diff mbox

[dpdk-dev,v6,14/16] app/proc-info: sprintf overrun bug

Message ID	152627406233.52758.14586673394606574914.stgit@localhost.localdomain (mailing list archive)
State	Accepted, archived
Delegated to:	Ferruh Yigit
Headers	From: Andy Green <andy@warmcat.com> To: dev@dpdk.org Date: Mon, 14 May 2018 13:01:02 +0800 Message-ID: <152627406233.52758.14586673394606574914.stgit@localhost.localdomain> In-Reply-To: <152627394448.52758.15834703911138407294.stgit@localhost.localdomain> References: <152627394448.52758.15834703911138407294.stgit@localhost.localdomain> User-Agent: StGit/unknown-version Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Subject: [dpdk-dev] [PATCH v6 14/16] app/proc-info: sprintf overrun bug Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/Intel-compilation	success	Compilation OK

Commit Message

Andy Green May 14, 2018, 5:01 a.m. UTC

  /home/agreen/projects/dpdk/app/proc-info/main.c: In function
‘nic_xstats_display’:
/home/agreen/projects/dpdk/app/proc-info/main.c:495:45:
error: ‘%s’ directive writing up to 255 bytes into a region
of size between 165 and 232 [-Werror=format-overflow=]
    sprintf(buf, "PUTVAL %s/dpdkstat-port.%u/%s-%s N:%"
                                             ^~
     PRIu64"\n", host_id, port_id, counter_type,
                                   ~~~~~~~~~~~~
/home/agreen/projects/dpdk/app/proc-info/main.c:495:4: note:
‘sprintf’ output between 31 and 435 bytes into a destination
of size 256
    sprintf(buf, "PUTVAL %s/dpdkstat-port.%u/%s-%s N:%"
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     PRIu64"\n", host_id, port_id, counter_type,
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     xstats_names[i].name, values[i]);

Signed-off-by: Andy Green <andy@warmcat.com>
Fixes: 2deb6b5246d7 ("app/procinfo: add collectd format and host id")
Cc: stable@dpdk.org
---
 app/proc-info/main.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

Comments

Ferruh Yigit May 14, 2018, 8:31 p.m. UTC | #1

On 5/14/2018 6:01 AM, Andy Green wrote:
> /home/agreen/projects/dpdk/app/proc-info/main.c: In function
> ‘nic_xstats_display’:
> /home/agreen/projects/dpdk/app/proc-info/main.c:495:45:
> error: ‘%s’ directive writing up to 255 bytes into a region
> of size between 165 and 232 [-Werror=format-overflow=]
>     sprintf(buf, "PUTVAL %s/dpdkstat-port.%u/%s-%s N:%"
>                                              ^~
>      PRIu64"\n", host_id, port_id, counter_type,
>                                    ~~~~~~~~~~~~
> /home/agreen/projects/dpdk/app/proc-info/main.c:495:4: note:
> ‘sprintf’ output between 31 and 435 bytes into a destination
> of size 256
>     sprintf(buf, "PUTVAL %s/dpdkstat-port.%u/%s-%s N:%"
>     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>      PRIu64"\n", host_id, port_id, counter_type,
>      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>      xstats_names[i].name, values[i]);
> 
> Signed-off-by: Andy Green <andy@warmcat.com>
> Fixes: 2deb6b5246d7 ("app/procinfo: add collectd format and host id")
> Cc: stable@dpdk.org

Reviewed-by: Ferruh Yigit <ferruh.yigit@intel.com>

diff mbox

Patch

diff --git a/app/proc-info/main.c b/app/proc-info/main.c
index 539e13243..c20effa4f 100644
--- a/app/proc-info/main.c
+++ b/app/proc-info/main.c
@@ -488,14 +488,18 @@  nic_xstats_display(uint16_t port_id)
 		if (enable_collectd_format) {
 			char counter_type[MAX_STRING_LEN];
 			char buf[MAX_STRING_LEN];
+			size_t n;
 
 			collectd_resolve_cnt_type(counter_type,
 						  sizeof(counter_type),
 						  xstats_names[i].name);
-			sprintf(buf, "PUTVAL %s/dpdkstat-port.%u/%s-%s N:%"
+			n = snprintf(buf, MAX_STRING_LEN,
+				"PUTVAL %s/dpdkstat-port.%u/%s-%s N:%"
 				PRIu64"\n", host_id, port_id, counter_type,
 				xstats_names[i].name, values[i]);
-			ret = write(stdout_fd, buf, strlen(buf));
+			if (n > sizeof(buf) - 1)
+				n = sizeof(buf) - 1;
+			ret = write(stdout_fd, buf, n);
 			if (ret < 0)
 				goto err;
 		} else {