From: Arnd Bergmann <arnd@arndb.de> To: Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>, Arnd Bergmann <arnd@arndb.de> Cc: Takashi Sakamoto <o-takashi@sakamocchi.jp>, Julia Lawall <Julia.Lawall@lip6.fr>, Colin Ian King <colin.king@canonical.com>, alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 6/7] ALSA: rme9652: fix format overflow warnings Date: Tue, 18 Jul 2017 13:48:09 +0200 [thread overview] Message-ID: <20170718114820.3681255-6-arnd@arndb.de> (raw) In-Reply-To: <20170718114820.3681255-1-arnd@arndb.de> gcc-7 warns about a possible sprintf format string overflow with a temporary buffer that is used to print from another buffer of the same size: sound/pci/rme9652/hdspm.c: In function 'snd_hdspm_create_alsa_devices': sound/pci/rme9652/hdspm.c:2123:17: error: ' MIDIoverMADI' directive writing 13 bytes into a region of size between 1 and 32 [-Werror=format-overflow=] This extends the temporary buffer to twice the size, and changes the code to use the safer snprintf() across the entire file. The longer buffer is still necessary to avoid a format-truncation warning. Signed-off-by: Arnd Bergmann <arnd@arndb.de> --- sound/pci/rme9652/hdspm.c | 48 +++++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c index 254c3d040118..2a3a916e5d15 100644 --- a/sound/pci/rme9652/hdspm.c +++ b/sound/pci/rme9652/hdspm.c @@ -2061,7 +2061,7 @@ static int snd_hdspm_create_midi(struct snd_card *card, struct hdspm *hdspm, int id) { int err; - char buf[32]; + char buf[64]; hdspm->midi[id].id = id; hdspm->midi[id].hdspm = hdspm; @@ -2120,19 +2120,23 @@ static int snd_hdspm_create_midi(struct snd_card *card, if ((id < 2) || ((2 == id) && ((MADI == hdspm->io_type) || (MADIface == hdspm->io_type)))) { if ((id == 0) && (MADIface == hdspm->io_type)) { - sprintf(buf, "%s MIDIoverMADI", card->shortname); + snprintf(buf, sizeof(buf), "%s MIDIoverMADI", + card->shortname); } else if ((id == 2) && (MADI == hdspm->io_type)) { - sprintf(buf, "%s MIDIoverMADI", card->shortname); + snprintf(buf, sizeof(buf), "%s MIDIoverMADI", + card->shortname); } else { - sprintf(buf, "%s MIDI %d", card->shortname, id+1); + snprintf(buf, sizeof(buf), "%s MIDI %d", + card->shortname, id+1); } err = snd_rawmidi_new(card, buf, id, 1, 1, &hdspm->midi[id].rmidi); if (err < 0) return err; - sprintf(hdspm->midi[id].rmidi->name, "%s MIDI %d", - card->id, id+1); + snprintf(hdspm->midi[id].rmidi->name, + sizeof(hdspm->midi[id].rmidi->name), + "%s MIDI %d", card->id, id+1); hdspm->midi[id].rmidi->private_data = &hdspm->midi[id]; snd_rawmidi_set_ops(hdspm->midi[id].rmidi, @@ -2148,14 +2152,16 @@ static int snd_hdspm_create_midi(struct snd_card *card, SNDRV_RAWMIDI_INFO_DUPLEX; } else { /* TCO MTC, read only */ - sprintf(buf, "%s MTC %d", card->shortname, id+1); + snprintf(buf, sizeof(buf), "%s MTC %d", + card->shortname, id+1); err = snd_rawmidi_new(card, buf, id, 1, 1, &hdspm->midi[id].rmidi); if (err < 0) return err; - sprintf(hdspm->midi[id].rmidi->name, - "%s MTC %d", card->id, id+1); + snprintf(hdspm->midi[id].rmidi->name, + sizeof(hdspm->midi[id].rmidi->name), + "%s MTC %d", card->id, id+1); hdspm->midi[id].rmidi->private_data = &hdspm->midi[id]; snd_rawmidi_set_ops(hdspm->midi[id].rmidi, @@ -6869,7 +6875,8 @@ static int snd_hdspm_create(struct snd_card *card, * when running with multiple cards. */ if (NULL == id[hdspm->dev] && hdspm->serial != 0xFFFFFF) { - sprintf(card->id, "HDSPMx%06x", hdspm->serial); + snprintf(card->id, sizeof(card->id), + "HDSPMx%06x", hdspm->serial); snd_card_set_id(card, card->id); } } @@ -6954,17 +6961,18 @@ static int snd_hdspm_probe(struct pci_dev *pci, } if (hdspm->io_type != MADIface) { - sprintf(card->shortname, "%s_%x", - hdspm->card_name, - hdspm->serial); - sprintf(card->longname, "%s S/N 0x%x at 0x%lx, irq %d", - hdspm->card_name, - hdspm->serial, - hdspm->port, hdspm->irq); + snprintf(card->shortname, sizeof(card->shortname), "%s_%x", + hdspm->card_name, hdspm->serial); + snprintf(card->longname, sizeof(card->longname), + "%s S/N 0x%x at 0x%lx, irq %d", + hdspm->card_name, hdspm->serial, + hdspm->port, hdspm->irq); } else { - sprintf(card->shortname, "%s", hdspm->card_name); - sprintf(card->longname, "%s at 0x%lx, irq %d", - hdspm->card_name, hdspm->port, hdspm->irq); + snprintf(card->shortname, sizeof(card->shortname), "%s", + hdspm->card_name); + snprintf(card->longname, sizeof(card->longname), + "%s at 0x%lx, irq %d", + hdspm->card_name, hdspm->port, hdspm->irq); } err = snd_card_register(card); -- 2.9.0
WARNING: multiple messages have this Message-ID (diff)
From: Arnd Bergmann <arnd@arndb.de> To: Jaroslav Kysela <perex@perex.cz>, Takashi Iwai <tiwai@suse.com>, Arnd Bergmann <arnd@arndb.de> Cc: Julia Lawall <Julia.Lawall@lip6.fr>, Colin Ian King <colin.king@canonical.com>, alsa-devel@alsa-project.org, linux-kernel@vger.kernel.org, Takashi Sakamoto <o-takashi@sakamocchi.jp> Subject: [PATCH v2 6/7] ALSA: rme9652: fix format overflow warnings Date: Tue, 18 Jul 2017 13:48:09 +0200 [thread overview] Message-ID: <20170718114820.3681255-6-arnd@arndb.de> (raw) In-Reply-To: <20170718114820.3681255-1-arnd@arndb.de> gcc-7 warns about a possible sprintf format string overflow with a temporary buffer that is used to print from another buffer of the same size: sound/pci/rme9652/hdspm.c: In function 'snd_hdspm_create_alsa_devices': sound/pci/rme9652/hdspm.c:2123:17: error: ' MIDIoverMADI' directive writing 13 bytes into a region of size between 1 and 32 [-Werror=format-overflow=] This extends the temporary buffer to twice the size, and changes the code to use the safer snprintf() across the entire file. The longer buffer is still necessary to avoid a format-truncation warning. Signed-off-by: Arnd Bergmann <arnd@arndb.de> --- sound/pci/rme9652/hdspm.c | 48 +++++++++++++++++++++++++++-------------------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/sound/pci/rme9652/hdspm.c b/sound/pci/rme9652/hdspm.c index 254c3d040118..2a3a916e5d15 100644 --- a/sound/pci/rme9652/hdspm.c +++ b/sound/pci/rme9652/hdspm.c @@ -2061,7 +2061,7 @@ static int snd_hdspm_create_midi(struct snd_card *card, struct hdspm *hdspm, int id) { int err; - char buf[32]; + char buf[64]; hdspm->midi[id].id = id; hdspm->midi[id].hdspm = hdspm; @@ -2120,19 +2120,23 @@ static int snd_hdspm_create_midi(struct snd_card *card, if ((id < 2) || ((2 == id) && ((MADI == hdspm->io_type) || (MADIface == hdspm->io_type)))) { if ((id == 0) && (MADIface == hdspm->io_type)) { - sprintf(buf, "%s MIDIoverMADI", card->shortname); + snprintf(buf, sizeof(buf), "%s MIDIoverMADI", + card->shortname); } else if ((id == 2) && (MADI == hdspm->io_type)) { - sprintf(buf, "%s MIDIoverMADI", card->shortname); + snprintf(buf, sizeof(buf), "%s MIDIoverMADI", + card->shortname); } else { - sprintf(buf, "%s MIDI %d", card->shortname, id+1); + snprintf(buf, sizeof(buf), "%s MIDI %d", + card->shortname, id+1); } err = snd_rawmidi_new(card, buf, id, 1, 1, &hdspm->midi[id].rmidi); if (err < 0) return err; - sprintf(hdspm->midi[id].rmidi->name, "%s MIDI %d", - card->id, id+1); + snprintf(hdspm->midi[id].rmidi->name, + sizeof(hdspm->midi[id].rmidi->name), + "%s MIDI %d", card->id, id+1); hdspm->midi[id].rmidi->private_data = &hdspm->midi[id]; snd_rawmidi_set_ops(hdspm->midi[id].rmidi, @@ -2148,14 +2152,16 @@ static int snd_hdspm_create_midi(struct snd_card *card, SNDRV_RAWMIDI_INFO_DUPLEX; } else { /* TCO MTC, read only */ - sprintf(buf, "%s MTC %d", card->shortname, id+1); + snprintf(buf, sizeof(buf), "%s MTC %d", + card->shortname, id+1); err = snd_rawmidi_new(card, buf, id, 1, 1, &hdspm->midi[id].rmidi); if (err < 0) return err; - sprintf(hdspm->midi[id].rmidi->name, - "%s MTC %d", card->id, id+1); + snprintf(hdspm->midi[id].rmidi->name, + sizeof(hdspm->midi[id].rmidi->name), + "%s MTC %d", card->id, id+1); hdspm->midi[id].rmidi->private_data = &hdspm->midi[id]; snd_rawmidi_set_ops(hdspm->midi[id].rmidi, @@ -6869,7 +6875,8 @@ static int snd_hdspm_create(struct snd_card *card, * when running with multiple cards. */ if (NULL == id[hdspm->dev] && hdspm->serial != 0xFFFFFF) { - sprintf(card->id, "HDSPMx%06x", hdspm->serial); + snprintf(card->id, sizeof(card->id), + "HDSPMx%06x", hdspm->serial); snd_card_set_id(card, card->id); } } @@ -6954,17 +6961,18 @@ static int snd_hdspm_probe(struct pci_dev *pci, } if (hdspm->io_type != MADIface) { - sprintf(card->shortname, "%s_%x", - hdspm->card_name, - hdspm->serial); - sprintf(card->longname, "%s S/N 0x%x at 0x%lx, irq %d", - hdspm->card_name, - hdspm->serial, - hdspm->port, hdspm->irq); + snprintf(card->shortname, sizeof(card->shortname), "%s_%x", + hdspm->card_name, hdspm->serial); + snprintf(card->longname, sizeof(card->longname), + "%s S/N 0x%x at 0x%lx, irq %d", + hdspm->card_name, hdspm->serial, + hdspm->port, hdspm->irq); } else { - sprintf(card->shortname, "%s", hdspm->card_name); - sprintf(card->longname, "%s at 0x%lx, irq %d", - hdspm->card_name, hdspm->port, hdspm->irq); + snprintf(card->shortname, sizeof(card->shortname), "%s", + hdspm->card_name); + snprintf(card->longname, sizeof(card->longname), + "%s at 0x%lx, irq %d", + hdspm->card_name, hdspm->port, hdspm->irq); } err = snd_card_register(card); -- 2.9.0
next prev parent reply other threads:[~2017-07-18 11:51 UTC|newest] Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-07-18 11:48 [PATCH v2 1/7] ALSA: als100: fix format string overflow warning Arnd Bergmann 2017-07-18 11:48 ` Arnd Bergmann 2017-07-18 11:48 ` [PATCH v2 2/7] ALSA: cs423x: " Arnd Bergmann 2017-07-18 11:48 ` Arnd Bergmann 2017-07-18 11:48 ` [PATCH v2 3/7] ALSA: ad1848: " Arnd Bergmann 2017-07-18 11:48 ` Arnd Bergmann 2017-07-18 11:48 ` [PATCH v2 4/7] ALSA: opti9xx: " Arnd Bergmann 2017-07-18 11:48 ` [PATCH v2 5/7] ALSA: mixart: fix " Arnd Bergmann 2017-07-18 11:48 ` Arnd Bergmann 2017-07-18 11:48 ` Arnd Bergmann [this message] 2017-07-18 11:48 ` [PATCH v2 6/7] ALSA: rme9652: fix format overflow warnings Arnd Bergmann 2017-07-18 11:48 ` [PATCH v2 7/7] ALSA: pcxhr: fix string " Arnd Bergmann 2017-07-18 11:48 ` Arnd Bergmann 2017-07-18 16:00 ` [PATCH v2 1/7] ALSA: als100: fix format string overflow warning Takashi Iwai 2017-07-18 16:00 ` Takashi Iwai
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20170718114820.3681255-6-arnd@arndb.de \ --to=arnd@arndb.de \ --cc=Julia.Lawall@lip6.fr \ --cc=alsa-devel@alsa-project.org \ --cc=colin.king@canonical.com \ --cc=linux-kernel@vger.kernel.org \ --cc=o-takashi@sakamocchi.jp \ --cc=perex@perex.cz \ --cc=tiwai@suse.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.