Re: [PATCH 1/7] ALSA: asihpi: bound control name formatting

Next message: Daniel Baluta: "Re: [PATCH v2 3/3] remoteproc: imx_rproc: Add support for i.MX94"
Previous message: Daniel Baluta: "Re: [PATCH v2 2/3] remoteproc: imx_rproc: Pass bootaddr to SM CPU/LMM reset vector"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Takashi Iwai

Date: Fri Mar 27 2026 - 05:43:14 EST

On Mon, 23 Mar 2026 08:03:10 +0100,
Pengpeng Hou wrote:
>
> asihpi_ctl_init() builds mixer control names in the fixed 44-byte
> hpi_ctl->name buffer, but it currently does so with sprintf(). Some
> source/destination node names are already long enough that combining both
> endpoints, their indices, the direction prefix, and the control name can
> run past the end of the buffer.

Does it really overflow? IOW, it's just for a defensive programming,
right? Please clarify it, otherwise we'll receive an unnecessary CVE
number judged only from the description.

> Switch the formatting to snprintf() so the driver never writes past the
> ALSA control name storage.

For that purpose, please use scnprintf() instead. snprintf() would
lead to other unnecessary warnings due to the potential overflow when
built with W=1, too.

> @@ -2957,4 +2960,3 @@ static void __exit snd_asihpi_exit(void)
>
> module_init(snd_asihpi_init)
> module_exit(snd_asihpi_exit)
> -

This is unneeded change. Please drop.

thanks,

Takashi