On 08/18/2010 10:07 AM, Daniel P. Berrange wrote:
> Do we actually have any places where printf/sprintf hurts ?
[v]as[n]printf are already safe, thanks to the vasprintf module.
snprintf is safe, but only indirectly, due to the getaddrinfo module
dragging it in (if getaddrinfo is changed to not rely on snprintf, then
we would lose the indirect support), but I agree that we should be using
virAsprintf in that case, anyways.
vsnprintf is not safe, but can easily be made safe at the same time as
snprintf.
[v][f]printf and [v]sprintf are not safe, with nothing in gnulib to
protect them while still staying at LGPLv2+; but I agree that we can
probably avoid the issues with these by converting sprintf to
virAsprintf, and just being careful with [f]printf.
> And just a handful of things using %ll
>
> $ find -name '*.c' | xargs grep -i printf | grep -i -v asprintf | grep -v virBuffer | grep -v gnulib | grep '%ll'
> ./src/storage/storage_backend.c: snprintf(size, sizeof(size), "%lluK", vol->capacity/1024);
> ./src/storage/storage_backend.c: snprintf(size, sizeof(size), "%llu", vol->capacity/1024/1024);
> ./src/storage/parthelper.c: printf("%s%s%d%c%s%c%s%c%llu%c%llu%c%llu%c",
> ./src/storage/parthelper.c: printf("%s%c%s%c%s%c%llu%c%llu%c%llu%c",
> ./src/storage/storage_backend_disk.c: snprintf(start, sizeof(start)-1, "%lluB", startOffset);
> ./src/storage/storage_backend_disk.c: snprintf(end, sizeof(end)-1, "%lluB", endOffset);
> ./src/storage/storage_backend_logical.c: snprintf(size, sizeof(size)-1, "%lluK", vol->capacity/1024);
> ./tests/qemuhelptest.c: fprintf(stderr, "Computed flags do not match: got 0x%llx, expected 0x%llx\n",
> ./examples/domain-events/events-c/event-test.c: printf("%s EVENT: Domain %s(%d) rtc change %lld\n", __func__, virDomainGetName(dom),
For a more complete list of all potential problems, I used:
$ git grep '\bv\?s\?f\?printf \?(' \
daemon/ tools/ src/ include/ proxy/ tests/ | wc -l
236
And except for the few you already listed above, none of them had %z or
%ll issues. So fixing those few, plus converting snprintf to
virAsprintf, seems like a manageable task; I'm now working on it.
--
Eric Blake eblake@xxxxxxxxxx +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list