On Mon, Mar 16, 2020 at 01:49:41PM +0100, Takashi Iwai wrote: > snprintf() is a hard-to-use function, it's especially difficult to use > it for concatenating substrings in a buffer with a limited size. > Since snprintf() returns the would-be-output size, not the actual > size, the subsequent use of snprintf() may go beyond the given limit > easily. Although the current code doesn't actually overflow the > buffer, it's an incorrect usage. > > This patch replaces such snprintf() calls with a safer version, > scnprintf(). > > Also this fixes the incorrect argument of the buffer limit size passed > to snprintf(), too. The size has to be decremented for the remaining > length. > > Signed-off-by: Takashi Iwai <tiwai@xxxxxxx> Reviewed-by: Brian Masney <masneyb@xxxxxxxxxxxxx>
