diff mbox series

power: fix sprintf with snprintf

Message ID	1549265096-4812-1-git-send-email-pallantlax.poornima@intel.com (mailing list archive)
State	Superseded, archived
Delegated to:	Thomas Monjalon
Headers	From: Pallantla Poornima <pallantlax.poornima@intel.com> To: dev@dpdk.org Cc: reshma.pattan@intel.com, david.hunt@intel.com, Pallantla Poornima <pallantlax.poornima@intel.com>, stable@dpdk.org Date: Mon, 4 Feb 2019 07:24:56 +0000 Message-Id: <1549265096-4812-1-git-send-email-pallantlax.poornima@intel.com> In-Reply-To: <y> References: <y> Subject: [dpdk-dev] [PATCH] power: fix sprintf with snprintf Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	power: fix sprintf with snprintf \| power: fix sprintf with snprintf

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/intel-Performance-Testing	success	Performance Testing PASS
ci/mellanox-Performance-Testing	success	Performance Testing PASS
ci/Intel-compilation	success	Compilation OK

Commit Message

Poornima, PallantlaX Feb. 4, 2019, 7:24 a.m. UTC

  sprintf function is not secure as it doesn't check the length of string.
More secure function snprintf is used.

Fixes: 450f079131 ("power: add traffic pattern aware power control")
Cc: stable@dpdk.org

Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
---
 lib/librte_power/rte_power_empty_poll.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Aaron Conole Feb. 8, 2019, 9:28 p.m. UTC | #1

Pallantla Poornima <pallantlax.poornima@intel.com> writes:

> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf is used.
>
> Fixes: 450f079131 ("power: add traffic pattern aware power control")
> Cc: stable@dpdk.org
>
> Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
> ---
>  lib/librte_power/rte_power_empty_poll.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/librte_power/rte_power_empty_poll.c b/lib/librte_power/rte_power_empty_poll.c
> index e6145462f..df00a3968 100644
> --- a/lib/librte_power/rte_power_empty_poll.c
> +++ b/lib/librte_power/rte_power_empty_poll.c
> @@ -159,7 +159,7 @@ update_training_stats(struct priority_worker *poll_stats,
>  	char pfi_str[32];
>  	uint64_t p0_empty_deq;
>  
> -	sprintf(pfi_str, "%02d", freq);
> +	snprintf(pfi_str, sizeof(pfi_str), "%02d", freq);

Shouldn't we just remove pfi_str completely?  I don't see it referenced
anywhere else in this function.

That would be better than changing to snprintf(), imo.

>  	if (poll_stats->cur_freq == freq &&
>  			poll_stats->thresh[freq].trained == false) {

diff mbox series

Patch

diff --git a/lib/librte_power/rte_power_empty_poll.c b/lib/librte_power/rte_power_empty_poll.c
index e6145462f..df00a3968 100644
--- a/lib/librte_power/rte_power_empty_poll.c
+++ b/lib/librte_power/rte_power_empty_poll.c
@@ -159,7 +159,7 @@  update_training_stats(struct priority_worker *poll_stats,
 	char pfi_str[32];
 	uint64_t p0_empty_deq;
 
-	sprintf(pfi_str, "%02d", freq);
+	snprintf(pfi_str, sizeof(pfi_str), "%02d", freq);
 
 	if (poll_stats->cur_freq == freq &&
 			poll_stats->thresh[freq].trained == false) {