[dpdk-dev] [PATCH] power: fix sprintf with snprintf

Aaron Conole aconole at redhat.com
Fri Feb 8 22:28:51 CET 2019

Previous message: [dpdk-dev] [PATCH] power: fix sprintf with snprintf
Next message: [dpdk-dev] [PATCH] vhost: fix sprintf with snprintf
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Pallantla Poornima <pallantlax.poornima at intel.com> writes:

> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf is used.
>
> Fixes: 450f079131 ("power: add traffic pattern aware power control")
> Cc: stable at dpdk.org
>
> Signed-off-by: Pallantla Poornima <pallantlax.poornima at intel.com>
> ---
>  lib/librte_power/rte_power_empty_poll.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/librte_power/rte_power_empty_poll.c b/lib/librte_power/rte_power_empty_poll.c
> index e6145462f..df00a3968 100644
> --- a/lib/librte_power/rte_power_empty_poll.c
> +++ b/lib/librte_power/rte_power_empty_poll.c
> @@ -159,7 +159,7 @@ update_training_stats(struct priority_worker *poll_stats,
>  	char pfi_str[32];
>  	uint64_t p0_empty_deq;
>  
> -	sprintf(pfi_str, "%02d", freq);
> +	snprintf(pfi_str, sizeof(pfi_str), "%02d", freq);

Shouldn't we just remove pfi_str completely?  I don't see it referenced
anywhere else in this function.

That would be better than changing to snprintf(), imo.

>  	if (poll_stats->cur_freq == freq &&
>  			poll_stats->thresh[freq].trained == false) {

Previous message: [dpdk-dev] [PATCH] power: fix sprintf with snprintf
Next message: [dpdk-dev] [PATCH] vhost: fix sprintf with snprintf
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list