All the occurrences of sprintf usage under vc04_services can be safely
replaced by snprintf, so as to avoid any possible overflow.
Suggested-by: Dan Carpenter <[email protected]>
Suggested-by: Umang Jain <[email protected]>
Signed-off-by: Ricardo B. Marliere <[email protected]>
---
.../bcm2835-camera/bcm2835-camera.c | 2 +-
.../interface/vchiq_arm/vchiq_arm.c | 16 ++++++++--------
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
index e860fb89d42e..e6e89784d84b 100644
--- a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
+++ b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
@@ -855,7 +855,7 @@ static int vidioc_enum_input(struct file *file, void *priv,
return -EINVAL;
inp->type = V4L2_INPUT_TYPE_CAMERA;
- sprintf((char *)inp->name, "Camera %u", inp->index);
+ snprintf((char *)inp->name, sizeof(inp->name), "Camera %u", inp->index);
return 0;
}
diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
index de6a24304a4d..9fb8f657cc78 100644
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
@@ -1451,12 +1451,12 @@ vchiq_use_internal(struct vchiq_state *state, struct vchiq_service *service,
}
if (use_type == USE_TYPE_VCHIQ) {
- sprintf(entity, "VCHIQ: ");
+ snprintf(entity, sizeof(entity), "VCHIQ: ");
entity_uc = &arm_state->peer_use_count;
} else if (service) {
- sprintf(entity, "%p4cc:%03d",
- &service->base.fourcc,
- service->client_id);
+ snprintf(entity, sizeof(entity), "%p4cc:%03d",
+ &service->base.fourcc,
+ service->client_id);
entity_uc = &service->service_use_count;
} else {
vchiq_log_error(state->dev, VCHIQ_SUSPEND, "%s null service ptr", __func__);
@@ -1506,12 +1506,12 @@ vchiq_release_internal(struct vchiq_state *state, struct vchiq_service *service)
}
if (service) {
- sprintf(entity, "%p4cc:%03d",
- &service->base.fourcc,
- service->client_id);
+ snprintf(entity, sizeof(entity), "%p4cc:%03d",
+ &service->base.fourcc,
+ service->client_id);
entity_uc = &service->service_use_count;
} else {
- sprintf(entity, "PEER: ");
+ snprintf(entity, sizeof(entity), "PEER: ");
entity_uc = &arm_state->peer_use_count;
}
--
2.42.0
Hi Ricardo,
Thank you for the patch
On 10/25/23 5:56 PM, Ricardo B. Marliere wrote:
> All the occurrences of sprintf usage under vc04_services can be safely
> replaced by snprintf, so as to avoid any possible overflow.
>
> Suggested-by: Dan Carpenter <[email protected]>
> Suggested-by: Umang Jain <[email protected]>
> Signed-off-by: Ricardo B. Marliere <[email protected]>
LGTM,
Reviewed-by: Umang Jain <[email protected]>
> ---
> .../bcm2835-camera/bcm2835-camera.c | 2 +-
> .../interface/vchiq_arm/vchiq_arm.c | 16 ++++++++--------
> 2 files changed, 9 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
> index e860fb89d42e..e6e89784d84b 100644
> --- a/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
> +++ b/drivers/staging/vc04_services/bcm2835-camera/bcm2835-camera.c
> @@ -855,7 +855,7 @@ static int vidioc_enum_input(struct file *file, void *priv,
> return -EINVAL;
>
> inp->type = V4L2_INPUT_TYPE_CAMERA;
> - sprintf((char *)inp->name, "Camera %u", inp->index);
> + snprintf((char *)inp->name, sizeof(inp->name), "Camera %u", inp->index);
> return 0;
> }
>
> diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
> index de6a24304a4d..9fb8f657cc78 100644
> --- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
> +++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
> @@ -1451,12 +1451,12 @@ vchiq_use_internal(struct vchiq_state *state, struct vchiq_service *service,
> }
>
> if (use_type == USE_TYPE_VCHIQ) {
> - sprintf(entity, "VCHIQ: ");
> + snprintf(entity, sizeof(entity), "VCHIQ: ");
> entity_uc = &arm_state->peer_use_count;
> } else if (service) {
> - sprintf(entity, "%p4cc:%03d",
> - &service->base.fourcc,
> - service->client_id);
> + snprintf(entity, sizeof(entity), "%p4cc:%03d",
> + &service->base.fourcc,
> + service->client_id);
> entity_uc = &service->service_use_count;
> } else {
> vchiq_log_error(state->dev, VCHIQ_SUSPEND, "%s null service ptr", __func__);
> @@ -1506,12 +1506,12 @@ vchiq_release_internal(struct vchiq_state *state, struct vchiq_service *service)
> }
>
> if (service) {
> - sprintf(entity, "%p4cc:%03d",
> - &service->base.fourcc,
> - service->client_id);
> + snprintf(entity, sizeof(entity), "%p4cc:%03d",
> + &service->base.fourcc,
> + service->client_id);
> entity_uc = &service->service_use_count;
> } else {
> - sprintf(entity, "PEER: ");
> + snprintf(entity, sizeof(entity), "PEER: ");
> entity_uc = &arm_state->peer_use_count;
> }
>