On Thu, Mar 1, 2018 at 1:45 PM, Joey Pabalinas <joeypabalinas@xxxxxxxxx> wrote:
> Replace unsafe uses of strcpy() to copy the name
> argument into the sid.name buffer with scnprintf()
> to guard against possible buffer overflows.
> - struct snd_ctl_elem_id sid;
> - memset(&sid, 0, sizeof(sid));
> - /* FIXME: strcpy is bad. */
> - strcpy(sid.name, name);
> + struct snd_ctl_elem_id sid = {0};
> +
> + scnprintf(sid.name, sizeof(sid.name), "%s", name);
So, why not just use strlcpy()?
scnprintf() here adds an overhead for no benefit.
> sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
> return snd_ctl_find_id(card, &sid);
> - struct snd_ctl_elem_id sid;
> - memset(&sid, 0, sizeof(sid));
> - /* FIXME: strcpy is bad. */
> - strcpy(sid.name, name);
> + struct snd_ctl_elem_id sid = {0};
> +
> + scnprintf(sid.name, sizeof(sid.name), "%s", name);
> sid.iface = SNDRV_CTL_ELEM_IFACE_MIXER;
> return snd_ctl_find_id(card, &sid);
Ditto.
--
With Best Regards,
Andy Shevchenko
_______________________________________________
Alsa-devel mailing list
Alsa-devel@xxxxxxxxxxxxxxxx
http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
