Date: Sat, 21 Nov 1998 17:55:18 +1100 From: Bruce Evans <bde@zeta.org.au> To: archie@whistle.com, dillon@apollo.backplane.com, freebsd-current@FreeBSD.ORG, grog@lemis.com, rnordier@nordier.com Subject: Re: snprintf() in the kernel Message-ID: <199811210655.RAA26988@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
> Also review zero-termination cases for disklabels... make sure > disklabel isn't designed to allow a full-length string (without > zero-termination) else your snprintf()'s have broke something. disklabel is so designed. >alpha/alpha/db_disasm.c > > line 196, static char unk[8]; ... buffer is not big enough. Needs to be > at least 11. The snprintf() prevents a possible overflow (a bug fixed!), > but the buffer should probably be made larger anyway. Actually, it only needs to be 10 :-). It is only used to print a 26-bit unsigned bitfield value. >cam/scsi/scsi_all.c > > line 1566, char holdstr[8] was totally broken anyway, it wasn't big > enough (needs to be 10). Your patch removes it which is good. > A second bug fixed! No bug here. The value is a u_int8_t. >i386/isa/mcd.c > > (Looks like you fixed a bug here... the strncpy was assuming zero > termination) The bug was subtracting 1 from the size. >netatm/spans/spans_util.c: > > I'm not sure about these ntohl() calls. Some of the defines just > macro the arguments through, others are routines, but historically > ntohl() has operated on a 32 bit quantity so we should probably > cast to ntohl() results to (long) in the s*printf() calls as well > as do the sprintf()->snprintf() conversion. ntohl() must operate on a 32-bit quantitiy, but it should't return u_long unless u_long is 32 bits. ntohl() results should be cast to (u_long) (or (u_int32_t) if you can easiy use the format specifier for that). > >RCS file: /cvs/freebsd/src/sys/netatm/spans/spans_util.c,v >retrieving revision 1.3 >diff -u -r1.3 spans_util.c >--- spans_util.c 1998/10/31 20:06:56 1.3 >+++ spans_util.c 1998/11/21 03:03:09 >@@ -441,7 +441,7 @@ > /* > * Print and return the string > */ >- sprintf(strbuff, "%lx.%lx", ntohl(u1.w), ntohl(u2.w)); >+ snprintf(strbuff, sizeof(strbuff), "%lx.%lx", ntohl(u1.w), ntohl(u2.w)); > return(strbuff); > } The 80 character buffer is obviously big enough for sprintf if ntohl() returns a 32-bit quantity. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811210655.RAA26988>