From patchwork Mon Aug 1 16:54:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Takashi Iwai X-Patchwork-Id: 594732 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from alsa0.perex.cz (alsa0.perex.cz [77.48.224.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id AC9B7C00144 for ; Mon, 1 Aug 2022 16:55:27 +0000 (UTC) Received: from alsa1.perex.cz (alsa1.perex.cz [207.180.221.201]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by alsa0.perex.cz (Postfix) with ESMTPS id E5C4B1E2; Mon, 1 Aug 2022 18:54:34 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 alsa0.perex.cz E5C4B1E2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=alsa-project.org; s=default; t=1659372925; bh=cyXU1qa/JDxmyPowWBIHYoIAd3HMNLS68YmuWkdq65c=; h=From:To:Subject:Date:In-Reply-To:References:Cc:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From; b=CxsmzvRJBX1H6Kdcj0JW1Aj5ialCHGIEGCY51LeY0OJdb13QrN4LfwZqHGzGs+7po 7XpqD9VW4k70Cxiul3lZ5bsSr6x66b0Bbr2iv55L4TPwSNHMyxVztMBWXQYCJbEl3z P81ns3A5tbD+6nP2AdzaIJmgDn3h3jRf286+6NcE= Received: from alsa1.perex.cz (localhost.localdomain [127.0.0.1]) by alsa1.perex.cz (Postfix) with ESMTP id 825CAF80152; Mon, 1 Aug 2022 18:54:34 +0200 (CEST) Received: by alsa1.perex.cz (Postfix, from userid 50401) id D7F7EF802DB; Mon, 1 Aug 2022 18:54:31 +0200 (CEST) Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by alsa1.perex.cz (Postfix) with ESMTPS id 29ECEF8014B for ; Mon, 1 Aug 2022 18:54:24 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 alsa1.perex.cz 29ECEF8014B Authentication-Results: alsa1.perex.cz; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="M/CiXfOK"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="xWVi1TLv" Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out2.suse.de (Postfix) with ESMTPS id EED932034C; Mon, 1 Aug 2022 16:54:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1659372863; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zSL+Ket4nCf261eCLXckqrhusqE/+ZShSkDd9Zclxr0=; b=M/CiXfOK6O5F70As58FsbVC32NciKyGGgY/owrDNa9PQl4Tkam1egEoBUCq9pOff384h9W IodJBYsCEhpEbFp8BvpZyVL/6sHZ3v4q0uDdQlDZeUXSKjKUwTw4fpFRtATRLgOoQ+Fcl/ yrOJqxMzOU5q1Dd+5U/GA5zzER6n8i0= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1659372863; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zSL+Ket4nCf261eCLXckqrhusqE/+ZShSkDd9Zclxr0=; b=xWVi1TLvk4nejd/vBMTivzJ5UUpC0vIvaiHu6Zk6TiL9z47oJoMvTa0B9+oZYsJ57kRde8 p+HMPyhhq5ZVq0Ag== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id C6AD313ADF; Mon, 1 Aug 2022 16:54:23 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id OHKALz8F6GL9GQAAMHmgww (envelope-from ); Mon, 01 Aug 2022 16:54:23 +0000 From: Takashi Iwai To: Mark Brown Subject: [PATCH 1/3] ASoC: Intel: avs: Fix potential buffer overflow by snprintf() Date: Mon, 1 Aug 2022 18:54:18 +0200 Message-Id: <20220801165420.25978-2-tiwai@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220801165420.25978-1-tiwai@suse.de> References: <20220801165420.25978-1-tiwai@suse.de> MIME-Version: 1.0 Cc: Ranjani Sridharan , alsa-devel@alsa-project.org, Peter Ujfalusi , Cezary Rojewski , Pierre-Louis Bossart X-BeenThere: alsa-devel@alsa-project.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Alsa-devel mailing list for ALSA developers - http://www.alsa-project.org" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: alsa-devel-bounces@alsa-project.org Sender: "Alsa-devel" snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in a buffer overflow (although it's unrealistic). This patch replaces it with a safer version, scnprintf() for papering over such a potential issue. Fixes: f1b3b320bd65 ("ASoC: Intel: avs: Generic soc component driver") Signed-off-by: Takashi Iwai Acked-by: Cezary Rojewski --- sound/soc/intel/avs/pcm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sound/soc/intel/avs/pcm.c b/sound/soc/intel/avs/pcm.c index f21b0cdd3206..8fe5917b1e26 100644 --- a/sound/soc/intel/avs/pcm.c +++ b/sound/soc/intel/avs/pcm.c @@ -636,8 +636,8 @@ static ssize_t topology_name_read(struct file *file, char __user *user_buf, size char buf[64]; size_t len; - len = snprintf(buf, sizeof(buf), "%s/%s\n", component->driver->topology_name_prefix, - mach->tplg_filename); + len = scnprintf(buf, sizeof(buf), "%s/%s\n", component->driver->topology_name_prefix, + mach->tplg_filename); return simple_read_from_buffer(user_buf, count, ppos, buf, len); } From patchwork Mon Aug 1 16:54:19 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Takashi Iwai X-Patchwork-Id: 594877 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from alsa0.perex.cz (alsa0.perex.cz [77.48.224.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id E9A4DC19F2B for ; Mon, 1 Aug 2022 16:56:24 +0000 (UTC) Received: from alsa1.perex.cz (alsa1.perex.cz [207.180.221.201]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by alsa0.perex.cz (Postfix) with ESMTPS id C6F4D1620; Mon, 1 Aug 2022 18:55:32 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 alsa0.perex.cz C6F4D1620 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=alsa-project.org; s=default; t=1659372982; bh=2jHYyStPBaM6ExUAuQxqnLHAgKPJvwUE/RNRYABTsfI=; h=From:To:Subject:Date:In-Reply-To:References:Cc:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From; b=bqRPi1d05hSN+y6IKvEIY6nez3nNH5I5QdkPBre2WsYl46Jl5DYechop9M71ZxSKm txvGDsHOSr8vkq09jsW56/krlGCwZu7mzXYcg5eRsDYQj3PU4xDOBuVuyBNSyWfNvy f2k9zgIrGCnF8U4mjo5ny088rLbQ/4eTtrbHWVOY= Received: from alsa1.perex.cz (localhost.localdomain [127.0.0.1]) by alsa1.perex.cz (Postfix) with ESMTP id C9B28F80544; Mon, 1 Aug 2022 18:54:36 +0200 (CEST) Received: by alsa1.perex.cz (Postfix, from userid 50401) id 36EBFF8023B; Mon, 1 Aug 2022 18:54:34 +0200 (CEST) Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by alsa1.perex.cz (Postfix) with ESMTPS id 73869F8013D for ; Mon, 1 Aug 2022 18:54:24 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 alsa1.perex.cz 73869F8013D Authentication-Results: alsa1.perex.cz; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="d0GgLurg"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="a9APOek0" Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 3376C38185; Mon, 1 Aug 2022 16:54:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1659372864; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KUlsJL+/qpK5RNgkAKYwPa5yYkTanfcriOJKB+1B0sw=; b=d0GgLurgv8/5GxiU1Dm7ciQs8qD14lpCnbanyG0adrdtNENn67Rd990PWHkJjClm/980Dl I0G//2QQJjjfMcaXKdX+nf/wgrKapH2c/TKt5mz1kKqObCPVbBLT/RIrTSqHBM0PMZtfvI H8K09ZN9wl7kU0mIbU7ROP6KMmfLGMQ= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1659372864; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KUlsJL+/qpK5RNgkAKYwPa5yYkTanfcriOJKB+1B0sw=; b=a9APOek09YwwmotlGcBrc0R07Xq7nW/7B+47YEoViHmvWPbj55r0oJmE2GGCp6PydpGKD9 HFDtGhTdLdpztYAQ== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id F1AC913AAE; Mon, 1 Aug 2022 16:54:23 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id ULwxOj8F6GL9GQAAMHmgww (envelope-from ); Mon, 01 Aug 2022 16:54:23 +0000 From: Takashi Iwai To: Mark Brown Subject: [PATCH 2/3] ASoC: SOF: debug: Fix potential buffer overflow by snprintf() Date: Mon, 1 Aug 2022 18:54:19 +0200 Message-Id: <20220801165420.25978-3-tiwai@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220801165420.25978-1-tiwai@suse.de> References: <20220801165420.25978-1-tiwai@suse.de> MIME-Version: 1.0 Cc: Ranjani Sridharan , alsa-devel@alsa-project.org, Peter Ujfalusi , Cezary Rojewski , Pierre-Louis Bossart X-BeenThere: alsa-devel@alsa-project.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Alsa-devel mailing list for ALSA developers - http://www.alsa-project.org" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: alsa-devel-bounces@alsa-project.org Sender: "Alsa-devel" snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow (although it's unrealistic). This patch replaces with a safer version, scnprintf() for papering over such a potential issue. Fixes: 5b10b6298921 ("ASoC: SOF: Add `memory_info` file to debugfs") Signed-off-by: Takashi Iwai --- sound/soc/sof/debug.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sound/soc/sof/debug.c b/sound/soc/sof/debug.c index c5d797e97c02..d9a3ce7b69e1 100644 --- a/sound/soc/sof/debug.c +++ b/sound/soc/sof/debug.c @@ -252,9 +252,9 @@ static int memory_info_update(struct snd_sof_dev *sdev, char *buf, size_t buff_s } for (i = 0, len = 0; i < reply->num_elems; i++) { - ret = snprintf(buf + len, buff_size - len, "zone %d.%d used %#8x free %#8x\n", - reply->elems[i].zone, reply->elems[i].id, - reply->elems[i].used, reply->elems[i].free); + ret = scnprintf(buf + len, buff_size - len, "zone %d.%d used %#8x free %#8x\n", + reply->elems[i].zone, reply->elems[i].id, + reply->elems[i].used, reply->elems[i].free); if (ret < 0) goto error; len += ret; From patchwork Mon Aug 1 16:54:20 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Takashi Iwai X-Patchwork-Id: 594878 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from alsa0.perex.cz (alsa0.perex.cz [77.48.224.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 70C48C00144 for ; Mon, 1 Aug 2022 16:55:55 +0000 (UTC) Received: from alsa1.perex.cz (alsa1.perex.cz [207.180.221.201]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by alsa0.perex.cz (Postfix) with ESMTPS id 65805886; Mon, 1 Aug 2022 18:55:03 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 alsa0.perex.cz 65805886 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=alsa-project.org; s=default; t=1659372953; bh=HHZE7LpqtbMM+mWqUDx3JlzY9BE8ksjixKIkxS+N98A=; h=From:To:Subject:Date:In-Reply-To:References:Cc:List-Id: List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe: From; b=MO60k7TB4xe2NjvPc/XA8BAMtqYaYz/vHdVIjp9FSZ+mpX9GBKFoUmnyuHasI3RMs EiCy8JdwrDh0zUrBfGRVNJW27+vcE6RmSkmIk0sQXO8cbGQwAt5knvQKReCpHIvMDl gKAKd0YKPSs12TkSHNFR/vESOuKwLOPZUsDtHYPQ= Received: from alsa1.perex.cz (localhost.localdomain [127.0.0.1]) by alsa1.perex.cz (Postfix) with ESMTP id 71FA4F804FA; Mon, 1 Aug 2022 18:54:35 +0200 (CEST) Received: by alsa1.perex.cz (Postfix, from userid 50401) id CCCFDF802DB; Mon, 1 Aug 2022 18:54:32 +0200 (CEST) Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by alsa1.perex.cz (Postfix) with ESMTPS id 764C2F8023B for ; Mon, 1 Aug 2022 18:54:24 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 alsa1.perex.cz 764C2F8023B Authentication-Results: alsa1.perex.cz; dkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de header.b="xGK0hcXU"; dkim=permerror (0-bit key) header.d=suse.de header.i=@suse.de header.b="0xT5fpsj" Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 689FD38340; Mon, 1 Aug 2022 16:54:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1659372864; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RRNpSGUK2O/A9dIAwB0+U6mvP3AD7U/zuitWRrgD8fI=; b=xGK0hcXUTFNmloPcjkhr5YNDUizNdbdDivrSgBLF4/3O6YZOjndG0XGGv9eymE4XG7Ub9s ybZexIJ+R+dVSzLuuZ7ic1uBLtnyTjy/8qV/MzyaFXuZ6p7I7XVF74zIYiwi6NBsjw1uvj DB1nmDZ/lJU4vHF9HRGUSz/Hv4HMeQw= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1659372864; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RRNpSGUK2O/A9dIAwB0+U6mvP3AD7U/zuitWRrgD8fI=; b=0xT5fpsjnMGFr+eBwB06OR02pgDVtQ6S56mOcnYC4Ds1lQDp2BX+12x9TXh9n5Ros5p1z+ b6ZMCEBU9rbZb8BA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 34D7D13ADF; Mon, 1 Aug 2022 16:54:24 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id QAc5DEAF6GL9GQAAMHmgww (envelope-from ); Mon, 01 Aug 2022 16:54:24 +0000 From: Takashi Iwai To: Mark Brown Subject: [PATCH 3/3] ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() Date: Mon, 1 Aug 2022 18:54:20 +0200 Message-Id: <20220801165420.25978-4-tiwai@suse.de> X-Mailer: git-send-email 2.35.3 In-Reply-To: <20220801165420.25978-1-tiwai@suse.de> References: <20220801165420.25978-1-tiwai@suse.de> MIME-Version: 1.0 Cc: Ranjani Sridharan , alsa-devel@alsa-project.org, Peter Ujfalusi , Cezary Rojewski , Pierre-Louis Bossart X-BeenThere: alsa-devel@alsa-project.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: "Alsa-devel mailing list for ALSA developers - http://www.alsa-project.org" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: alsa-devel-bounces@alsa-project.org Sender: "Alsa-devel" snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow (although it's unrealistic). This patch replaces with a safer version, scnprintf() for papering over such a potential issue. Fixes: 29c8e4398f02 ("ASoC: SOF: Intel: hda: add extended rom status dump to error log") Signed-off-by: Takashi Iwai --- sound/soc/sof/intel/hda.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sound/soc/sof/intel/hda.c b/sound/soc/sof/intel/hda.c index 8639ea63a10d..6d4ecbe14adf 100644 --- a/sound/soc/sof/intel/hda.c +++ b/sound/soc/sof/intel/hda.c @@ -574,7 +574,7 @@ static void hda_dsp_dump_ext_rom_status(struct snd_sof_dev *sdev, const char *le chip = get_chip_info(sdev->pdata); for (i = 0; i < HDA_EXT_ROM_STATUS_SIZE; i++) { value = snd_sof_dsp_read(sdev, HDA_DSP_BAR, chip->rom_status_reg + i * 0x4); - len += snprintf(msg + len, sizeof(msg) - len, " 0x%x", value); + len += scnprintf(msg + len, sizeof(msg) - len, " 0x%x", value); } dev_printk(level, sdev->dev, "extended rom status: %s", msg);