Commit d0c9abb8 authored by Takashi Iwai's avatar Takashi Iwai Committed by Mark Brown

ASoC: pcm: Fix (again) possible buffer overflow in dpcm state sysfs output

This is re-applying the fix that went into 5.6 (commit 6c89ffea)
as the changes were wiped out after merging the other code
refactoring.  Basically the same changes, just replacing the
suspicious calls of snprintf() with scnprintf().
Signed-off-by: default avatarTakashi Iwai <tiwai@suse.de>
Link: https://lore.kernel.org/r/20200310163625.10838-1-tiwai@suse.deSigned-off-by: default avatarMark Brown <broonie@kernel.org>
parent c23f0444
...@@ -66,16 +66,16 @@ static ssize_t dpcm_show_state(struct snd_soc_pcm_runtime *fe, ...@@ -66,16 +66,16 @@ static ssize_t dpcm_show_state(struct snd_soc_pcm_runtime *fe,
unsigned long flags; unsigned long flags;
/* FE state */ /* FE state */
offset += snprintf(buf + offset, size - offset, offset += scnprintf(buf + offset, size - offset,
"[%s - %s]\n", fe->dai_link->name, "[%s - %s]\n", fe->dai_link->name,
stream ? "Capture" : "Playback"); stream ? "Capture" : "Playback");
offset += snprintf(buf + offset, size - offset, "State: %s\n", offset += scnprintf(buf + offset, size - offset, "State: %s\n",
dpcm_state_string(fe->dpcm[stream].state)); dpcm_state_string(fe->dpcm[stream].state));
if ((fe->dpcm[stream].state >= SND_SOC_DPCM_STATE_HW_PARAMS) && if ((fe->dpcm[stream].state >= SND_SOC_DPCM_STATE_HW_PARAMS) &&
(fe->dpcm[stream].state <= SND_SOC_DPCM_STATE_STOP)) (fe->dpcm[stream].state <= SND_SOC_DPCM_STATE_STOP))
offset += snprintf(buf + offset, size - offset, offset += scnprintf(buf + offset, size - offset,
"Hardware Params: " "Hardware Params: "
"Format = %s, Channels = %d, Rate = %d\n", "Format = %s, Channels = %d, Rate = %d\n",
snd_pcm_format_name(params_format(params)), snd_pcm_format_name(params_format(params)),
...@@ -83,10 +83,10 @@ static ssize_t dpcm_show_state(struct snd_soc_pcm_runtime *fe, ...@@ -83,10 +83,10 @@ static ssize_t dpcm_show_state(struct snd_soc_pcm_runtime *fe,
params_rate(params)); params_rate(params));
/* BEs state */ /* BEs state */
offset += snprintf(buf + offset, size - offset, "Backends:\n"); offset += scnprintf(buf + offset, size - offset, "Backends:\n");
if (list_empty(&fe->dpcm[stream].be_clients)) { if (list_empty(&fe->dpcm[stream].be_clients)) {
offset += snprintf(buf + offset, size - offset, offset += scnprintf(buf + offset, size - offset,
" No active DSP links\n"); " No active DSP links\n");
goto out; goto out;
} }
...@@ -96,16 +96,16 @@ static ssize_t dpcm_show_state(struct snd_soc_pcm_runtime *fe, ...@@ -96,16 +96,16 @@ static ssize_t dpcm_show_state(struct snd_soc_pcm_runtime *fe,
struct snd_soc_pcm_runtime *be = dpcm->be; struct snd_soc_pcm_runtime *be = dpcm->be;
params = &dpcm->hw_params; params = &dpcm->hw_params;
offset += snprintf(buf + offset, size - offset, offset += scnprintf(buf + offset, size - offset,
"- %s\n", be->dai_link->name); "- %s\n", be->dai_link->name);
offset += snprintf(buf + offset, size - offset, offset += scnprintf(buf + offset, size - offset,
" State: %s\n", " State: %s\n",
dpcm_state_string(be->dpcm[stream].state)); dpcm_state_string(be->dpcm[stream].state));
if ((be->dpcm[stream].state >= SND_SOC_DPCM_STATE_HW_PARAMS) && if ((be->dpcm[stream].state >= SND_SOC_DPCM_STATE_HW_PARAMS) &&
(be->dpcm[stream].state <= SND_SOC_DPCM_STATE_STOP)) (be->dpcm[stream].state <= SND_SOC_DPCM_STATE_STOP))
offset += snprintf(buf + offset, size - offset, offset += scnprintf(buf + offset, size - offset,
" Hardware Params: " " Hardware Params: "
"Format = %s, Channels = %d, Rate = %d\n", "Format = %s, Channels = %d, Rate = %d\n",
snd_pcm_format_name(params_format(params)), snd_pcm_format_name(params_format(params)),
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment