On 2025-11-12 8:20 PM, Greg KH wrote:
On Wed, Nov 12, 2025 at 11:48:51PM +0530, hariconscious@gmail.com wrote:
From: HariKrishna Sagala hariconscious@gmail.com
snprintf() returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in a buffer overflow (although it's unrealistic).
unrealistic == impossible
So why make this change at all?
The problem will never occur in production-scenario given the AudioDSP firmware limitation - max ~10 probe-point entries so, the built string will be far away from 4K_SZ bytes.
If the verdict is: ignore the recommendation as the problem is unrealistic, I'm OK with that. Typically though I'd prefer to stick to the recommendations.
This patch replaces it with a safer version, scnprintf() for papering over such a potential issue.
Don't "paper over", actually fix real things.
Link: https://github.com/KSPP/linux/issues/105 'Fixes: 5a565ba23abe ("ASoC: Intel: avs: Probing and firmware tracing over debugfs")'
No, this is not a "fix".
The patch isn't worded well, that's clear. While the patch is an outcome of static-analysis, isn't it good to have 'Fixes:' to point out the offending commit regardless?