...ux.intel.com,
sakari.ailus@...ux.intel.com, khalid@...nel.org, shuah@...nel.org,
david.hunter.linux@...il.com, linux-sound@...r.kernel.org,
linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [PATCH v2] ASoC: Intel: avs: Fix potential buffer overflow by
snprintf()
On Wed, Nov 12, 2025 at 11:48:51PM +0530, hariconscious@...il.com wrote:
> From: HariKrishna Sagala <hariconscious@...il.com>
>
> snprintf() returns the would-be-filled size when the string overflows
> the given buffer size, hence using this value may result in a buffer
> overflow (although it's unrealistic).
unrealistic == impossible
So why make this change at all?
> This patch replaces it with a safer version, scnprintf() for papering
> over such a potential issue.
Don't "paper over", actually fix real things.
> Link: https://github.com/KSPP/linux/issues/105
> 'Fixes: 5a565ba23abe ("ASoC: Intel: avs: Probing and firmware tracing
> over debugfs")'
No, this is not a "fix".
Also please do not wrap lines of fixes tags.
thanks,
greg k-h
Powered by blists - more mailing lists