Re: [alsa-devel] [PATCH] sound/pci/ice1712: replace strcpy() with scnprintf()

On Thu, Mar 1, 2018 at 1:45 PM, Joey Pabalinas joeypabalinas@gmail.com wrote:

Replace unsafe uses of strcpy() to copy the name argument into the sid.name buffer with scnprintf() to guard against possible buffer overflows.

•   struct snd_ctl_elem_id sid;
  

•   memset(&sid, 0, sizeof(sid));
  

•   /* FIXME: strcpy is bad. */
  

•   strcpy(sid.name, name);
  

•   struct snd_ctl_elem_id sid = {0};
  

•   scnprintf(sid.name, sizeof(sid.name), "%s", name);
  

So, why not just use strlcpy()? scnprintf() here adds an overhead for no benefit.

    sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
    return snd_ctl_find_id(card, &sid);

•   struct snd_ctl_elem_id sid;
  

•   memset(&sid, 0, sizeof(sid));
  

•   /* FIXME: strcpy is bad. */
  

•   strcpy(sid.name, name);
  

•   struct snd_ctl_elem_id sid = {0};
  

•   scnprintf(sid.name, sizeof(sid.name), "%s", name);
    sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
    return snd_ctl_find_id(card, &sid);
  

Ditto.