[PATCH v2] ASoC: codecs: fs210x: fix possible buffer overflow

Next message: Chia-I Wu: "Re: [PATCH v2 04/11] drm/panthor: Extend the IRQ logic to allow fast/hard IRQ handlers"
Previous message: kernel test robot: "Re: [PATCH] fpga: altera-cvp: Extend wrapped HW credit counter in software"
In reply to: Mark Brown: "Re: [PATCH] ASoC: codecs: fs210x: fix possible buffer overflow"
Next in thread: Mark Brown: "Re: [PATCH v2] ASoC: codecs: fs210x: fix possible buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Alexander A. Klimov

Date: Tue May 12 2026 - 15:10:23 EST

In fs210x_effect_scene_info(), a string was copied like this:

strscpy(DST, SRC, strlen(SRC) + 1);

A buffer overflow would happen if strlen(SRC) >= sizeof(DST).
Actually, strscpy() must be used this way:

strscpy(DST, SRC, sizeof(DST));
strscpy(DST, SRC); // defaults to sizeof(DST)

Fixes: 756117701779 ("ASoC: codecs: Add FourSemi FS2104/5S audio amplifier driver")
Signed-off-by: Alexander A. Klimov <grandmaster@xxxxxxxxxxxx>
---
v2: changed commit message pseudocode `strlen(SRC)` to `strlen(SRC) + 1`
v2: changed commit message pseudocode `> sizeof(DST)` to `>= sizeof(DST)`

Now pseudocode should apply against current code.
The diff ITSELF already applied to Linus' master
and broonie/sound.git HEAD.

sound/soc/codecs/fs210x.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sound/soc/codecs/fs210x.c b/sound/soc/codecs/fs210x.c
index e6195b71adad..eda716f817b5 100644
--- a/sound/soc/codecs/fs210x.c
+++ b/sound/soc/codecs/fs210x.c
@@ -968,7 +968,7 @@ static int fs210x_effect_scene_info(struct snd_kcontrol *kcontrol,
if (scene->name)
name = scene->name;

- strscpy(uinfo->value.enumerated.name, name, strlen(name) + 1);
+ strscpy(uinfo->value.enumerated.name, name);

return 0;
}
--
2.54.0