From 32c976bca43814be70d6062885be80673ffd66fc Mon Sep 17 00:00:00 2001 From: Anders Kaseorg Date: Tue, 24 Mar 2009 16:40:41 -0400 Subject: [PATCH] Staging: rt2860: Don't call sprintf() with overlapping input and output. The use of sprintf() to append to a buffer, as in sprintf(buf, "%sEntry: %d\n", buf, i) is not valid according to C99 ("If copying takes place between objects that overlap, the behavior is undefined."). It breaks at least in userspace under gcc -D_FORTIFY_SOURCE. Replace this construct with sprintf(buf + strlen(buf), "Entry: %d\n", i) This patch was automatically generated using perl -0pe 's/(sprintf\s*\(\s*([^,]*))(\s*,\s*")%s((?:[^"\\]|\\.)*"\s*,)\s*\2\s*,/$1 + strlen($2)$3$4/g' perl -0pe 's/(snprintf\s*\(\s*([^,]*))(\s*,[^,]*?)(\s*,\s*")%s((?:[^"\\]|\\.)*"\s*,)\s*\2\s*,/$1 + strlen($2)$3 - strlen($2)$4$5/g' Signed-off-by: Anders Kaseorg Signed-off-by: Greg Kroah-Hartman --- drivers/staging/rt2860/common/cmm_info.c | 2 +- drivers/staging/rt2860/sta/assoc.c | 2 +- drivers/staging/rt2860/sta_ioctl.c | 11 +++++------ 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/drivers/staging/rt2860/common/cmm_info.c b/drivers/staging/rt2860/common/cmm_info.c index c3e13195e121..9e7efb0f2bd4 100644 --- a/drivers/staging/rt2860/common/cmm_info.c +++ b/drivers/staging/rt2860/common/cmm_info.c @@ -2911,7 +2911,7 @@ INT RTMPShowCfgValue( { sprintf(pBuf, "\n"); for (PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC = RTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC; PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC->name; PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC++) - sprintf(pBuf, "%s%s\n", pBuf, PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC->name); + sprintf(pBuf + strlen(pBuf), "%s\n", PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC->name); } return Status; diff --git a/drivers/staging/rt2860/sta/assoc.c b/drivers/staging/rt2860/sta/assoc.c index 34f1c1490f44..99c2aed4ee45 100644 --- a/drivers/staging/rt2860/sta/assoc.c +++ b/drivers/staging/rt2860/sta/assoc.c @@ -1791,7 +1791,7 @@ int wext_notify_event_assoc( wrqu.data.length = (pAd->StaCfg.ReqVarIELen*2) + 17; sprintf(custom, "ASSOCINFO(ReqIEs="); for (idx=0; idxStaCfg.ReqVarIELen; idx++) - sprintf(custom, "%s%02x", custom, pAd->StaCfg.ReqVarIEs[idx]); + sprintf(custom + strlen(custom), "%02x", pAd->StaCfg.ReqVarIEs[idx]); wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, custom); } else diff --git a/drivers/staging/rt2860/sta_ioctl.c b/drivers/staging/rt2860/sta_ioctl.c index c5452f152a21..56c22a68d4b7 100644 --- a/drivers/staging/rt2860/sta_ioctl.c +++ b/drivers/staging/rt2860/sta_ioctl.c @@ -1360,7 +1360,7 @@ int rt_ioctl_giwscan(struct net_device *dev, iwe.u.data.length = (pAdapter->ScanTab.BssEntry[i].WpaIE.IELen * 2) + 7; NdisMoveMemory(custom, "wpa_ie=", 7); for (idx = 0; idx < pAdapter->ScanTab.BssEntry[i].WpaIE.IELen; idx++) - sprintf(custom, "%s%02x", custom, pAdapter->ScanTab.BssEntry[i].WpaIE.IE[idx]); + sprintf(custom + strlen(custom), "%02x", pAdapter->ScanTab.BssEntry[i].WpaIE.IE[idx]); previous_ev = current_ev; current_ev = IWE_STREAM_ADD_POINT(info, current_ev, end_buf, &iwe, custom); if (current_ev == previous_ev) @@ -1380,7 +1380,7 @@ int rt_ioctl_giwscan(struct net_device *dev, iwe.u.data.length = (pAdapter->ScanTab.BssEntry[i].RsnIE.IELen * 2) + 7; NdisMoveMemory(custom, "rsn_ie=", 7); for (idx = 0; idx < pAdapter->ScanTab.BssEntry[i].RsnIE.IELen; idx++) - sprintf(custom, "%s%02x", custom, pAdapter->ScanTab.BssEntry[i].RsnIE.IE[idx]); + sprintf(custom + strlen(custom), "%02x", pAdapter->ScanTab.BssEntry[i].RsnIE.IE[idx]); previous_ev = current_ev; current_ev = IWE_STREAM_ADD_POINT(info, current_ev, end_buf, &iwe, custom); if (current_ev == previous_ev) @@ -2022,8 +2022,7 @@ void getBaInfo( if (((pEntry->ValidAsCLI || pEntry->ValidAsApCli) && (pEntry->Sst == SST_ASSOC)) || (pEntry->ValidAsWDS) || (pEntry->ValidAsMesh)) { - sprintf(pOutBuf, "%s\n%02X:%02X:%02X:%02X:%02X:%02X (Aid = %d) (AP) -\n", - pOutBuf, + sprintf(pOutBuf + strlen(pOutBuf), "\n%02X:%02X:%02X:%02X:%02X:%02X (Aid = %d) (AP) -\n", pEntry->Addr[0], pEntry->Addr[1], pEntry->Addr[2], pEntry->Addr[3], pEntry->Addr[4], pEntry->Addr[5], pEntry->Aid); @@ -2033,7 +2032,7 @@ void getBaInfo( if (pEntry->BARecWcidArray[j] != 0) { pRecBAEntry =&pAd->BATable.BARecEntry[pEntry->BARecWcidArray[j]]; - sprintf(pOutBuf, "%sTID=%d, BAWinSize=%d, LastIndSeq=%d, ReorderingPkts=%d\n", pOutBuf, j, pRecBAEntry->BAWinSize, pRecBAEntry->LastIndSeq, pRecBAEntry->list.qlen); + sprintf(pOutBuf + strlen(pOutBuf), "TID=%d, BAWinSize=%d, LastIndSeq=%d, ReorderingPkts=%d\n", j, pRecBAEntry->BAWinSize, pRecBAEntry->LastIndSeq, pRecBAEntry->list.qlen); } } sprintf(pOutBuf, "%s\n", pOutBuf); @@ -2044,7 +2043,7 @@ void getBaInfo( if (pEntry->BAOriWcidArray[j] != 0) { pOriBAEntry =&pAd->BATable.BAOriEntry[pEntry->BAOriWcidArray[j]]; - sprintf(pOutBuf, "%sTID=%d, BAWinSize=%d, StartSeq=%d, CurTxSeq=%d\n", pOutBuf, j, pOriBAEntry->BAWinSize, pOriBAEntry->Sequence, pEntry->TxSeq[j]); + sprintf(pOutBuf + strlen(pOutBuf), "TID=%d, BAWinSize=%d, StartSeq=%d, CurTxSeq=%d\n", j, pOriBAEntry->BAWinSize, pOriBAEntry->Sequence, pEntry->TxSeq[j]); } } sprintf(pOutBuf, "%s\n\n", pOutBuf); -- 2.20.1