gcc-7 warns about a possible sprintf format string overflow with a temporary buffer that is used to print from another buffer of the same size:
sound/pci/rme9652/hdspm.c: In function 'snd_hdspm_create_alsa_devices': sound/pci/rme9652/hdspm.c:2123:17: error: ' MIDIoverMADI' directive writing 13 bytes into a region of size between 1 and 32 [-Werror=format-overflow=]
This extends the temporary buffer to twice the size, and changes the code to use the safer snprintf() across the entire file. The longer buffer is still necessary to avoid a format-truncation warning.
Signed-off-by: Arnd Bergmann arnd@arndb.de --- sound/pci/rme9652/hdspm.c | 48 +++++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 20 deletions(-)
diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c index 254c3d040118..2a3a916e5d15 100644 --- a/sound/pci/rme9652/hdspm.c +++ b/sound/pci/rme9652/hdspm.c @@ -2061,7 +2061,7 @@ static int snd_hdspm_create_midi(struct snd_card *card, struct hdspm *hdspm, int id) { int err; - char buf[32]; + char buf[64];
hdspm->midi[id].id = id; hdspm->midi[id].hdspm = hdspm; @@ -2120,19 +2120,23 @@ static int snd_hdspm_create_midi(struct snd_card *card, if ((id < 2) || ((2 == id) && ((MADI == hdspm->io_type) || (MADIface == hdspm->io_type)))) { if ((id == 0) && (MADIface == hdspm->io_type)) { - sprintf(buf, "%s MIDIoverMADI", card->shortname); + snprintf(buf, sizeof(buf), "%s MIDIoverMADI", + card->shortname); } else if ((id == 2) && (MADI == hdspm->io_type)) { - sprintf(buf, "%s MIDIoverMADI", card->shortname); + snprintf(buf, sizeof(buf), "%s MIDIoverMADI", + card->shortname); } else { - sprintf(buf, "%s MIDI %d", card->shortname, id+1); + snprintf(buf, sizeof(buf), "%s MIDI %d", + card->shortname, id+1); } err = snd_rawmidi_new(card, buf, id, 1, 1, &hdspm->midi[id].rmidi); if (err < 0) return err;
- sprintf(hdspm->midi[id].rmidi->name, "%s MIDI %d", - card->id, id+1); + snprintf(hdspm->midi[id].rmidi->name, + sizeof(hdspm->midi[id].rmidi->name), + "%s MIDI %d", card->id, id+1); hdspm->midi[id].rmidi->private_data = &hdspm->midi[id];
snd_rawmidi_set_ops(hdspm->midi[id].rmidi, @@ -2148,14 +2152,16 @@ static int snd_hdspm_create_midi(struct snd_card *card, SNDRV_RAWMIDI_INFO_DUPLEX; } else { /* TCO MTC, read only */ - sprintf(buf, "%s MTC %d", card->shortname, id+1); + snprintf(buf, sizeof(buf), "%s MTC %d", + card->shortname, id+1); err = snd_rawmidi_new(card, buf, id, 1, 1, &hdspm->midi[id].rmidi); if (err < 0) return err;
- sprintf(hdspm->midi[id].rmidi->name, - "%s MTC %d", card->id, id+1); + snprintf(hdspm->midi[id].rmidi->name, + sizeof(hdspm->midi[id].rmidi->name), + "%s MTC %d", card->id, id+1); hdspm->midi[id].rmidi->private_data = &hdspm->midi[id];
snd_rawmidi_set_ops(hdspm->midi[id].rmidi, @@ -6869,7 +6875,8 @@ static int snd_hdspm_create(struct snd_card *card, * when running with multiple cards. */ if (NULL == id[hdspm->dev] && hdspm->serial != 0xFFFFFF) { - sprintf(card->id, "HDSPMx%06x", hdspm->serial); + snprintf(card->id, sizeof(card->id), + "HDSPMx%06x", hdspm->serial); snd_card_set_id(card, card->id); } } @@ -6954,17 +6961,18 @@ static int snd_hdspm_probe(struct pci_dev *pci, }
if (hdspm->io_type != MADIface) { - sprintf(card->shortname, "%s_%x", - hdspm->card_name, - hdspm->serial); - sprintf(card->longname, "%s S/N 0x%x at 0x%lx, irq %d", - hdspm->card_name, - hdspm->serial, - hdspm->port, hdspm->irq); + snprintf(card->shortname, sizeof(card->shortname), "%s_%x", + hdspm->card_name, hdspm->serial); + snprintf(card->longname, sizeof(card->longname), + "%s S/N 0x%x at 0x%lx, irq %d", + hdspm->card_name, hdspm->serial, + hdspm->port, hdspm->irq); } else { - sprintf(card->shortname, "%s", hdspm->card_name); - sprintf(card->longname, "%s at 0x%lx, irq %d", - hdspm->card_name, hdspm->port, hdspm->irq); + snprintf(card->shortname, sizeof(card->shortname), "%s", + hdspm->card_name); + snprintf(card->longname, sizeof(card->longname), + "%s at 0x%lx, irq %d", + hdspm->card_name, hdspm->port, hdspm->irq); }
err = snd_card_register(card);