diff options
| author | Ralf Baechle <ralf@linux-mips.org> | 2017-07-26 11:54:31 +0200 |
|---|---|---|
| committer | Ralf Baechle <ralf@linux-mips.org> | 2017-07-26 11:57:18 +0200 |
| commit | be52635f543d1b2540bf30e27f7561c441a1974e (patch) | |
| tree | 323c06e56a982307b585197b33d324525c66a629 /call/menu.c | |
| parent | 6553ae600526c04b7340c54aa1daf6a48379ea93 (diff) | |
call: Fix possible buffer overflow.
When downloading a file with a very long filename the 80 byte buffer used
by start_ab_download() might overflow. Increase the buffer to a sufficient
size and switch to using snprintf for double safety.
This also fixes the following warnings:
gcc -DHAVE_CONFIG_H -I. -I.. -g -O2 -Wall -MT call.o -MD -MP -MF .deps/call.Tpo -c -o call.o call.c
call.c: In function ‘cmd_call’:
call.c:1008:33: warning: ‘%s’ directive writing up to 254 bytes into a region of size 62 [-Wformat-overflow=]
sprintf(s, "filename : %s", gp->file_name);
^~
call.c:1008:3: note: ‘sprintf’ output between 19 and 273 bytes into a destination of size 80
sprintf(s, "filename : %s", gp->file_name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
call.c:1022:30: warning: ‘%s’ directive writing up to 254 bytes into a region of size 65 [-Wformat-overflow=]
sprintf(s, "Unable to open %s", gp->file_name);
^~
call.c:1022:3: note: ‘sprintf’ output between 16 and 270 bytes into a destination of size 80
sprintf(s, "Unable to open %s", gp->file_name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Diffstat (limited to 'call/menu.c')
0 files changed, 0 insertions, 0 deletions