snprintf() is a hard-to-use function, it's especially difficult to use
it for concatenating substrings in a buffer with a limited size.
Since snprintf() returns the would-be-output size, not the actual
size, the subsequent use of snprintf() may go beyond the given limit
easily.  Although the current code doesn't actually overflow the
buffer, it's an incorrect usage.

This patch replaces such snprintf() calls with a safer version,
scnprintf().

Also this fixes the incorrect argument of the buffer limit size passed
to snprintf(), too.  The size has to be decremented for the remaining
length.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Reviewed-by: Brian Masney <masneyb@onstation.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>