Hello Jean, On Tue, Oct 31, 2017 at 08:16:04AM +0100, Jean Delvare wrote: > sprintf isn't safe, use snprintf instead. > --- > tools/i2cbusses.c | 10 +++++----- > 1 file changed, 5 insertions(+), 5 deletions(-) > > --- a/tools/i2cbusses.c > +++ b/tools/i2cbusses.c > @@ -220,18 +220,18 @@ struct i2c_adap *gather_i2c_busses(void) > > /* this should work for kernels 2.6.5 or higher and */ > /* is preferred because is unambiguous */ > - sprintf(n, "%s/%s/name", sysfs, de->d_name); > + snprintf(n, NAME_MAX, "%s/%s/name", sysfs, de->d_name); OK, now instead of running in a buffer overflow in sprintf you might call fopen with a partial (maybe unterminated?) filename. While this is definitively better, you should check the return value of snprintf to be completely safe here. Best regards Uwe -- Pengutronix e.K. | Uwe Kleine-König | Industrial Linux Solutions | http://www.pengutronix.de/ |
