ALSA: cmipci: Copy string more safely

The probe code uses sprintf() and strcat() without caring about the string buffer size. Replace with safer code. Only a cosmetic safety matter, no functional changes intended. Signed-off-by: Takashi Iwai <tiwai@suse.de> Link: https://patch.msgid.link/20250710100727.22653-102-tiwai@suse.de
2025-12-27 11:06:41 -05:00 · 2025-07-10 12:07:23 +02:00
parent 9263595881
commit f15be4dca2
1 changed files with 6 additions and 5 deletions
--- a/sound/pci/cmipci.c
+++ b/sound/pci/cmipci.c
@@ -3008,11 +3008,12 @@ static int snd_cmipci_create(struct snd_card *card, struct pci_dev *pci,
 	    pci->device != PCI_DEVICE_ID_CMEDIA_CM8338B)
 		query_chip(cm);
 	/* added -MCx suffix for chip supporting multi-channels */
-	if (cm->can_multi_ch)
-		sprintf(cm->card->driver + strlen(cm->card->driver),
-			"-MC%d", cm->max_channels);
-	else if (cm->can_ac3_sw)
-		strcpy(cm->card->driver + strlen(cm->card->driver), "-SWIEC");
+	if (cm->can_multi_ch) {
+		int l = strlen(cm->card->driver);
+		scnprintf(cm->card->driver + l, sizeof(cm->card->driver) - l,
+			  "-MC%d", cm->max_channels);
+	} else if (cm->can_ac3_sw)
+		strlcat(cm->card->driver, "-SWIEC", sizeof(cm->card->driver));

 	cm->dig_status = SNDRV_PCM_DEFAULT_CON_SPDIF;
 	cm->dig_pcm_status = SNDRV_PCM_DEFAULT_CON_SPDIF;