diff mbox

[U-Boot,V2] common: nvedit: use snprintf instead of sprintf

Message ID 1450843689-25328-1-git-send-email-van.freenix@gmail.com
State Accepted
Delegated to: Tom Rini
Headers show

Commit Message

Peng Fan Dec. 23, 2015, 4:08 a.m. UTC 
From: Peng Fan <peng.fan@nxp.com>

Use snprintf to replace sprintf.

Coverity log:
"
Unbounded source buffer (STRING_SIZE)
string_size: Passing string init_val of unknown size to sprintf.
"

Reported-by: Coverity
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
---
 common/cmd_nvedit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Tom Rini Jan. 4, 2016, 10:23 p.m. UTC | #1 
On Wed, Dec 23, 2015 at 12:08:09PM +0800, Peng Fan wrote:

> From: Peng Fan <peng.fan@nxp.com>
> 
> Use snprintf to replace sprintf.
> 
> Coverity log:
> "
> Unbounded source buffer (STRING_SIZE)
> string_size: Passing string init_val of unknown size to sprintf.
> "
> 
> Reported-by: Coverity
> Signed-off-by: Peng Fan <peng.fan@nxp.com>
> Cc: Tom Rini <trini@konsulko.com>
> Cc: Simon Glass <sjg@chromium.org>
> Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>

Applied to u-boot/master, thanks!
diff mbox

Patch

diff --git a/common/cmd_nvedit.c b/common/cmd_nvedit.c
index f4c2523..3d295d1 100644
--- a/common/cmd_nvedit.c
+++ b/common/cmd_nvedit.c
@@ -594,7 +594,7 @@  static int do_env_edit(cmd_tbl_t *cmdtp, int flag, int argc,
 	/* Set read buffer to initial value or empty sting */
 	init_val = getenv(argv[1]);
 	if (init_val)
-		sprintf(buffer, "%s", init_val);
+		snprintf(buffer, CONFIG_SYS_CBSIZE, "%s", init_val);
 	else
 		buffer[0] = '\0';