Linux Sound subsystem development
 help / color / mirror / Atom feed
* [PATCH] ASoC: codecs: fs210x: fix possible buffer overflow
@ 2026-05-11 20:35 Alexander A. Klimov
  2026-05-12 12:33 ` Mark Brown
  0 siblings, 1 reply; 6+ messages in thread
From: Alexander A. Klimov @ 2026-05-11 20:35 UTC (permalink / raw)
  To: Nick Li, Liam Girdwood, Mark Brown, Jaroslav Kysela, Takashi Iwai
  Cc: linux-sound, Linux Kernel Mailing List

In fs210x_effect_scene_info(), a string was copied like this:

     strscpy(DST, SRC, strlen(SRC));

A buffer overflow would happen if strlen(SRC) > sizeof(DST).
Actually, strscpy() must be used this way:

     strscpy(DST, SRC, sizeof(DST));
     strscpy(DST, SRC); // defaults to sizeof(DST)

Fixes: 756117701779 ("ASoC: codecs: Add FourSemi FS2104/5S audio amplifier driver")
Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
---
  sound/soc/codecs/fs210x.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/soc/codecs/fs210x.c b/sound/soc/codecs/fs210x.c
index e6195b71adad..eda716f817b5 100644
--- a/sound/soc/codecs/fs210x.c
+++ b/sound/soc/codecs/fs210x.c
@@ -968,7 +968,7 @@ static int fs210x_effect_scene_info(struct snd_kcontrol *kcontrol,
  	if (scene->name)
  		name = scene->name;

-	strscpy(uinfo->value.enumerated.name, name, strlen(name) + 1);
+	strscpy(uinfo->value.enumerated.name, name);

  	return 0;
  }
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [PATCH] ASoC: codecs: fs210x: fix possible buffer overflow
  2026-05-11 20:35 [PATCH] ASoC: codecs: fs210x: fix possible buffer overflow Alexander A. Klimov
@ 2026-05-12 12:33 ` Mark Brown
  2026-05-12 19:07   ` [PATCH v2] " Alexander A. Klimov
  0 siblings, 1 reply; 6+ messages in thread
From: Mark Brown @ 2026-05-12 12:33 UTC (permalink / raw)
  To: Alexander A. Klimov
  Cc: Nick Li, Liam Girdwood, Jaroslav Kysela, Takashi Iwai,
	linux-sound, Linux Kernel Mailing List

[-- Attachment #1: Type: text/plain, Size: 361 bytes --]

On Mon, May 11, 2026 at 10:35:30PM +0200, Alexander A. Klimov wrote:
> In fs210x_effect_scene_info(), a string was copied like this:
> 
>     strscpy(DST, SRC, strlen(SRC));
> 
> A buffer overflow would happen if strlen(SRC) > sizeof(DST).
> Actually, strscpy() must be used this way:

This doesn't apply against current code, please check and resend.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [PATCH v2] ASoC: codecs: fs210x: fix possible buffer overflow
  2026-05-12 12:33 ` Mark Brown
@ 2026-05-12 19:07   ` Alexander A. Klimov
  2026-05-13  1:36     ` Mark Brown
  0 siblings, 1 reply; 6+ messages in thread
From: Alexander A. Klimov @ 2026-05-12 19:07 UTC (permalink / raw)
  To: Mark Brown
  Cc: Nick Li, Liam Girdwood, Jaroslav Kysela, Takashi Iwai,
	linux-sound, Linux Kernel Mailing List

In fs210x_effect_scene_info(), a string was copied like this:

     strscpy(DST, SRC, strlen(SRC) + 1);

A buffer overflow would happen if strlen(SRC) >= sizeof(DST).
Actually, strscpy() must be used this way:

     strscpy(DST, SRC, sizeof(DST));
     strscpy(DST, SRC); // defaults to sizeof(DST)

Fixes: 756117701779 ("ASoC: codecs: Add FourSemi FS2104/5S audio amplifier driver")
Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
---
  v2: changed commit message pseudocode `strlen(SRC)` to `strlen(SRC) + 1`
  v2: changed commit message pseudocode `> sizeof(DST)` to `>= sizeof(DST)`

  Now pseudocode should apply against current code.
  The diff ITSELF already applied to Linus' master
  and broonie/sound.git HEAD.

  sound/soc/codecs/fs210x.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/soc/codecs/fs210x.c b/sound/soc/codecs/fs210x.c
index e6195b71adad..eda716f817b5 100644
--- a/sound/soc/codecs/fs210x.c
+++ b/sound/soc/codecs/fs210x.c
@@ -968,7 +968,7 @@ static int fs210x_effect_scene_info(struct snd_kcontrol *kcontrol,
  	if (scene->name)
  		name = scene->name;

-	strscpy(uinfo->value.enumerated.name, name, strlen(name) + 1);
+	strscpy(uinfo->value.enumerated.name, name);

  	return 0;
  }
-- 
2.54.0


^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [PATCH v2] ASoC: codecs: fs210x: fix possible buffer overflow
  2026-05-12 19:07   ` [PATCH v2] " Alexander A. Klimov
@ 2026-05-13  1:36     ` Mark Brown
  2026-05-13  2:47       ` Geraldo Nascimento
  0 siblings, 1 reply; 6+ messages in thread
From: Mark Brown @ 2026-05-13  1:36 UTC (permalink / raw)
  To: Alexander A. Klimov
  Cc: Nick Li, Liam Girdwood, Jaroslav Kysela, Takashi Iwai,
	linux-sound, Linux Kernel Mailing List

[-- Attachment #1: Type: text/plain, Size: 251 bytes --]

On Tue, May 12, 2026 at 09:07:15PM +0200, Alexander A. Klimov wrote:
> In fs210x_effect_scene_info(), a string was copied like this:
> 
>     strscpy(DST, SRC, strlen(SRC) + 1);

This doesn't apply against current code, please check and resend.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH v2] ASoC: codecs: fs210x: fix possible buffer overflow
  2026-05-13  1:36     ` Mark Brown
@ 2026-05-13  2:47       ` Geraldo Nascimento
  2026-05-13 14:56         ` Mark Brown
  0 siblings, 1 reply; 6+ messages in thread
From: Geraldo Nascimento @ 2026-05-13  2:47 UTC (permalink / raw)
  To: Mark Brown
  Cc: Alexander A. Klimov, Nick Li, Liam Girdwood, Jaroslav Kysela,
	Takashi Iwai, linux-sound, Linux Kernel Mailing List

Hi Mark,

On Wed, May 13, 2026 at 10:36:32AM +0900, Mark Brown wrote:
> On Tue, May 12, 2026 at 09:07:15PM +0200, Alexander A. Klimov wrote:
> > In fs210x_effect_scene_info(), a string was copied like this:
> > 
> >     strscpy(DST, SRC, strlen(SRC) + 1);
> 
> This doesn't apply against current code, please check and resend.

Do you mean the codechange must be explicit in the commit message
instead of a generic pseudocode version?

Plus, is it acceptable to send v2 in reply to v1 like this? I'm a little
lost.

Thanks,
Geraldo Nascimento

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [PATCH v2] ASoC: codecs: fs210x: fix possible buffer overflow
  2026-05-13  2:47       ` Geraldo Nascimento
@ 2026-05-13 14:56         ` Mark Brown
  0 siblings, 0 replies; 6+ messages in thread
From: Mark Brown @ 2026-05-13 14:56 UTC (permalink / raw)
  To: Geraldo Nascimento
  Cc: Alexander A. Klimov, Nick Li, Liam Girdwood, Jaroslav Kysela,
	Takashi Iwai, linux-sound, Linux Kernel Mailing List

[-- Attachment #1: Type: text/plain, Size: 409 bytes --]

On Tue, May 12, 2026 at 11:47:21PM -0300, Geraldo Nascimento wrote:
> On Wed, May 13, 2026 at 10:36:32AM +0900, Mark Brown wrote:

> > This doesn't apply against current code, please check and resend.

> Do you mean the codechange must be explicit in the commit message
> instead of a generic pseudocode version?

No.  I mean your patch cannot be applied, I've no idea what it's against
but it's not my tree.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2026-05-13 14:56 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-05-11 20:35 [PATCH] ASoC: codecs: fs210x: fix possible buffer overflow Alexander A. Klimov
2026-05-12 12:33 ` Mark Brown
2026-05-12 19:07   ` [PATCH v2] " Alexander A. Klimov
2026-05-13  1:36     ` Mark Brown
2026-05-13  2:47       ` Geraldo Nascimento
2026-05-13 14:56         ` Mark Brown

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox