From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932287AbdGNMPF (ORCPT ); Fri, 14 Jul 2017 08:15:05 -0400 Received: from mout.kundenserver.de ([212.227.17.24]:63997 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932096AbdGNMPB (ORCPT ); Fri, 14 Jul 2017 08:15:01 -0400 From: Arnd Bergmann To: linux-kernel@vger.kernel.org, Jaroslav Kysela , Takashi Iwai Cc: Greg Kroah-Hartman , Linus Torvalds , Guenter Roeck , akpm@linux-foundation.org, netdev@vger.kernel.org, "David S . Miller" , "James E . J . Bottomley" , "Martin K . Petersen" , linux-scsi@vger.kernel.org, x86@kernel.org, Arnd Bergmann , Geliang Tang , Takashi Sakamoto , alsa-devel@alsa-project.org Subject: [PATCH 20/22] sound: pci: avoid string overflow warnings Date: Fri, 14 Jul 2017 14:07:12 +0200 Message-Id: <20170714120720.906842-21-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20170714120720.906842-1-arnd@arndb.de> References: <20170714120720.906842-1-arnd@arndb.de> X-Provags-ID: V03:K0:2a1qiNGsbAz+JEP9EFtVZDTtmPufZMk4TbnjrydLFs5DBmyzI++ tVSQVWwC1ihUgzcq+rp0h/2jLP08DGUN0u0mKtIyAHHmi/Xzmo+w9/7kGFBC12JT9ugaZmF b++HUv1eT11pmrh9yqmF1qpI8XpEQLOrWSTqqhmRZ9kLTUFfcbUUvPiF+f1yLKWgWfxwFja mV0zuljx9d4h3kzL5uyFA== X-UI-Out-Filterresults: notjunk:1;V01:K0:jfugXBTu1WQ=:uNxZb6LTb+ztV3hUL9OUI1 /35GBaaaqtA+sENUWG/ZEksLAlJnBME83K22IiZdFLCh/jfFx/omBhOFqwEauiXO0DPG0+0xa zG4jNkhW13cNPQPM8l9XU0lwbY6f/q3gu8lVmBgBMDz9HyAoBCwLO8z+owvXppuoAAQKddZmY NrHpBoYO4HR7zdig9AIH6rdmsfCiXuFI6Et4r+pk+P1x8FE0tRvsFWorX+Ojr4BQaKVys2EYz Y4fersyf0Ho23KoQumnc+Jwv5KKhT2L7z4ZSojhC+F5Xay0Ic1SsidkSNvbhvpAT97WHebrze Ls8MG2zqfecnVd70dkTvupmEgl0AuTz0kLsRztyMhuEzgifGvA0TwM7HZim3Pbe+NZzFdZ447 +gRfxY4DGLvo5R3IIXslcKb0F0T7/oHdlWtyeDf5rg6g7HTTXFAL7W/OWnaXp0Y/sNA1CJIYI SiR9e0/2Gj3DpaHnsVipj4aVrmHSJE3gNmAvMLQOeBs3gZxD27X143IAKFZFfMGvqVPppNESP RPeBQ4T1RhNZcScybwnC8fvK35vzNaJkivM7DcxUPHrZbPwIJzLAlIWSu3yFB121JnoLNZQx2 8RdJ8FONuqLPN5bnrnXcvnEe3z4h29j7ZcsaDJTTUDocvqo+wm2mik3oy8rWOn/J7TRQMWerO j9kiHEGy4l0AU/fZXPEIr+pTnZGq1HJvwaIH6Bz8yMAi3d2KNAt3aBqE+/1R9U3N8NWaTlsHm q8S+1+vTHE+0RpJwcAtcpKmzf6sjcYYdbW3aaw== Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org With gcc-7, we get various warnings about a possible string overflow: sound/pci/rme9652/hdspm.c: In function 'snd_hdspm_create_alsa_devices': sound/pci/rme9652/hdspm.c:2123:17: error: ' MIDIoverMADI' directive writing 13 bytes into a region of size between 1 and 32 [-Werror=format-overflow=] sound/pci/pcxhr/pcxhr.c: In function 'pcxhr_probe': sound/pci/pcxhr/pcxhr.c:1647:28: error: ' [PCM #' directive writing 7 bytes into a region of size between 1 and 32 [-Werror=format-overflow=] sound/pci/mixart/mixart.c: In function 'snd_mixart_probe': sound/pci/mixart/mixart.c:1353:28: error: ' [PCM #' directive writing 7 bytes into a region of size between 1 and 32 [-Werror=format-overflow=] sprintf(card->shortname, "%s [PCM #%d]", mgr->shortname, i); ^~~~~~~~~~~~~~ sound/pci/mixart/mixart.c:1353:28: note: using the range [-2147483648, 2147483647] for directive argument sound/pci/mixart/mixart.c:1353:3: note: 'sprintf' output between 10 and 51 bytes into a destination of size 32 sprintf(card->shortname, "%s [PCM #%d]", mgr->shortname, i); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sound/pci/mixart/mixart.c:1354:27: error: ' [PCM #' directive writing 7 bytes into a region of size between 1 and 80 [-Werror=format-overflow=] sprintf(card->longname, "%s [PCM #%d]", mgr->longname, i); ^~~~~~~~~~~~~~ sound/pci/mixart/mixart.c:1354:27: note: using the range [-2147483648, 2147483647] for directive argument sound/pci/mixart/mixart.c:1354:3: note: 'sprintf' output between 10 and 99 bytes into a destination of size 80 I have checked these all and found that the driver-private shortname strings for mixart and pcxhr are longer than necessary, and making them shorter will be safe while also making it clear that no overflow can happen when they get passed as a substring into the card shortname. For hdspm, we have a local buffer of the same size as its substring. In this case, making the buffer a little longer is safe as the functions that take it as an argument all use length checking and the strings we pass into it are actually short enough. Signed-off-by: Arnd Bergmann --- sound/pci/mixart/mixart.h | 4 ++-- sound/pci/pcxhr/pcxhr.h | 4 ++-- sound/pci/rme9652/hdspm.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sound/pci/mixart/mixart.h b/sound/pci/mixart/mixart.h index 426743871540..c8309e327663 100644 --- a/sound/pci/mixart/mixart.h +++ b/sound/pci/mixart/mixart.h @@ -75,8 +75,8 @@ struct mixart_mgr { struct mem_area mem[2]; /* share the name */ - char shortname[32]; /* short name of this soundcard */ - char longname[80]; /* name of this soundcard */ + char shortname[16]; /* short name of this soundcard */ + char longname[40]; /* name of this soundcard */ /* one and only blocking message or notification may be pending */ u32 pending_event; diff --git a/sound/pci/pcxhr/pcxhr.h b/sound/pci/pcxhr/pcxhr.h index 9e39e509a3ef..4909a43ce3d9 100644 --- a/sound/pci/pcxhr/pcxhr.h +++ b/sound/pci/pcxhr/pcxhr.h @@ -75,8 +75,8 @@ struct pcxhr_mgr { unsigned long port[3]; /* share the name */ - char shortname[32]; /* short name of this soundcard */ - char longname[96]; /* name of this soundcard */ + char shortname[16]; /* short name of this soundcard */ + char longname[40]; /* name of this soundcard */ struct pcxhr_rmh *prmh; diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c index 254c3d040118..a1cbf5938a0e 100644 --- a/sound/pci/rme9652/hdspm.c +++ b/sound/pci/rme9652/hdspm.c @@ -2061,7 +2061,7 @@ static int snd_hdspm_create_midi(struct snd_card *card, struct hdspm *hdspm, int id) { int err; - char buf[32]; + char buf[64]; hdspm->midi[id].id = id; hdspm->midi[id].hdspm = hdspm; -- 2.9.0 From mboxrd@z Thu Jan 1 00:00:00 1970 From: Arnd Bergmann Subject: [PATCH 20/22] sound: pci: avoid string overflow warnings Date: Fri, 14 Jul 2017 14:07:12 +0200 Message-ID: <20170714120720.906842-21-arnd@arndb.de> References: <20170714120720.906842-1-arnd@arndb.de> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: alsa-devel@alsa-project.org, "James E . J . Bottomley" , linux-scsi@vger.kernel.org, "Martin K . Petersen" , Greg Kroah-Hartman , x86@kernel.org, Takashi Sakamoto , Geliang Tang , Arnd Bergmann , netdev@vger.kernel.org, akpm@linux-foundation.org, Linus Torvalds , "David S . Miller" , Guenter Roeck To: linux-kernel@vger.kernel.org, Jaroslav Kysela , Takashi Iwai Return-path: In-Reply-To: <20170714120720.906842-1-arnd@arndb.de> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: alsa-devel-bounces@alsa-project.org Sender: alsa-devel-bounces@alsa-project.org List-Id: netdev.vger.kernel.org With gcc-7, we get various warnings about a possible string overflow: sound/pci/rme9652/hdspm.c: In function 'snd_hdspm_create_alsa_devices': sound/pci/rme9652/hdspm.c:2123:17: error: ' MIDIoverMADI' directive writing 13 bytes into a region of size between 1 and 32 [-Werror=format-overflow=] sound/pci/pcxhr/pcxhr.c: In function 'pcxhr_probe': sound/pci/pcxhr/pcxhr.c:1647:28: error: ' [PCM #' directive writing 7 bytes into a region of size between 1 and 32 [-Werror=format-overflow=] sound/pci/mixart/mixart.c: In function 'snd_mixart_probe': sound/pci/mixart/mixart.c:1353:28: error: ' [PCM #' directive writing 7 bytes into a region of size between 1 and 32 [-Werror=format-overflow=] sprintf(card->shortname, "%s [PCM #%d]", mgr->shortname, i); ^~~~~~~~~~~~~~ sound/pci/mixart/mixart.c:1353:28: note: using the range [-2147483648, 2147483647] for directive argument sound/pci/mixart/mixart.c:1353:3: note: 'sprintf' output between 10 and 51 bytes into a destination of size 32 sprintf(card->shortname, "%s [PCM #%d]", mgr->shortname, i); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ sound/pci/mixart/mixart.c:1354:27: error: ' [PCM #' directive writing 7 bytes into a region of size between 1 and 80 [-Werror=format-overflow=] sprintf(card->longname, "%s [PCM #%d]", mgr->longname, i); ^~~~~~~~~~~~~~ sound/pci/mixart/mixart.c:1354:27: note: using the range [-2147483648, 2147483647] for directive argument sound/pci/mixart/mixart.c:1354:3: note: 'sprintf' output between 10 and 99 bytes into a destination of size 80 I have checked these all and found that the driver-private shortname strings for mixart and pcxhr are longer than necessary, and making them shorter will be safe while also making it clear that no overflow can happen when they get passed as a substring into the card shortname. For hdspm, we have a local buffer of the same size as its substring. In this case, making the buffer a little longer is safe as the functions that take it as an argument all use length checking and the strings we pass into it are actually short enough. Signed-off-by: Arnd Bergmann --- sound/pci/mixart/mixart.h | 4 ++-- sound/pci/pcxhr/pcxhr.h | 4 ++-- sound/pci/rme9652/hdspm.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sound/pci/mixart/mixart.h b/sound/pci/mixart/mixart.h index 426743871540..c8309e327663 100644 --- a/sound/pci/mixart/mixart.h +++ b/sound/pci/mixart/mixart.h @@ -75,8 +75,8 @@ struct mixart_mgr { struct mem_area mem[2]; /* share the name */ - char shortname[32]; /* short name of this soundcard */ - char longname[80]; /* name of this soundcard */ + char shortname[16]; /* short name of this soundcard */ + char longname[40]; /* name of this soundcard */ /* one and only blocking message or notification may be pending */ u32 pending_event; diff --git a/sound/pci/pcxhr/pcxhr.h b/sound/pci/pcxhr/pcxhr.h index 9e39e509a3ef..4909a43ce3d9 100644 --- a/sound/pci/pcxhr/pcxhr.h +++ b/sound/pci/pcxhr/pcxhr.h @@ -75,8 +75,8 @@ struct pcxhr_mgr { unsigned long port[3]; /* share the name */ - char shortname[32]; /* short name of this soundcard */ - char longname[96]; /* name of this soundcard */ + char shortname[16]; /* short name of this soundcard */ + char longname[40]; /* name of this soundcard */ struct pcxhr_rmh *prmh; diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c index 254c3d040118..a1cbf5938a0e 100644 --- a/sound/pci/rme9652/hdspm.c +++ b/sound/pci/rme9652/hdspm.c @@ -2061,7 +2061,7 @@ static int snd_hdspm_create_midi(struct snd_card *card, struct hdspm *hdspm, int id) { int err; - char buf[32]; + char buf[64]; hdspm->midi[id].id = id; hdspm->midi[id].hdspm = hdspm; -- 2.9.0