From: Arnd Bergmann <arnd@arndb.de>
To: Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
Arnd Bergmann <arnd@arndb.de>
Cc: Takashi Sakamoto <o-takashi@sakamocchi.jp>,
Julia Lawall <Julia.Lawall@lip6.fr>,
Colin Ian King <colin.king@canonical.com>,
alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org
Subject: [PATCH v2 6/7] ALSA: rme9652: fix format overflow warnings
Date: Tue, 18 Jul 2017 13:48:09 +0200 [thread overview]
Message-ID: <20170718114820.3681255-6-arnd@arndb.de> (raw)
In-Reply-To: <20170718114820.3681255-1-arnd@arndb.de>
gcc-7 warns about a possible sprintf format string overflow with a
temporary buffer that is used to print from another buffer of the same
size:
sound/pci/rme9652/hdspm.c: In function 'snd_hdspm_create_alsa_devices':
sound/pci/rme9652/hdspm.c:2123:17: error: ' MIDIoverMADI' directive writing 13 bytes into a region of size between 1 and 32 [-Werror=format-overflow=]
This extends the temporary buffer to twice the size, and changes
the code to use the safer snprintf() across the entire file.
The longer buffer is still necessary to avoid a format-truncation
warning.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
sound/pci/rme9652/hdspm.c | 48 +++++++++++++++++++++++++++--------------------
1 file changed, 28 insertions(+), 20 deletions(-)
diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c
index 254c3d040118..2a3a916e5d15 100644
--- a/sound/pci/rme9652/hdspm.c
+++ b/sound/pci/rme9652/hdspm.c
@@ -2061,7 +2061,7 @@ static int snd_hdspm_create_midi(struct snd_card *card,
struct hdspm *hdspm, int id)
{
int err;
- char buf[32];
+ char buf[64];
hdspm->midi[id].id = id;
hdspm->midi[id].hdspm = hdspm;
@@ -2120,19 +2120,23 @@ static int snd_hdspm_create_midi(struct snd_card *card,
if ((id < 2) || ((2 == id) && ((MADI == hdspm->io_type) ||
(MADIface == hdspm->io_type)))) {
if ((id == 0) && (MADIface == hdspm->io_type)) {
- sprintf(buf, "%s MIDIoverMADI", card->shortname);
+ snprintf(buf, sizeof(buf), "%s MIDIoverMADI",
+ card->shortname);
} else if ((id == 2) && (MADI == hdspm->io_type)) {
- sprintf(buf, "%s MIDIoverMADI", card->shortname);
+ snprintf(buf, sizeof(buf), "%s MIDIoverMADI",
+ card->shortname);
} else {
- sprintf(buf, "%s MIDI %d", card->shortname, id+1);
+ snprintf(buf, sizeof(buf), "%s MIDI %d",
+ card->shortname, id+1);
}
err = snd_rawmidi_new(card, buf, id, 1, 1,
&hdspm->midi[id].rmidi);
if (err < 0)
return err;
- sprintf(hdspm->midi[id].rmidi->name, "%s MIDI %d",
- card->id, id+1);
+ snprintf(hdspm->midi[id].rmidi->name,
+ sizeof(hdspm->midi[id].rmidi->name),
+ "%s MIDI %d", card->id, id+1);
hdspm->midi[id].rmidi->private_data = &hdspm->midi[id];
snd_rawmidi_set_ops(hdspm->midi[id].rmidi,
@@ -2148,14 +2152,16 @@ static int snd_hdspm_create_midi(struct snd_card *card,
SNDRV_RAWMIDI_INFO_DUPLEX;
} else {
/* TCO MTC, read only */
- sprintf(buf, "%s MTC %d", card->shortname, id+1);
+ snprintf(buf, sizeof(buf), "%s MTC %d",
+ card->shortname, id+1);
err = snd_rawmidi_new(card, buf, id, 1, 1,
&hdspm->midi[id].rmidi);
if (err < 0)
return err;
- sprintf(hdspm->midi[id].rmidi->name,
- "%s MTC %d", card->id, id+1);
+ snprintf(hdspm->midi[id].rmidi->name,
+ sizeof(hdspm->midi[id].rmidi->name),
+ "%s MTC %d", card->id, id+1);
hdspm->midi[id].rmidi->private_data = &hdspm->midi[id];
snd_rawmidi_set_ops(hdspm->midi[id].rmidi,
@@ -6869,7 +6875,8 @@ static int snd_hdspm_create(struct snd_card *card,
* when running with multiple cards.
*/
if (NULL == id[hdspm->dev] && hdspm->serial != 0xFFFFFF) {
- sprintf(card->id, "HDSPMx%06x", hdspm->serial);
+ snprintf(card->id, sizeof(card->id),
+ "HDSPMx%06x", hdspm->serial);
snd_card_set_id(card, card->id);
}
}
@@ -6954,17 +6961,18 @@ static int snd_hdspm_probe(struct pci_dev *pci,
}
if (hdspm->io_type != MADIface) {
- sprintf(card->shortname, "%s_%x",
- hdspm->card_name,
- hdspm->serial);
- sprintf(card->longname, "%s S/N 0x%x at 0x%lx, irq %d",
- hdspm->card_name,
- hdspm->serial,
- hdspm->port, hdspm->irq);
+ snprintf(card->shortname, sizeof(card->shortname), "%s_%x",
+ hdspm->card_name, hdspm->serial);
+ snprintf(card->longname, sizeof(card->longname),
+ "%s S/N 0x%x at 0x%lx, irq %d",
+ hdspm->card_name, hdspm->serial,
+ hdspm->port, hdspm->irq);
} else {
- sprintf(card->shortname, "%s", hdspm->card_name);
- sprintf(card->longname, "%s at 0x%lx, irq %d",
- hdspm->card_name, hdspm->port, hdspm->irq);
+ snprintf(card->shortname, sizeof(card->shortname), "%s",
+ hdspm->card_name);
+ snprintf(card->longname, sizeof(card->longname),
+ "%s at 0x%lx, irq %d",
+ hdspm->card_name, hdspm->port, hdspm->irq);
}
err = snd_card_register(card);
--
2.9.0
WARNING: multiple messages have this Message-ID (diff)
From: Arnd Bergmann <arnd@arndb.de>
To: Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>,
Arnd Bergmann <arnd@arndb.de>
Cc: Julia Lawall <Julia.Lawall@lip6.fr>,
Colin Ian King <colin.king@canonical.com>,
alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org,
Takashi Sakamoto <o-takashi@sakamocchi.jp>
Subject: [PATCH v2 6/7] ALSA: rme9652: fix format overflow warnings
Date: Tue, 18 Jul 2017 13:48:09 +0200 [thread overview]
Message-ID: <20170718114820.3681255-6-arnd@arndb.de> (raw)
In-Reply-To: <20170718114820.3681255-1-arnd@arndb.de>
gcc-7 warns about a possible sprintf format string overflow with a
temporary buffer that is used to print from another buffer of the same
size:
sound/pci/rme9652/hdspm.c: In function 'snd_hdspm_create_alsa_devices':
sound/pci/rme9652/hdspm.c:2123:17: error: ' MIDIoverMADI' directive writing 13 bytes into a region of size between 1 and 32 [-Werror=format-overflow=]
This extends the temporary buffer to twice the size, and changes
the code to use the safer snprintf() across the entire file.
The longer buffer is still necessary to avoid a format-truncation
warning.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
sound/pci/rme9652/hdspm.c | 48 +++++++++++++++++++++++++++--------------------
1 file changed, 28 insertions(+), 20 deletions(-)
diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c
index 254c3d040118..2a3a916e5d15 100644
--- a/sound/pci/rme9652/hdspm.c
+++ b/sound/pci/rme9652/hdspm.c
@@ -2061,7 +2061,7 @@ static int snd_hdspm_create_midi(struct snd_card *card,
struct hdspm *hdspm, int id)
{
int err;
- char buf[32];
+ char buf[64];
hdspm->midi[id].id = id;
hdspm->midi[id].hdspm = hdspm;
@@ -2120,19 +2120,23 @@ static int snd_hdspm_create_midi(struct snd_card *card,
if ((id < 2) || ((2 == id) && ((MADI == hdspm->io_type) ||
(MADIface == hdspm->io_type)))) {
if ((id == 0) && (MADIface == hdspm->io_type)) {
- sprintf(buf, "%s MIDIoverMADI", card->shortname);
+ snprintf(buf, sizeof(buf), "%s MIDIoverMADI",
+ card->shortname);
} else if ((id == 2) && (MADI == hdspm->io_type)) {
- sprintf(buf, "%s MIDIoverMADI", card->shortname);
+ snprintf(buf, sizeof(buf), "%s MIDIoverMADI",
+ card->shortname);
} else {
- sprintf(buf, "%s MIDI %d", card->shortname, id+1);
+ snprintf(buf, sizeof(buf), "%s MIDI %d",
+ card->shortname, id+1);
}
err = snd_rawmidi_new(card, buf, id, 1, 1,
&hdspm->midi[id].rmidi);
if (err < 0)
return err;
- sprintf(hdspm->midi[id].rmidi->name, "%s MIDI %d",
- card->id, id+1);
+ snprintf(hdspm->midi[id].rmidi->name,
+ sizeof(hdspm->midi[id].rmidi->name),
+ "%s MIDI %d", card->id, id+1);
hdspm->midi[id].rmidi->private_data = &hdspm->midi[id];
snd_rawmidi_set_ops(hdspm->midi[id].rmidi,
@@ -2148,14 +2152,16 @@ static int snd_hdspm_create_midi(struct snd_card *card,
SNDRV_RAWMIDI_INFO_DUPLEX;
} else {
/* TCO MTC, read only */
- sprintf(buf, "%s MTC %d", card->shortname, id+1);
+ snprintf(buf, sizeof(buf), "%s MTC %d",
+ card->shortname, id+1);
err = snd_rawmidi_new(card, buf, id, 1, 1,
&hdspm->midi[id].rmidi);
if (err < 0)
return err;
- sprintf(hdspm->midi[id].rmidi->name,
- "%s MTC %d", card->id, id+1);
+ snprintf(hdspm->midi[id].rmidi->name,
+ sizeof(hdspm->midi[id].rmidi->name),
+ "%s MTC %d", card->id, id+1);
hdspm->midi[id].rmidi->private_data = &hdspm->midi[id];
snd_rawmidi_set_ops(hdspm->midi[id].rmidi,
@@ -6869,7 +6875,8 @@ static int snd_hdspm_create(struct snd_card *card,
* when running with multiple cards.
*/
if (NULL == id[hdspm->dev] && hdspm->serial != 0xFFFFFF) {
- sprintf(card->id, "HDSPMx%06x", hdspm->serial);
+ snprintf(card->id, sizeof(card->id),
+ "HDSPMx%06x", hdspm->serial);
snd_card_set_id(card, card->id);
}
}
@@ -6954,17 +6961,18 @@ static int snd_hdspm_probe(struct pci_dev *pci,
}
if (hdspm->io_type != MADIface) {
- sprintf(card->shortname, "%s_%x",
- hdspm->card_name,
- hdspm->serial);
- sprintf(card->longname, "%s S/N 0x%x at 0x%lx, irq %d",
- hdspm->card_name,
- hdspm->serial,
- hdspm->port, hdspm->irq);
+ snprintf(card->shortname, sizeof(card->shortname), "%s_%x",
+ hdspm->card_name, hdspm->serial);
+ snprintf(card->longname, sizeof(card->longname),
+ "%s S/N 0x%x at 0x%lx, irq %d",
+ hdspm->card_name, hdspm->serial,
+ hdspm->port, hdspm->irq);
} else {
- sprintf(card->shortname, "%s", hdspm->card_name);
- sprintf(card->longname, "%s at 0x%lx, irq %d",
- hdspm->card_name, hdspm->port, hdspm->irq);
+ snprintf(card->shortname, sizeof(card->shortname), "%s",
+ hdspm->card_name);
+ snprintf(card->longname, sizeof(card->longname),
+ "%s at 0x%lx, irq %d",
+ hdspm->card_name, hdspm->port, hdspm->irq);
}
err = snd_card_register(card);
--
2.9.0
next prev parent reply other threads:[~2017-07-18 11:51 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-18 11:48 [PATCH v2 1/7] ALSA: als100: fix format string overflow warning Arnd Bergmann
2017-07-18 11:48 ` Arnd Bergmann
2017-07-18 11:48 ` [PATCH v2 2/7] ALSA: cs423x: " Arnd Bergmann
2017-07-18 11:48 ` Arnd Bergmann
2017-07-18 11:48 ` [PATCH v2 3/7] ALSA: ad1848: " Arnd Bergmann
2017-07-18 11:48 ` Arnd Bergmann
2017-07-18 11:48 ` [PATCH v2 4/7] ALSA: opti9xx: " Arnd Bergmann
2017-07-18 11:48 ` [PATCH v2 5/7] ALSA: mixart: fix " Arnd Bergmann
2017-07-18 11:48 ` Arnd Bergmann
2017-07-18 11:48 ` Arnd Bergmann [this message]
2017-07-18 11:48 ` [PATCH v2 6/7] ALSA: rme9652: fix format overflow warnings Arnd Bergmann
2017-07-18 11:48 ` [PATCH v2 7/7] ALSA: pcxhr: fix string " Arnd Bergmann
2017-07-18 11:48 ` Arnd Bergmann
2017-07-18 16:00 ` [PATCH v2 1/7] ALSA: als100: fix format string overflow warning Takashi Iwai
2017-07-18 16:00 ` Takashi Iwai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170718114820.3681255-6-arnd@arndb.de \
--to=arnd@arndb.de \
--cc=Julia.Lawall@lip6.fr \
--cc=alsa-devel@alsa-project.org \
--cc=colin.king@canonical.com \
--cc=linux-kernel@vger.kernel.org \
--cc=o-takashi@sakamocchi.jp \
--cc=perex@perex.cz \
--cc=tiwai@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.