| Message ID | 1404590522.6384.62.camel@joe-AO725 (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | d82353e534847732c4665a21e2ea699713a0e5b0 |
| Delegated to: | Takashi Iwai |
| Headers | show |
At Sat, 05 Jul 2014 13:02:02 -0700, Joe Perches wrote: > > print_nid_path has a possible buffer overflow if > struct nid_path.path values are > 256. > > Avoid this and neaten the output to remove the leading ':' > > Neaten debug_badness to always verify arguments. > > Signed-off-by: Joe Perches <joe@perches.com> Thanks, applied. Although the overflow would never happen in practice (the id can't be over 8 bit from the definition in the HD-audio controller side), it's still better to have a proper check. Takashi > --- > sound/pci/hda/hda_generic.c | 20 +++++++++++--------- > 1 file changed, 11 insertions(+), 9 deletions(-) > > diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c > index 589e47c..b293583 100644 > --- a/sound/pci/hda/hda_generic.c > +++ b/sound/pci/hda/hda_generic.c > @@ -350,16 +350,16 @@ static void print_nid_path(struct hda_codec *codec, > const char *pfx, struct nid_path *path) > { > char buf[40]; > + char *pos = buf; > int i; > > + *pos = 0; > + for (i = 0; i < path->depth; i++) > + pos += scnprintf(pos, sizeof(buf) - (pos - buf), "%s%02x", > + pos != buf ? ":" : "", > + path->path[i]); > > - buf[0] = 0; > - for (i = 0; i < path->depth; i++) { > - char tmp[4]; > - sprintf(tmp, ":%02x", path->path[i]); > - strlcat(buf, tmp, sizeof(buf)); > - } > - codec_dbg(codec, "%s path: depth=%d %s\n", pfx, path->depth, buf); > + codec_dbg(codec, "%s path: depth=%d '%s'\n", pfx, path->depth, buf); > } > > /* called recursively */ > @@ -1700,9 +1700,11 @@ static int fill_and_eval_dacs(struct hda_codec *codec, > #define DEBUG_BADNESS > > #ifdef DEBUG_BADNESS > -#define debug_badness(fmt, args...) codec_dbg(codec, fmt, ##args) > +#define debug_badness(fmt, ...) \ > + codec_dbg(codec, fmt, ##__VA_ARGS__) > #else > -#define debug_badness(...) > +#define debug_badness(fmt, ...) \ > + do { if (0) codec_dbg(codec, fmt, ##__VA_ARGS__); } while (0) > #endif > > #ifdef DEBUG_BADNESS > >
diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c index 589e47c..b293583 100644 --- a/sound/pci/hda/hda_generic.c +++ b/sound/pci/hda/hda_generic.c @@ -350,16 +350,16 @@ static void print_nid_path(struct hda_codec *codec, const char *pfx, struct nid_path *path) { char buf[40]; + char *pos = buf; int i; + *pos = 0; + for (i = 0; i < path->depth; i++) + pos += scnprintf(pos, sizeof(buf) - (pos - buf), "%s%02x", + pos != buf ? ":" : "", + path->path[i]); - buf[0] = 0; - for (i = 0; i < path->depth; i++) { - char tmp[4]; - sprintf(tmp, ":%02x", path->path[i]); - strlcat(buf, tmp, sizeof(buf)); - } - codec_dbg(codec, "%s path: depth=%d %s\n", pfx, path->depth, buf); + codec_dbg(codec, "%s path: depth=%d '%s'\n", pfx, path->depth, buf); } /* called recursively */ @@ -1700,9 +1700,11 @@ static int fill_and_eval_dacs(struct hda_codec *codec, #define DEBUG_BADNESS #ifdef DEBUG_BADNESS -#define debug_badness(fmt, args...) codec_dbg(codec, fmt, ##args) +#define debug_badness(fmt, ...) \ + codec_dbg(codec, fmt, ##__VA_ARGS__) #else -#define debug_badness(...) +#define debug_badness(fmt, ...) \ + do { if (0) codec_dbg(codec, fmt, ##__VA_ARGS__); } while (0) #endif #ifdef DEBUG_BADNESS
print_nid_path has a possible buffer overflow if struct nid_path.path values are > 256. Avoid this and neaten the output to remove the leading ':' Neaten debug_badness to always verify arguments. Signed-off-by: Joe Perches <joe@perches.com> --- sound/pci/hda/hda_generic.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-)