On Mon, 16 Mar 2020 12:19:35 -0400 Brian Masney <masneyb@xxxxxxxxxxxxx> wrote: > On Mon, Mar 16, 2020 at 01:49:40PM +0100, Takashi Iwai wrote: > > snprintf() is a hard-to-use function, it's especially difficult to use > > it for concatenating substrings in a buffer with a limited size. > > Since snprintf() returns the would-be-output size, not the actual > > size, the subsequent use of snprintf() may go beyond the given limit > > easily. Although the current code doesn't actually overflow the > > buffer, it's an incorrect usage. > > > > This patch replaces such snprintf() calls with a safer version, > > scnprintf(). > > > > Signed-off-by: Takashi Iwai <tiwai@xxxxxxx> > > Reviewed-by: Brian Masney <masneyb@xxxxxxxxxxxxx> I picked this one up from v1. Thanks, Jonathan
