From: Takashi Iwai Date: Thu, 10 Jul 2025 10:07:25 +0000 (+0200) Subject: ALSA: core: Copy string more safely X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bee60f019606827363d7e355b2e859e29e928c3a;p=thirdparty%2Fkernel%2Flinux.git ALSA: core: Copy string more safely Replace the remaining strcpy() and sprintf() usages in the ALSA core code with the safer versions. The first strcpy() points actually to card->id, hence just use strscpy() with card->id instead. The append of suffix string is slightly rewritten so that we can use scnprintf() and strscpy(). Only for safety, no actual behavior change. Signed-off-by: Takashi Iwai Link: https://patch.msgid.link/20250710100727.22653-104-tiwai@suse.de --- diff --git a/sound/core/init.c b/sound/core/init.c index 114fb87de990e..c372b3228785e 100644 --- a/sound/core/init.c +++ b/sound/core/init.c @@ -723,27 +723,25 @@ static void snd_card_set_id_no_lock(struct snd_card *card, const char *src, * ("card" conflicts with proc directories) */ if (!*id || !strncmp(id, "card", 4)) { - strcpy(id, "Default"); + strscpy(card->id, "Default"); is_default = true; } len = strlen(id); for (loops = 0; loops < SNDRV_CARDS; loops++) { - char *spos; char sfxstr[5]; /* "_012" */ - int sfxlen; + int sfxlen, slen; if (card_id_ok(card, id)) return; /* OK */ /* Add _XYZ suffix */ - sprintf(sfxstr, "_%X", loops + 1); - sfxlen = strlen(sfxstr); + sfxlen = scnprintf(sfxstr, sizeof(sfxstr), "_%X", loops + 1); if (len + sfxlen >= sizeof(card->id)) - spos = id + sizeof(card->id) - sfxlen - 1; + slen = sizeof(card->id) - sfxlen - 1; else - spos = id + len; - strcpy(spos, sfxstr); + slen = len; + strscpy(id + slen, sfxstr, sizeof(card->id) - slen); } /* fallback to the default id */ if (!is_default) { @@ -801,7 +799,7 @@ static ssize_t id_store(struct device *dev, struct device_attribute *attr, guard(mutex)(&snd_card_mutex); if (!card_id_ok(NULL, buf1)) return -EEXIST; - strcpy(card->id, buf1); + strscpy(card->id, buf1); snd_info_card_id_change(card); return count;