From patchwork Tue Oct 18 01:54:18 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Glass <sjg@chromium.org>
X-Patchwork-Id: 120355
Return-Path: <u-boot-bounces@lists.denx.de>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from theia.denx.de (theia.denx.de [85.214.87.163])
	by ozlabs.org (Postfix) with ESMTP id A3CD7B70C6
	for <incoming@patchwork.ozlabs.org>;
	Tue, 18 Oct 2011 12:55:49 +1100 (EST)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 93DB029116;
	Tue, 18 Oct 2011 03:55:44 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at theia.denx.de
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 8Z6O5BWQyeoY; Tue, 18 Oct 2011 03:55:44 +0200 (CEST)
Received: from theia.denx.de (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 37BE8290DF;
	Tue, 18 Oct 2011 03:55:34 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by theia.denx.de (Postfix) with ESMTP id 3C09D2905F
	for <u-boot@lists.denx.de>; Tue, 18 Oct 2011 03:55:19 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at theia.denx.de
Received: from theia.denx.de ([127.0.0.1])
	by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id OGkr9WjwWpUP for <u-boot@lists.denx.de>;
	Tue, 18 Oct 2011 03:55:18 +0200 (CEST)
X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5
	NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51])
	by theia.denx.de (Postfix) with ESMTPS id 02E5029030
	for <u-boot@lists.denx.de>; Tue, 18 Oct 2011 03:54:58 +0200 (CEST)
Received: from hpaq1.eem.corp.google.com (hpaq1.eem.corp.google.com
	[172.25.149.1]) by smtp-out.google.com with ESMTP id p9I1st8J002273;
	Mon, 17 Oct 2011 18:54:56 -0700
Received: from sglass.mtv.corp.google.com (sglass.mtv.corp.google.com
	[172.22.72.144])
	by hpaq1.eem.corp.google.com with ESMTP id p9I1ssjF015383;
	Mon, 17 Oct 2011 18:54:54 -0700
Received: by sglass.mtv.corp.google.com (Postfix, from userid 121222)
	id DB817146018; Mon, 17 Oct 2011 18:54:52 -0700 (PDT)
From: Simon Glass <sjg@chromium.org>
To: U-Boot Mailing List <u-boot@lists.denx.de>
Date: Mon, 17 Oct 2011 18:54:18 -0700
Message-Id: <1318902858-18432-7-git-send-email-sjg@chromium.org>
X-Mailer: git-send-email 1.7.3.1
In-Reply-To: <1318902858-18432-1-git-send-email-sjg@chromium.org>
References: <1318902858-18432-1-git-send-email-sjg@chromium.org>
X-System-Of-Record: true
Cc: Sonny Rao <sonnyrao@chromium.org>
Subject: [U-Boot] [PATCH v3 6/6] Make printf and vprintf safe from buffer
	overruns
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <http://lists.denx.de/mailman/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <http://lists.denx.de/mailman/listinfo/u-boot>,
	<mailto:u-boot-request@lists.denx.de?subject=subscribe>
MIME-Version: 1.0
Sender: u-boot-bounces@lists.denx.de
Errors-To: u-boot-bounces@lists.denx.de

From: Sonny Rao <sonnyrao@chromium.org>

From: Sonny Rao <sonnyrao@chromium.org>

utilize the added vscnprintf functions to avoid buffer overruns
The implementation is fairly dumb in that it doesn't detect
that the buffer is too small, but at least will not cause crashes.

Signed-off-by: Sonny Rao <sonnyrao@chromium.org>
---
Changes in v2:
- Use sizeof(printbuffer) instead of CONFIG_SYS_PBSIZE
- Drop patch which changes network code to use snprintf()

 common/console.c |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/common/console.c b/common/console.c
index f17875e..1177f7d 100644
--- a/common/console.c
+++ b/common/console.c
@@ -212,7 +212,7 @@ int serial_printf(const char *fmt, ...)
 	/* For this to work, printbuffer must be larger than
 	 * anything we ever want to print.
 	 */
-	i = vsprintf(printbuffer, fmt, args);
+	i = vscnprintf(printbuffer, sizeof(printbuffer), fmt, args);
 	va_end(args);
 
 	serial_puts(printbuffer);
@@ -281,7 +281,7 @@ int fprintf(int file, const char *fmt, ...)
 	/* For this to work, printbuffer must be larger than
 	 * anything we ever want to print.
 	 */
-	i = vsprintf(printbuffer, fmt, args);
+	i = vscnprintf(printbuffer, sizeof(printbuffer), fmt, args);
 	va_end(args);
 
 	/* Send to desired file */
@@ -426,7 +426,7 @@ int printf(const char *fmt, ...)
 	/* For this to work, printbuffer must be larger than
 	 * anything we ever want to print.
 	 */
-	i = vsprintf(printbuffer, fmt, args);
+	i = vscnprintf(printbuffer, sizeof(printbuffer), fmt, args);
 	va_end(args);
 
 	/* Print the string */
@@ -447,7 +447,7 @@ int vprintf(const char *fmt, va_list args)
 	/* For this to work, printbuffer must be larger than
 	 * anything we ever want to print.
 	 */
-	i = vsprintf(printbuffer, fmt, args);
+	i = vscnprintf(printbuffer, sizeof(printbuffer), fmt, args);
 
 	/* Print the string */
 	puts(printbuffer);
@@ -514,7 +514,7 @@ inline void dbg(const char *fmt, ...)
 	/* For this to work, printbuffer must be larger than
 	 * anything we ever want to print.
 	 */
-	i = vsprintf(printbuffer, fmt, args);
+	i = vsnprintf(printbuffer, sizeof(printbuffer), fmt, args);
 	va_end(args);
 
 	if ((screen + sizeof(screen) - 1 - cursor)