summaryrefslogtreecommitdiffstats
path: root/call/menu.c
diff options
context:
space:
mode:
authorRalf Baechle <ralf@linux-mips.org>2017-07-26 11:54:31 +0200
committerRalf Baechle <ralf@linux-mips.org>2017-07-26 11:57:18 +0200
commitbe52635f543d1b2540bf30e27f7561c441a1974e (patch)
tree323c06e56a982307b585197b33d324525c66a629 /call/menu.c
parent6553ae600526c04b7340c54aa1daf6a48379ea93 (diff)
call: Fix possible buffer overflow.
When downloading a file with a very long filename the 80 byte buffer used by start_ab_download() might overflow. Increase the buffer to a sufficient size and switch to using snprintf for double safety. This also fixes the following warnings: gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -Wall -MT call.o -MD -MP -MF .deps/call.Tpo -c -o call.o call.c call.c: In function ‘cmd_call’: call.c:1008:33: warning: ‘%s’ directive writing up to 254 bytes into a region of size 62 [-Wformat-overflow=] sprintf(s, "filename : %s", gp->file_name); ^~ call.c:1008:3: note: ‘sprintf’ output between 19 and 273 bytes into a destination of size 80 sprintf(s, "filename : %s", gp->file_name); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ call.c:1022:30: warning: ‘%s’ directive writing up to 254 bytes into a region of size 65 [-Wformat-overflow=] sprintf(s, "Unable to open %s", gp->file_name); ^~ call.c:1022:3: note: ‘sprintf’ output between 16 and 270 bytes into a destination of size 80 sprintf(s, "Unable to open %s", gp->file_name); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Diffstat (limited to 'call/menu.c')
0 files changed, 0 insertions, 0 deletions