tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

ALSA: core: Copy string more safely

Replace the remaining strcpy() and sprintf() usages in the ALSA core
code with the safer versions.

The first strcpy() points actually to card->id, hence just use
strscpy() with card->id instead.

The append of suffix string is slightly rewritten so that we can use
scnprintf() and strscpy().

Only for safety, no actual behavior change.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://patch.msgid.link/20250710100727.22653-104-tiwai@suse.de

Takashi Iwai bee60f01 53beb4d0

+7 -9
+7 -9
sound/core/init.c
··· 723 723 * ("card" conflicts with proc directories) 724 724 */ 725 725 if (!*id || !strncmp(id, "card", 4)) { 726 - strcpy(id, "Default"); 726 + strscpy(card->id, "Default"); 727 727 is_default = true; 728 728 } 729 729 730 730 len = strlen(id); 731 731 for (loops = 0; loops < SNDRV_CARDS; loops++) { 732 - char *spos; 733 732 char sfxstr[5]; /* "_012" */ 734 - int sfxlen; 733 + int sfxlen, slen; 735 734 736 735 if (card_id_ok(card, id)) 737 736 return; /* OK */ 738 737 739 738 /* Add _XYZ suffix */ 740 - sprintf(sfxstr, "_%X", loops + 1); 741 - sfxlen = strlen(sfxstr); 739 + sfxlen = scnprintf(sfxstr, sizeof(sfxstr), "_%X", loops + 1); 742 740 if (len + sfxlen >= sizeof(card->id)) 743 - spos = id + sizeof(card->id) - sfxlen - 1; 741 + slen = sizeof(card->id) - sfxlen - 1; 744 742 else 745 - spos = id + len; 746 - strcpy(spos, sfxstr); 743 + slen = len; 744 + strscpy(id + slen, sfxstr, sizeof(card->id) - slen); 747 745 } 748 746 /* fallback to the default id */ 749 747 if (!is_default) { ··· 799 801 guard(mutex)(&snd_card_mutex); 800 802 if (!card_id_ok(NULL, buf1)) 801 803 return -EEXIST; 802 - strcpy(card->id, buf1); 804 + strscpy(card->id, buf1); 803 805 snd_info_card_id_change(card); 804 806 805 807 return count;