[PATCH 123/342] Staging: rt2870: Don't call sprintf() with overlapping input and output.
Greg Kroah-Hartman
gregkh at suse.de
Fri Jun 19 18:05:47 UTC 2009
From: Anders Kaseorg <andersk at MIT.EDU>
The use of sprintf() to append to a buffer, as in
sprintf(buf, "%sEntry: %d\n", buf, i)
is not valid according to C99 ("If copying takes place between objects
that overlap, the behavior is undefined."). It breaks at least in
userspace under gcc -D_FORTIFY_SOURCE. Replace this construct with
sprintf(buf + strlen(buf), "Entry: %d\n", i)
This patch was automatically generated using
perl -0pe 's/(sprintf\s*\(\s*([^,]*))(\s*,\s*")%s((?:[^"\\]|\\.)*"\s*,)\s*\2\s*,/$1 + strlen($2)$3$4/g'
perl -0pe 's/(snprintf\s*\(\s*([^,]*))(\s*,[^,]*?)(\s*,\s*")%s((?:[^"\\]|\\.)*"\s*,)\s*\2\s*,/$1 + strlen($2)$3 - strlen($2)$4$5/g'
Signed-off-by: Anders Kaseorg <andersk at mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
drivers/staging/rt2870/common/cmm_info.c | 2 +-
drivers/staging/rt2870/sta/assoc.c | 2 +-
drivers/staging/rt2870/sta_ioctl.c | 39 ++++++++++++++---------------
3 files changed, 21 insertions(+), 22 deletions(-)
diff --git a/drivers/staging/rt2870/common/cmm_info.c b/drivers/staging/rt2870/common/cmm_info.c
index 47a1b1a..27586d3 100644
--- a/drivers/staging/rt2870/common/cmm_info.c
+++ b/drivers/staging/rt2870/common/cmm_info.c
@@ -3212,7 +3212,7 @@ INT RTMPShowCfgValue(
{
sprintf(pBuf, "\n");
for (PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC = RTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC; PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC->name; PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC++)
- sprintf(pBuf, "%s%s\n", pBuf, PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC->name);
+ sprintf(pBuf + strlen(pBuf), "%s\n", PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC->name);
}
return Status;
diff --git a/drivers/staging/rt2870/sta/assoc.c b/drivers/staging/rt2870/sta/assoc.c
index a76dab5..ae456ab 100644
--- a/drivers/staging/rt2870/sta/assoc.c
+++ b/drivers/staging/rt2870/sta/assoc.c
@@ -1781,7 +1781,7 @@ int wext_notify_event_assoc(
wrqu.data.length = (pAd->StaCfg.ReqVarIELen*2) + 17;
sprintf(custom, "ASSOCINFO(ReqIEs=");
for (idx=0; idx<pAd->StaCfg.ReqVarIELen; idx++)
- sprintf(custom, "%s%02x", custom, pAd->StaCfg.ReqVarIEs[idx]);
+ sprintf(custom + strlen(custom), "%02x", pAd->StaCfg.ReqVarIEs[idx]);
wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, custom);
}
else
diff --git a/drivers/staging/rt2870/sta_ioctl.c b/drivers/staging/rt2870/sta_ioctl.c
index 4b432ce..04cf5e5 100644
--- a/drivers/staging/rt2870/sta_ioctl.c
+++ b/drivers/staging/rt2870/sta_ioctl.c
@@ -1356,7 +1356,7 @@ int rt_ioctl_giwscan(struct net_device *dev,
iwe.u.data.length = (pAdapter->ScanTab.BssEntry[i].WpaIE.IELen * 2) + 7;
NdisMoveMemory(custom, "wpa_ie=", 7);
for (idx = 0; idx < pAdapter->ScanTab.BssEntry[i].WpaIE.IELen; idx++)
- sprintf(custom, "%s%02x", custom, pAdapter->ScanTab.BssEntry[i].WpaIE.IE[idx]);
+ sprintf(custom + strlen(custom), "%02x", pAdapter->ScanTab.BssEntry[i].WpaIE.IE[idx]);
previous_ev = current_ev;
current_ev = IWE_STREAM_ADD_POINT(info, current_ev, end_buf, &iwe, custom);
if (current_ev == previous_ev)
@@ -1376,7 +1376,7 @@ int rt_ioctl_giwscan(struct net_device *dev,
iwe.u.data.length = (pAdapter->ScanTab.BssEntry[i].RsnIE.IELen * 2) + 7;
NdisMoveMemory(custom, "rsn_ie=", 7);
for (idx = 0; idx < pAdapter->ScanTab.BssEntry[i].RsnIE.IELen; idx++)
- sprintf(custom, "%s%02x", custom, pAdapter->ScanTab.BssEntry[i].RsnIE.IE[idx]);
+ sprintf(custom + strlen(custom), "%02x", pAdapter->ScanTab.BssEntry[i].RsnIE.IE[idx]);
previous_ev = current_ev;
current_ev = IWE_STREAM_ADD_POINT(info, current_ev, end_buf, &iwe, custom);
if (current_ev == previous_ev)
@@ -2029,8 +2029,7 @@ void getBaInfo(
if (((pEntry->ValidAsCLI || pEntry->ValidAsApCli) && (pEntry->Sst == SST_ASSOC))
|| (pEntry->ValidAsWDS) || (pEntry->ValidAsMesh))
{
- sprintf(pOutBuf, "%s\n%02X:%02X:%02X:%02X:%02X:%02X (Aid = %d) (AP) -\n",
- pOutBuf,
+ sprintf(pOutBuf + strlen(pOutBuf), "\n%02X:%02X:%02X:%02X:%02X:%02X (Aid = %d) (AP) -\n",
pEntry->Addr[0], pEntry->Addr[1], pEntry->Addr[2],
pEntry->Addr[3], pEntry->Addr[4], pEntry->Addr[5], pEntry->Aid);
@@ -2040,7 +2039,7 @@ void getBaInfo(
if (pEntry->BARecWcidArray[j] != 0)
{
pRecBAEntry =&pAd->BATable.BARecEntry[pEntry->BARecWcidArray[j]];
- sprintf(pOutBuf, "%sTID=%d, BAWinSize=%d, LastIndSeq=%d, ReorderingPkts=%d\n", pOutBuf, j, pRecBAEntry->BAWinSize, pRecBAEntry->LastIndSeq, pRecBAEntry->list.qlen);
+ sprintf(pOutBuf + strlen(pOutBuf), "TID=%d, BAWinSize=%d, LastIndSeq=%d, ReorderingPkts=%d\n", j, pRecBAEntry->BAWinSize, pRecBAEntry->LastIndSeq, pRecBAEntry->list.qlen);
}
}
sprintf(pOutBuf, "%s\n", pOutBuf);
@@ -2051,7 +2050,7 @@ void getBaInfo(
if (pEntry->BAOriWcidArray[j] != 0)
{
pOriBAEntry =&pAd->BATable.BAOriEntry[pEntry->BAOriWcidArray[j]];
- sprintf(pOutBuf, "%sTID=%d, BAWinSize=%d, StartSeq=%d, CurTxSeq=%d\n", pOutBuf, j, pOriBAEntry->BAWinSize, pOriBAEntry->Sequence, pEntry->TxSeq[j]);
+ sprintf(pOutBuf + strlen(pOutBuf), "TID=%d, BAWinSize=%d, StartSeq=%d, CurTxSeq=%d\n", j, pOriBAEntry->BAWinSize, pOriBAEntry->Sequence, pEntry->TxSeq[j]);
}
}
sprintf(pOutBuf, "%s\n\n", pOutBuf);
@@ -7029,10 +7028,10 @@ INT Show_Adhoc_MacTable_Proc(
sprintf(extra, "\n");
#ifdef DOT11_N_SUPPORT
- sprintf(extra, "%sHT Operating Mode : %d\n", extra, pAd->CommonCfg.AddHTInfo.AddHtInfo2.OperaionMode);
+ sprintf(extra + strlen(extra), "HT Operating Mode : %d\n", pAd->CommonCfg.AddHTInfo.AddHtInfo2.OperaionMode);
#endif // DOT11_N_SUPPORT //
- sprintf(extra, "%s\n%-19s%-4s%-4s%-7s%-7s%-7s%-10s%-6s%-6s%-6s%-6s\n", extra,
+ sprintf(extra + strlen(extra), "\n%-19s%-4s%-4s%-7s%-7s%-7s%-10s%-6s%-6s%-6s%-6s\n",
"MAC", "AID", "BSS", "RSSI0", "RSSI1", "RSSI2", "PhMd", "BW", "MCS", "SGI", "STBC");
for (i=1; i<MAX_LEN_OF_MAC_TABLE; i++)
@@ -7043,20 +7042,20 @@ INT Show_Adhoc_MacTable_Proc(
break;
if ((pEntry->ValidAsCLI || pEntry->ValidAsApCli) && (pEntry->Sst == SST_ASSOC))
{
- sprintf(extra, "%s%02X:%02X:%02X:%02X:%02X:%02X ", extra,
+ sprintf(extra + strlen(extra), "%02X:%02X:%02X:%02X:%02X:%02X ",
pEntry->Addr[0], pEntry->Addr[1], pEntry->Addr[2],
pEntry->Addr[3], pEntry->Addr[4], pEntry->Addr[5]);
- sprintf(extra, "%s%-4d", extra, (int)pEntry->Aid);
- sprintf(extra, "%s%-4d", extra, (int)pEntry->apidx);
- sprintf(extra, "%s%-7d", extra, pEntry->RssiSample.AvgRssi0);
- sprintf(extra, "%s%-7d", extra, pEntry->RssiSample.AvgRssi1);
- sprintf(extra, "%s%-7d", extra, pEntry->RssiSample.AvgRssi2);
- sprintf(extra, "%s%-10s", extra, GetPhyMode(pEntry->HTPhyMode.field.MODE));
- sprintf(extra, "%s%-6s", extra, GetBW(pEntry->HTPhyMode.field.BW));
- sprintf(extra, "%s%-6d", extra, pEntry->HTPhyMode.field.MCS);
- sprintf(extra, "%s%-6d", extra, pEntry->HTPhyMode.field.ShortGI);
- sprintf(extra, "%s%-6d", extra, pEntry->HTPhyMode.field.STBC);
- sprintf(extra, "%s%-10d, %d, %d%%\n", extra, pEntry->DebugFIFOCount, pEntry->DebugTxCount,
+ sprintf(extra + strlen(extra), "%-4d", (int)pEntry->Aid);
+ sprintf(extra + strlen(extra), "%-4d", (int)pEntry->apidx);
+ sprintf(extra + strlen(extra), "%-7d", pEntry->RssiSample.AvgRssi0);
+ sprintf(extra + strlen(extra), "%-7d", pEntry->RssiSample.AvgRssi1);
+ sprintf(extra + strlen(extra), "%-7d", pEntry->RssiSample.AvgRssi2);
+ sprintf(extra + strlen(extra), "%-10s", GetPhyMode(pEntry->HTPhyMode.field.MODE));
+ sprintf(extra + strlen(extra), "%-6s", GetBW(pEntry->HTPhyMode.field.BW));
+ sprintf(extra + strlen(extra), "%-6d", pEntry->HTPhyMode.field.MCS);
+ sprintf(extra + strlen(extra), "%-6d", pEntry->HTPhyMode.field.ShortGI);
+ sprintf(extra + strlen(extra), "%-6d", pEntry->HTPhyMode.field.STBC);
+ sprintf(extra + strlen(extra), "%-10d, %d, %d%%\n", pEntry->DebugFIFOCount, pEntry->DebugTxCount,
(pEntry->DebugTxCount) ? ((pEntry->DebugTxCount-pEntry->DebugFIFOCount)*100/pEntry->DebugTxCount) : 0);
sprintf(extra, "%s\n", extra);
}
--
1.6.3.2
More information about the devel
mailing list