| Message ID | 20230109134724.332868-1-perex@perex.cz (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | ALSA: control-led: use strscpy in set_led_id() | expand |
On 09. 01. 23 14:47, Jaroslav Kysela wrote: > The use of strncpy() in the set_led_id() was incorrect. > The len variable should use 'min(sizeof(buf2) - 1, count)' > expression. > > Use strscpy() function to simplify things and handle the error gracefully. > > Reported-by: yang.yang29@zte.com.cn > BugLink: https://lore.kernel.org/alsa-devel/202301091945513559977@zte.com.cn/ > Cc: <stable@vger.kernel.org> > Signed-off-by: Jaroslav Kysela <perex@perex.cz> > --- > sound/core/control_led.c | 5 ++--- > 1 file changed, 2 insertions(+), 3 deletions(-) > > diff --git a/sound/core/control_led.c b/sound/core/control_led.c > index f975cc85772b..45c8eb5700c1 100644 > --- a/sound/core/control_led.c > +++ b/sound/core/control_led.c > @@ -530,12 +530,11 @@ static ssize_t set_led_id(struct snd_ctl_led_card *led_card, const char *buf, si > bool attach) > { > char buf2[256], *s, *os; > - size_t len = max(sizeof(s) - 1, count); > struct snd_ctl_elem_id id; > int err; > > - strncpy(buf2, buf, len); > - buf2[len] = '\0'; > + if (strscpy(buf2, buf, min(sizeof(buf2), count)) < 0) Please, don't use this version of path (see v2). This min() expression will strip the last char and buf is '\0' terminated. v2: https://lore.kernel.org/alsa-devel/20230109150119.342771-1-perex@perex.cz/ Jaroslav
diff --git a/sound/core/control_led.c b/sound/core/control_led.c index f975cc85772b..45c8eb5700c1 100644 --- a/sound/core/control_led.c +++ b/sound/core/control_led.c @@ -530,12 +530,11 @@ static ssize_t set_led_id(struct snd_ctl_led_card *led_card, const char *buf, si bool attach) { char buf2[256], *s, *os; - size_t len = max(sizeof(s) - 1, count); struct snd_ctl_elem_id id; int err; - strncpy(buf2, buf, len); - buf2[len] = '\0'; + if (strscpy(buf2, buf, min(sizeof(buf2), count)) < 0) + return -E2BIG; memset(&id, 0, sizeof(id)); id.iface = SNDRV_CTL_ELEM_IFACE_MIXER; s = buf2;
The use of strncpy() in the set_led_id() was incorrect. The len variable should use 'min(sizeof(buf2) - 1, count)' expression. Use strscpy() function to simplify things and handle the error gracefully. Reported-by: yang.yang29@zte.com.cn BugLink: https://lore.kernel.org/alsa-devel/202301091945513559977@zte.com.cn/ Cc: <stable@vger.kernel.org> Signed-off-by: Jaroslav Kysela <perex@perex.cz> --- sound/core/control_led.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-)