Commit f15be4dc authored by Takashi Iwai's avatar Takashi Iwai
Browse files

ALSA: cmipci: Copy string more safely 



The probe code uses sprintf() and strcat() without caring about the
string buffer size.  Replace with safer code.

Only a cosmetic safety matter, no functional changes intended.

Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Link: https://patch.msgid.link/20250710100727.22653-102-tiwai@suse.de
parent 92635958

sound/pci/cmipci.c

+6 −5
Original line number Diff line number Diff line
@@ -3008,11 +3008,12 @@ static int snd_cmipci_create(struct snd_card *card, struct pci_dev *pci, 
	    pci->device != PCI_DEVICE_ID_CMEDIA_CM8338B)

		query_chip(cm);

	/* added -MCx suffix for chip supporting multi-channels */

	if (cm->can_multi_ch)

		sprintf(cm->card->driver + strlen(cm->card->driver),

	if (cm->can_multi_ch) {

		int l = strlen(cm->card->driver);

		scnprintf(cm->card->driver + l, sizeof(cm->card->driver) - l,

			  "-MC%d", cm->max_channels);

	else if (cm->can_ac3_sw)

		strcpy(cm->card->driver + strlen(cm->card->driver), "-SWIEC");

	} else if (cm->can_ac3_sw)

		strlcat(cm->card->driver, "-SWIEC", sizeof(cm->card->driver));



	cm->dig_status = SNDRV_PCM_DEFAULT_CON_SPDIF;

	cm->dig_pcm_status = SNDRV_PCM_DEFAULT_CON_SPDIF;