From 3c818465e34d2240ed108d4d0f9267548fab248c Mon Sep 17 00:00:00 2001 From: Doug Goldstein Date: Wed, 1 May 2013 11:03:12 -0500 Subject: [PATCH] alsactl: sprintf to snprintf prevent buffer overflow sprintf() is a bit dangerous unless you explicitly know your type size and want to keep it in sync always. Its safer to just use snprintf() and ensure your string doesn't overflow and is NULL terminated. --- alsactl/lock.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/alsactl/lock.c b/alsactl/lock.c index fce208b..587a109 100644 --- a/alsactl/lock.c +++ b/alsactl/lock.c @@ -53,9 +53,9 @@ static int state_lock_(const char *file, int lock, int timeout) lck.l_len = 11; lck.l_pid = 0; if (lock) { - sprintf(lcktxt, "%10li\n", (long)getpid()); + snprintf(lcktxt, sizeof(lcktxt), "%10li\n", (long)getpid()); } else { - sprintf(lcktxt, "%10s\n", ""); + snprintf(lcktxt, sizeof(lcktxt), "%10s\n", ""); } while (fd < 0 && timeout-- > 0) { fd = open(nfile, O_RDWR); -- 1.8.2.1