alsactl: sprintf to snprintf prevent buffer overflow

sprintf() is a bit dangerous unless you explicitly know your type size
and want to keep it in sync always. Its safer to just use snprintf() and
ensure your string doesn't overflow and is NULL terminated.

Signed-off-by: Doug Goldstein <cardoe@cardoe.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

diff --git a/alsactl/lock.c b/alsactl/lock.c
index fce208b53d5203b649e75d70ab98a8b4b751c724..587a10970d6dd3916cadb25590c57b42a1654af2 100644 (file)
--- a/alsactl/lock.c
+++ b/alsactl/lock.c
@@ -53,9 +53,9 @@ static int state_lock_(const char *file, int lock, int timeout)
        lck.l_len = 11;
        lck.l_pid = 0;
        if (lock) {
-               sprintf(lcktxt, "%10li\n", (long)getpid());
+               snprintf(lcktxt, sizeof(lcktxt), "%10li\n", (long)getpid());
        } else {
-               sprintf(lcktxt, "%10s\n", "");
+               snprintf(lcktxt, sizeof(lcktxt), "%10s\n", "");
        }
        while (fd < 0 && timeout-- > 0) {
                fd = open(nfile, O_RDWR);