power: fix sprintf with snprintf

Message ID 1549265096-4812-1-git-send-email-pallantlax.poornima@intel.com
State Superseded
Delegated to: Thomas Monjalon
Headers show
Series
  • power: fix sprintf with snprintf
Related show

Checks

Context Check Description
ci/Intel-compilation success Compilation OK
ci/mellanox-Performance-Testing success Performance Testing PASS
ci/intel-Performance-Testing success Performance Testing PASS
ci/checkpatch success coding style OK

Commit Message

Pallantla Poornima Feb. 4, 2019, 7:24 a.m.
sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf is used.

Fixes: 450f079131 ("power: add traffic pattern aware power control")
Cc: stable@dpdk.org

Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
---
 lib/librte_power/rte_power_empty_poll.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Aaron Conole Feb. 8, 2019, 9:28 p.m. | #1
Pallantla Poornima <pallantlax.poornima@intel.com> writes:

> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf is used.
>
> Fixes: 450f079131 ("power: add traffic pattern aware power control")
> Cc: stable@dpdk.org
>
> Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
> ---
>  lib/librte_power/rte_power_empty_poll.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/librte_power/rte_power_empty_poll.c b/lib/librte_power/rte_power_empty_poll.c
> index e6145462f..df00a3968 100644
> --- a/lib/librte_power/rte_power_empty_poll.c
> +++ b/lib/librte_power/rte_power_empty_poll.c
> @@ -159,7 +159,7 @@ update_training_stats(struct priority_worker *poll_stats,
>  	char pfi_str[32];
>  	uint64_t p0_empty_deq;
>  
> -	sprintf(pfi_str, "%02d", freq);
> +	snprintf(pfi_str, sizeof(pfi_str), "%02d", freq);

Shouldn't we just remove pfi_str completely?  I don't see it referenced
anywhere else in this function.

That would be better than changing to snprintf(), imo.

>  	if (poll_stats->cur_freq == freq &&
>  			poll_stats->thresh[freq].trained == false) {

Patch

diff --git a/lib/librte_power/rte_power_empty_poll.c b/lib/librte_power/rte_power_empty_poll.c
index e6145462f..df00a3968 100644
--- a/lib/librte_power/rte_power_empty_poll.c
+++ b/lib/librte_power/rte_power_empty_poll.c
@@ -159,7 +159,7 @@  update_training_stats(struct priority_worker *poll_stats,
 	char pfi_str[32];
 	uint64_t p0_empty_deq;
 
-	sprintf(pfi_str, "%02d", freq);
+	snprintf(pfi_str, sizeof(pfi_str), "%02d", freq);
 
 	if (poll_stats->cur_freq == freq &&
 			poll_stats->thresh[freq].trained == false) {