[PATCH v3] ASoC: codecs: fs210x: fix possible buffer overflow

Next message: Krzysztof Kozlowski: "Re: [PATCH v1 2/2] ASoC: Use named initializers for arrays of i2c_device_data"
Previous message: Dave Hansen: "Re: [PATCH v4 06/21] x86/fpu: Ignore APX when copying from/to guest FPU"
Next in thread: Mark Brown: "Re: [PATCH v3] ASoC: codecs: fs210x: fix possible buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexander A. Klimov

Date: Wed May 13 2026 - 15:18:17 EST

In fs210x_effect_scene_info(), a string was copied like this:

strscpy(DST, SRC, strlen(SRC) + 1);

A buffer overflow would happen if strlen(SRC) >= sizeof(DST).
Actually, strscpy() must be used this way:

strscpy(DST, SRC, sizeof(DST));
strscpy(DST, SRC); // defaults to sizeof(DST)

Fixes: 756117701779 ("ASoC: codecs: Add FourSemi FS2104/5S audio amplifier driver")
Signed-off-by: Alexander A. Klimov <grandmaster@xxxxxxxxxxxx>
---
v2: fixed off-by-one in pseudo code in commit message
v3: switched my mail client, so that the diff should apply now (fucking Thunderbird fucking trims fucking whitespace from my fucking patches so I had to fucking switch to fucking git-send-email(1))

sound/soc/codecs/fs210x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/soc/codecs/fs210x.c b/sound/soc/codecs/fs210x.c
index e6195b71adad..eda716f817b5 100644
--- a/sound/soc/codecs/fs210x.c
+++ b/sound/soc/codecs/fs210x.c
@@ -968,7 +968,7 @@ static int fs210x_effect_scene_info(struct snd_kcontrol *kcontrol,
if (scene->name)
name = scene->name;

- strscpy(uinfo->value.enumerated.name, name, strlen(name) + 1);
+ strscpy(uinfo->value.enumerated.name, name);

return 0;
}
--
2.54.0