[alsa-devel] [PATCH] sound/pci/ice1712: replace strcpy() with scnprintf()
Replace unsafe uses of strcpy() to copy the name argument into the sid.name buffer with scnprintf() to guard against possible buffer overflows.
Even though we don't actually care about the return value in this specific case, scnprintf() is still preferred over snprintf() due to scnprintf() returning the much more logical length of what was *actually* encoded into the destination array instead of returning length the resulting string *would* be, assuming it all fit into the destination array as snprintf() does.
Maybe one day someone will use the return value, and since the behavior is exactly the same apart from the return value it would be better to account for that possibility and program defensively.
Signed-off-by: Joey Pabalinas joeypabalinas@gmail.com
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/sound/pci/ice1712/juli.c b/sound/pci/ice1712/juli.c index 0dbaccf61f33270608..0abacc64168f895d53 100644 --- a/sound/pci/ice1712/juli.c +++ b/sound/pci/ice1712/juli.c @@ -26,6 +26,7 @@ #include <linux/delay.h> #include <linux/interrupt.h> #include <linux/init.h> +#include <linux/kernel.h> #include <linux/slab.h> #include <sound/core.h> #include <sound/tlv.h> @@ -425,10 +426,9 @@ DECLARE_TLV_DB_SCALE(juli_master_db_scale, -6350, 50, 1); static struct snd_kcontrol *ctl_find(struct snd_card *card, const char *name) { - struct snd_ctl_elem_id sid; - memset(&sid, 0, sizeof(sid)); - /* FIXME: strcpy is bad. */ - strcpy(sid.name, name); + struct snd_ctl_elem_id sid = {0}; + + scnprintf(sid.name, sizeof(sid.name), "%s", name); sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER; return snd_ctl_find_id(card, &sid); } diff --git a/sound/pci/ice1712/quartet.c b/sound/pci/ice1712/quartet.c index d145b5eb7ff86d978d..332f6226548c6a089a 100644 --- a/sound/pci/ice1712/quartet.c +++ b/sound/pci/ice1712/quartet.c @@ -25,6 +25,7 @@ #include <linux/delay.h> #include <linux/interrupt.h> #include <linux/init.h> +#include <linux/kernel.h> #include <linux/slab.h> #include <sound/core.h> #include <sound/tlv.h> @@ -785,10 +786,9 @@ DECLARE_TLV_DB_SCALE(qtet_master_db_scale, -6350, 50, 1); static struct snd_kcontrol *ctl_find(struct snd_card *card, const char *name) { - struct snd_ctl_elem_id sid; - memset(&sid, 0, sizeof(sid)); - /* FIXME: strcpy is bad. */ - strcpy(sid.name, name); + struct snd_ctl_elem_id sid = {0}; + + scnprintf(sid.name, sizeof(sid.name), "%s", name); sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER; return snd_ctl_find_id(card, &sid); }
On Thu, Mar 1, 2018 at 1:45 PM, Joey Pabalinas joeypabalinas@gmail.com wrote:
Replace unsafe uses of strcpy() to copy the name argument into the sid.name buffer with scnprintf() to guard against possible buffer overflows.
struct snd_ctl_elem_id sid;
memset(&sid, 0, sizeof(sid));
/* FIXME: strcpy is bad. */
strcpy(sid.name, name);
struct snd_ctl_elem_id sid = {0};
scnprintf(sid.name, sizeof(sid.name), "%s", name);
So, why not just use strlcpy()? scnprintf() here adds an overhead for no benefit.
sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER; return snd_ctl_find_id(card, &sid);
struct snd_ctl_elem_id sid;
memset(&sid, 0, sizeof(sid));
/* FIXME: strcpy is bad. */
strcpy(sid.name, name);
struct snd_ctl_elem_id sid = {0};
scnprintf(sid.name, sizeof(sid.name), "%s", name); sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER; return snd_ctl_find_id(card, &sid);
Ditto.
Replace unsafe usages of strcpy() to copy the name argument into the sid.name buffer with strlcpy() to guard against possible buffer overflows.
Signed-off-by: Joey Pabalinas joeypabalinas@gmail.com Suggested-by: Andy Shevchenko andy.shevchenko@gmail.com
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/sound/pci/ice1712/juli.c b/sound/pci/ice1712/juli.c index 0dbaccf61f33270608..21806bab4757241a9e 100644 --- a/sound/pci/ice1712/juli.c +++ b/sound/pci/ice1712/juli.c @@ -27,6 +27,7 @@ #include <linux/interrupt.h> #include <linux/init.h> #include <linux/slab.h> +#include <linux/string.h> #include <sound/core.h> #include <sound/tlv.h>
@@ -425,10 +426,9 @@ DECLARE_TLV_DB_SCALE(juli_master_db_scale, -6350, 50, 1); static struct snd_kcontrol *ctl_find(struct snd_card *card, const char *name) { - struct snd_ctl_elem_id sid; - memset(&sid, 0, sizeof(sid)); - /* FIXME: strcpy is bad. */ - strcpy(sid.name, name); + struct snd_ctl_elem_id sid = {0}; + + strlcpy(sid.name, name, sizeof(sid.name)); sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER; return snd_ctl_find_id(card, &sid); } diff --git a/sound/pci/ice1712/quartet.c b/sound/pci/ice1712/quartet.c index d145b5eb7ff86d978d..5bc836241c977feb51 100644 --- a/sound/pci/ice1712/quartet.c +++ b/sound/pci/ice1712/quartet.c @@ -26,6 +26,7 @@ #include <linux/interrupt.h> #include <linux/init.h> #include <linux/slab.h> +#include <linux/string.h> #include <sound/core.h> #include <sound/tlv.h> #include <sound/info.h> @@ -785,10 +786,9 @@ DECLARE_TLV_DB_SCALE(qtet_master_db_scale, -6350, 50, 1); static struct snd_kcontrol *ctl_find(struct snd_card *card, const char *name) { - struct snd_ctl_elem_id sid; - memset(&sid, 0, sizeof(sid)); - /* FIXME: strcpy is bad. */ - strcpy(sid.name, name); + struct snd_ctl_elem_id sid = {0}; + + strlcpy(sid.name, name, sizeof(sid.name)); sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER; return snd_ctl_find_id(card, &sid); }
On Thu, Mar 1, 2018 at 4:17 PM, Joey Pabalinas joeypabalinas@gmail.com wrote:
Replace unsafe usages of strcpy() to copy the name argument into the sid.name buffer with strlcpy() to guard against possible buffer overflows.
Signed-off-by: Joey Pabalinas joeypabalinas@gmail.com Suggested-by: Andy Shevchenko andy.shevchenko@gmail.com
Reviewed-by: Andy Shevchenko andy.shevchenko@gmail.com
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/sound/pci/ice1712/juli.c b/sound/pci/ice1712/juli.c index 0dbaccf61f33270608..21806bab4757241a9e 100644 --- a/sound/pci/ice1712/juli.c +++ b/sound/pci/ice1712/juli.c @@ -27,6 +27,7 @@ #include <linux/interrupt.h> #include <linux/init.h> #include <linux/slab.h> +#include <linux/string.h> #include <sound/core.h> #include <sound/tlv.h>
@@ -425,10 +426,9 @@ DECLARE_TLV_DB_SCALE(juli_master_db_scale, -6350, 50, 1); static struct snd_kcontrol *ctl_find(struct snd_card *card, const char *name) {
struct snd_ctl_elem_id sid;
memset(&sid, 0, sizeof(sid));
/* FIXME: strcpy is bad. */
strcpy(sid.name, name);
struct snd_ctl_elem_id sid = {0};
strlcpy(sid.name, name, sizeof(sid.name)); sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER; return snd_ctl_find_id(card, &sid);
} diff --git a/sound/pci/ice1712/quartet.c b/sound/pci/ice1712/quartet.c index d145b5eb7ff86d978d..5bc836241c977feb51 100644 --- a/sound/pci/ice1712/quartet.c +++ b/sound/pci/ice1712/quartet.c @@ -26,6 +26,7 @@ #include <linux/interrupt.h> #include <linux/init.h> #include <linux/slab.h> +#include <linux/string.h> #include <sound/core.h> #include <sound/tlv.h> #include <sound/info.h> @@ -785,10 +786,9 @@ DECLARE_TLV_DB_SCALE(qtet_master_db_scale, -6350, 50, 1); static struct snd_kcontrol *ctl_find(struct snd_card *card, const char *name) {
struct snd_ctl_elem_id sid;
memset(&sid, 0, sizeof(sid));
/* FIXME: strcpy is bad. */
strcpy(sid.name, name);
struct snd_ctl_elem_id sid = {0};
strlcpy(sid.name, name, sizeof(sid.name)); sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER; return snd_ctl_find_id(card, &sid);
}
2.16.2
On Thu, 01 Mar 2018 15:17:07 +0100, Joey Pabalinas wrote:
Replace unsafe usages of strcpy() to copy the name argument into the sid.name buffer with strlcpy() to guard against possible buffer overflows.
Signed-off-by: Joey Pabalinas joeypabalinas@gmail.com Suggested-by: Andy Shevchenko andy.shevchenko@gmail.com
2 files changed, 8 insertions(+), 8 deletions(-)
Thanks, applied now.
Takashi
participants (3)
-
Andy Shevchenko
-
Joey Pabalinas
-
Takashi Iwai