ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control

PlaidCat · PlaidCat · commit 89e3c423ef8c · 2025-10-30T03:01:22.000-04:00
jira LE-4613 cve CVE-2025-39751 Rebuild_History Non-Buildable kernel-6.12.0-55.41.1.el10_0 commit-author Lucy Thrun <lucy.thrun@digital-rabbithole.de> commit a409c60 The 'sprintf' call in 'add_tuning_control' may exceed the 44-byte buffer if either string argument is too long. This triggers a compiler warning. Replaced 'sprintf' with 'snprintf' to limit string lengths to prevent overflow. Reported-by: kernel test robot <lkp@intel.com> Closes: https://lore.kernel.org/oe-kbuild-all/202506100642.95jpuMY1-lkp@intel.com/ Signed-off-by: Lucy Thrun <lucy.thrun@digital-rabbithole.de> Link: https://patch.msgid.link/20250610175012.918-3-lucy.thrun@digital-rabbithole.de Signed-off-by: Takashi Iwai <tiwai@suse.de> (cherry picked from commit a409c60) Signed-off-by: Jonathan Maple <jmaple@ciq.com>
diff --git a/sound/pci/hda/patch_ca0132.c b/sound/pci/hda/patch_ca0132.c
@@ -4410,7 +4410,7 @@ static int add_tuning_control(struct hda_codec *codec,
 	}
 	knew.private_value =
 		HDA_COMPOSE_AMP_VAL(nid, 1, 0, type);
-	sprintf(namestr, "%s %s Volume", name, dirstr[dir]);
+	snprintf(namestr, sizeof(namestr), "%s %s Volume", name, dirstr[dir]);
 	return snd_hda_ctl_add(codec, nid, snd_ctl_new1(&knew, codec));
 }
 

Original file line number	Diff line number	Diff line change
`@@ -4410,7 +4410,7 @@ static int add_tuning_control(struct hda_codec *codec,`
`4410`	`4410`	`}`
`4411`	`4411`	`knew.private_value =`
`4412`	`4412`	`HDA_COMPOSE_AMP_VAL(nid, 1, 0, type);`
`4413`		`- sprintf(namestr, "%s %s Volume", name, dirstr[dir]);`
	`4413`	`+ snprintf(namestr, sizeof(namestr), "%s %s Volume", name, dirstr[dir]);`
`4414`	`4414`	`return snd_hda_ctl_add(codec, nid, snd_ctl_new1(&knew, codec));`
`4415`	`4415`	`}`
`4416`	`4416`