Hi Jules, On Sat, Apr 17, 2021 at 11:11:44PM +0200, Jules Maselbas wrote: > Replace the *sprintf to their *snprintf version when printing > to the fixed size printbuffer. > > Reported-by: Neeraj Pal <neerajpal09@xxxxxxxxx> > Signed-off-by: Jules Maselbas <jmaselbas@xxxxxxxxx> > --- I didn't realize you also created this patch. I like your version better because of the sizeof() you used. Replaced my version with yours, but I added the pbl/console.c changes from my patch to yours. Sascha > common/console_common.c | 15 ++++++++------- > 1 file changed, 8 insertions(+), 7 deletions(-) > > diff --git a/common/console_common.c b/common/console_common.c > index 3e0741572..dc3a611e1 100644 > --- a/common/console_common.c > +++ b/common/console_common.c > @@ -126,7 +126,7 @@ int pr_print(int level, const char *fmt, ...) > return 0; > > va_start(args, fmt); > - i = vsprintf(printbuffer, fmt, args); > + i = vsnprintf(printbuffer, sizeof(printbuffer), fmt, args); > va_end(args); > > pr_puts(level, printbuffer); > @@ -139,18 +139,19 @@ int dev_printf(int level, const struct device_d *dev, const char *format, ...) > va_list args; > int ret = 0; > char printbuffer[CFG_PBSIZE]; > + size_t size = sizeof(printbuffer); > > if (!IS_ENABLED(CONFIG_LOGBUF) && level > barebox_loglevel) > return 0; > > if (dev->driver && dev->driver->name) > - ret += sprintf(printbuffer, "%s ", dev->driver->name); > + ret += snprintf(printbuffer, size, "%s ", dev->driver->name); > > - ret += sprintf(printbuffer + ret, "%s: ", dev_name(dev)); > + ret += snprintf(printbuffer + ret, size - ret, "%s: ", dev_name(dev)); > > va_start(args, format); > > - ret += vsprintf(printbuffer + ret, format, args); > + ret += vsnprintf(printbuffer + ret, size - ret, format, args); > > va_end(args); > > @@ -237,7 +238,7 @@ int printf(const char *fmt, ...) > * For this to work, printbuffer must be larger than > * anything we ever want to print. > */ > - i = vsprintf (printbuffer, fmt, args); > + i = vsnprintf(printbuffer, sizeof(printbuffer), fmt, args); > va_end(args); > > /* Print the string */ > @@ -256,7 +257,7 @@ int vprintf(const char *fmt, va_list args) > * For this to work, printbuffer must be larger than > * anything we ever want to print. > */ > - i = vsprintf(printbuffer, fmt, args); > + i = vsnprintf(printbuffer, sizeof(printbuffer), fmt, args); > > /* Print the string */ > puts(printbuffer); > @@ -344,7 +345,7 @@ int dprintf(int file, const char *fmt, ...) > * For this to work, printbuffer must be larger than > * anything we ever want to print. > */ > - vsprintf(printbuffer, fmt, args); > + vsnprintf(printbuffer, sizeof(printbuffer), fmt, args); > va_end(args); > > /* Print the string */ > -- > 2.30.2 > > > > _______________________________________________ > barebox mailing list > barebox@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/barebox > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox
