From: wangdicheng Date: Wed, 3 Jun 2026 09:11:00 +0000 (+0800) Subject: ALSA: usb-audio: qcom: Use snprintf for mixer control name formatting X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=537153aaafa94efe77efd566eada7dbab9fb76dd;p=thirdparty%2Flinux.git ALSA: usb-audio: qcom: Use snprintf for mixer control name formatting The current code uses sprintf() to format control names without bounds checking, which could lead to buffer overflow if PCM index is large. Replace sprintf with snprintf to ensure buffer safety. The ctl_name buffer is 48 bytes, and the formatted string could exceed this with large PCM index values. Using snprintf with sizeof(ctl_name) prevents potential buffer overflow. Signed-off-by: wangdicheng Signed-off-by: Takashi Iwai Link: https://patch.msgid.link/20260603091102.231370-2-wangdich9700@163.com --- diff --git a/sound/usb/qcom/mixer_usb_offload.c b/sound/usb/qcom/mixer_usb_offload.c index 2adeb64f4d33..48e55d5872d5 100644 --- a/sound/usb/qcom/mixer_usb_offload.c +++ b/sound/usb/qcom/mixer_usb_offload.c @@ -128,7 +128,7 @@ int snd_usb_offload_create_ctl(struct snd_usb_audio *chip, struct device *bedev) */ chip_kctl->private_value = as->pcm_index | chip->card->number << 16; - sprintf(ctl_name, "USB Offload Playback Card Route PCM#%d", + snprintf(ctl_name, sizeof(ctl_name), "USB Offload Playback Card Route PCM#%d", as->pcm_index); chip_kctl->name = ctl_name; ret = snd_ctl_add(chip->card, snd_ctl_new1(chip_kctl, bedev)); @@ -143,7 +143,7 @@ int snd_usb_offload_create_ctl(struct snd_usb_audio *chip, struct device *bedev) */ chip_kctl->private_value = as->pcm_index | chip->card->number << 16; - sprintf(ctl_name, "USB Offload Playback PCM Route PCM#%d", + snprintf(ctl_name, sizeof(ctl_name), "USB Offload Playback PCM Route PCM#%d", as->pcm_index); chip_kctl->name = ctl_name; ret = snd_ctl_add(chip->card, snd_ctl_new1(chip_kctl, bedev));