Re: [PATCH] ASoC: Intel: avs: Replace snprintf() with scnprintf()

[Cezary Rojewski <cezary.rojewski@intel.com>]

On 2025-11-12 2:50 PM, David Laight wrote:
> On Wed, 12 Nov 2025 17:32:35 +0530
> hariconscious@gmail.com wrote:
> 
>> From: HariKrishna Sagala <hariconscious@gmail.com>
>>
>> As per the C99 standard snprintf() returns the length of the data
>> that *would have been* written if there were enough space for it.
>> It's generally considered safer to use the scnprintf() variant.

Thank you for patch, HariKrishna.

> 
> Did you actually read the code?
> In this case the code is actually rather buggy and can read beyond
> the end of 'buf[]'.
> 
> Neither snprintf() nor scnprintf() ever return -1 on error.
> So the existing code will attempt to write past the end of buf[]
> if there are a lot of entries.
> Fortunately there is a test for negative lengths - so nothing is
> written past the end - but the read can return data off the end.
> 
> Changing to scnprintf() stops this happening, but the user will get
> truncated data.


Both may discard characters. Regardless, I agree, when building strings 
in iterative fashion, scnprintf() shall be used over snprintf(). 
Essentially, this patch is a fix, so a proper 'Fixes: ' tag is required 
along with update to the commit message.

I'd start with dropping "It's generally considered safer to use the 
scnprintf() variant." No guessing here. If you're wondering how to word 
it, I'd suggesting to use Takashi's message from commit ca3b7b9dc9bc 
("ASoC: Intel: avs: Fix potential buffer overflow by snprintf()") as a 
reference.

In fact, the existing code could be simplified, however, the 
simplification does not need to be part of the fix.

(for those wondering about the entry count - ~10 tops, AudioDSP firmware 
limitation, +/- 1 depending on the SoC generation)

> 
> 	David
> 
> 
>>
>> Link: https://github.com/KSPP/linux/issues/105
>> Signed-off-by: HariKrishna Sagala <hariconscious@gmail.com>
>> ---
>> This patch replaces snprintf() varaint with scnprintf() in
>> scenario to know the actual length of the data rather than *would
>> have been* written data of snprintf().
>> No functional changes intended.
>> Reference Links:
>> https://lwn.net/Articles/69419/
>> https://www.kernel.org/doc/html/latest/core-api/kernel-api.html#c.snprintf
>>
>> Note:
>> Compile & boot tested with necessary config parameters.
>> Other areas of AVS uses scnprintf() variant.
>>
>>   sound/soc/intel/avs/debugfs.c | 2 +-
>>   1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/sound/soc/intel/avs/debugfs.c b/sound/soc/intel/avs/debugfs.c
>> index 3534de46f9e4..100b95bfcd78 100644
>> --- a/sound/soc/intel/avs/debugfs.c
>> +++ b/sound/soc/intel/avs/debugfs.c
>> @@ -119,7 +119,7 @@ static ssize_t probe_points_read(struct file *file, char __user *to, size_t coun
>>   	}
>>   
>>   	for (i = 0; i < num_desc; i++) {
>> -		ret = snprintf(buf + len, PAGE_SIZE - len,
>> +		ret = scnprintf(buf + len, PAGE_SIZE - len,
>>   			       "Id: %#010x  Purpose: %d  Node id: %#x\n",
>>   			       desc[i].id.value, desc[i].purpose, desc[i].node_id.val);

Indentation is off, please adjust.

>>   		if (ret < 0)
>>
>> base-commit: 24172e0d79900908cf5ebf366600616d29c9b417
>