ALSA: cmipci: Copy string more safely

The probe code uses sprintf() and strcat() without caring about the
string buffer size.  Replace with safer code.

Only a cosmetic safety matter, no functional changes intended.

Signed-off-by: Takashi Iwai <tiwai@suse.de>
Link: https://patch.msgid.link/20250710100727.22653-102-tiwai@suse.de

diff --git a/sound/pci/cmipci.c b/sound/pci/cmipci.c
index 9056214e9cdae54b5995f8655a9d13bf101372dc..c4ee550d7c96cca118cae70411084504843dc91f 100644 (file)
--- a/sound/pci/cmipci.c
+++ b/sound/pci/cmipci.c
@@ -3008,11 +3008,12 @@ static int snd_cmipci_create(struct snd_card *card, struct pci_dev *pci,
            pci->device != PCI_DEVICE_ID_CMEDIA_CM8338B)
                query_chip(cm);
        /* added -MCx suffix for chip supporting multi-channels */
-       if (cm->can_multi_ch)
-               sprintf(cm->card->driver + strlen(cm->card->driver),
-                       "-MC%d", cm->max_channels);
-       else if (cm->can_ac3_sw)
-               strcpy(cm->card->driver + strlen(cm->card->driver), "-SWIEC");
+       if (cm->can_multi_ch) {
+               int l = strlen(cm->card->driver);
+               scnprintf(cm->card->driver + l, sizeof(cm->card->driver) - l,
+                         "-MC%d", cm->max_channels);
+       } else if (cm->can_ac3_sw)
+               strlcat(cm->card->driver, "-SWIEC", sizeof(cm->card->driver));
 
        cm->dig_status = SNDRV_PCM_DEFAULT_CON_SPDIF;
        cm->dig_pcm_status = SNDRV_PCM_DEFAULT_CON_SPDIF;