ALSA: core: Copy string more safely

Replace the remaining strcpy() and sprintf() usages in the ALSA core
code with the safer versions.

The first strcpy() points actually to card->id, hence just use
strscpy() with card->id instead.

The append of suffix string is slightly rewritten so that we can use
scnprintf() and strscpy().

Only for safety, no actual behavior change.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://patch.msgid.link/20250710100727.22653-104-tiwai@suse.de

diff --git a/sound/core/init.c b/sound/core/init.c
index 114fb87de990e70c90e427fc299e933a37b2d73b..c372b3228785e755fb1f43b1b50fb82f13d88dd3 100644 (file)
--- a/sound/core/init.c
+++ b/sound/core/init.c
@@ -723,27 +723,25 @@ static void snd_card_set_id_no_lock(struct snd_card *card, const char *src,
         * ("card" conflicts with proc directories)
         */
        if (!*id || !strncmp(id, "card", 4)) {
-               strcpy(id, "Default");
+               strscpy(card->id, "Default");
                is_default = true;
        }
 
        len = strlen(id);
        for (loops = 0; loops < SNDRV_CARDS; loops++) {
-               char *spos;
                char sfxstr[5]; /* "_012" */
-               int sfxlen;
+               int sfxlen, slen;
 
                if (card_id_ok(card, id))
                        return; /* OK */
 
                /* Add _XYZ suffix */
-               sprintf(sfxstr, "_%X", loops + 1);
-               sfxlen = strlen(sfxstr);
+               sfxlen = scnprintf(sfxstr, sizeof(sfxstr), "_%X", loops + 1);
                if (len + sfxlen >= sizeof(card->id))
-                       spos = id + sizeof(card->id) - sfxlen - 1;
+                       slen = sizeof(card->id) - sfxlen - 1;
                else
-                       spos = id + len;
-               strcpy(spos, sfxstr);
+                       slen = len;
+               strscpy(id + slen, sfxstr, sizeof(card->id) - slen);
        }
        /* fallback to the default id */
        if (!is_default) {
@@ -801,7 +799,7 @@ static ssize_t id_store(struct device *dev, struct device_attribute *attr,
        guard(mutex)(&snd_card_mutex);
        if (!card_id_ok(NULL, buf1))
                return -EEXIST;
-       strcpy(card->id, buf1);
+       strscpy(card->id, buf1);
        snd_info_card_id_change(card);
 
        return count;