[Qemu-devel] [5290] Don't use sprintf() or strcpy()

[Anthony Liguori]

Revision: 5290
          http://svn.sv.gnu.org/viewvc/?view=rev&root=qemu&revision=5290
Author:   aliguori
Date:     2008-09-22 15:04:31 +0000 (Mon, 22 Sep 2008)

Log Message:
-----------
Don't use sprintf() or strcpy()

They are unsafe.  The current code is correct, but to be safer, we should pass
an explicit size.

Signed-off-by: Anthony Liguori <address@hidden>

Modified Paths:
--------------
    trunk/usb-linux.c

Modified: trunk/usb-linux.c
===================================================================
--- trunk/usb-linux.c   2008-09-22 14:49:01 UTC (rev 5289)
+++ trunk/usb-linux.c   2008-09-22 15:04:31 UTC (rev 5290)
@@ -1449,20 +1449,20 @@
     return 0;
 }
 
-static void dec2str(int val, char *str)
+static void dec2str(int val, char *str, size_t size)
 {
     if (val == -1)
-        strcpy(str, "*");
+        snprintf(str, size, "*");
     else
-        sprintf(str, "%d", val); 
+        snprintf(str, size, "%d", val); 
 }
 
-static void hex2str(int val, char *str)
+static void hex2str(int val, char *str, size_t size)
 {
     if (val == -1)
-        strcpy(str, "*");
+        snprintf(str, size, "*");
     else
-        sprintf(str, "%x", val);
+        snprintf(str, size, "%x", val);
 }
 
 void usb_host_info(void)
@@ -1475,10 +1475,10 @@
         term_printf("  Auto filters:\n");
     for (f = usb_auto_filter; f; f = f->next) {
         char bus[10], addr[10], vid[10], pid[10];
-        dec2str(f->bus_num, bus);
-        dec2str(f->addr, addr);
-        hex2str(f->vendor_id, vid);
-        hex2str(f->product_id, pid);
+        dec2str(f->bus_num, bus, sizeof(bus));
+        dec2str(f->addr, addr, sizeof(addr));
+        hex2str(f->vendor_id, vid, sizeof(vid));
+        hex2str(f->product_id, pid, sizeof(pid));
        term_printf("    Device %s.%s ID %s:%s\n", bus, addr, vid, pid);
     }
 }