From 380f6359baf3535b484b3360d91c28ba2b44e99d Mon Sep 17 00:00:00 2001
From: Sungchun Kang <sungchun.kang@samsung.com>
Date: Thu, 28 Feb 2013 13:13:31 +0900
Subject: [PATCH] libv4l2: Fixed bugs result of prevent tool

Use snprintf instead of sprintf for avoiding risk of overflow.

Change-Id: If420efb9780e615c368400b2de0c05743ec3a5f6
Signed-off-by: Sungchun Kang <sungchun.kang@samsung.com>
---
 libv4l2/exynos_mc.c     | 6 +++---
 libv4l2/exynos_subdev.c | 8 ++++----
 libv4l2/exynos_v4l2.c   | 8 ++++----
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/libv4l2/exynos_mc.c b/libv4l2/exynos_mc.c
index 8c5230c..02e8303 100644
--- a/libv4l2/exynos_mc.c
+++ b/libv4l2/exynos_mc.c
@@ -171,7 +171,7 @@ static int __media_get_devname_sysfs(struct media_entity *entity)
     char *p;
     int ret;
 
-    sprintf(sysname, "/sys/dev/char/%u:%u", entity->info.v4l.major,
+    snprintf(sysname, sizeof(sysname), "/sys/dev/char/%u:%u", entity->info.v4l.major,
         entity->info.v4l.minor);
 
     ret = readlink(sysname, target, sizeof(target));
@@ -183,10 +183,10 @@ static int __media_get_devname_sysfs(struct media_entity *entity)
     if (p == NULL)
         return -EINVAL;
 
-    sprintf(devname, "/tmp/%s", p + 1);
+    snprintf(devname, sizeof(devname), "/tmp/%s", p + 1);
 
     ret = mknod(devname, 0666 | S_IFCHR, MKDEV(81, entity->info.v4l.minor));
-    strcpy(entity->devname, devname);
+    strncpy(entity->devname, devname, 32);
 
     return 0;
 }
diff --git a/libv4l2/exynos_subdev.c b/libv4l2/exynos_subdev.c
index e03d02f..0f4f3a2 100644
--- a/libv4l2/exynos_subdev.c
+++ b/libv4l2/exynos_subdev.c
@@ -82,7 +82,7 @@ int exynos_subdev_get_node_num(const char *devname, int oflag, ...)
             break;
 
         /* video device node */
-        sprintf(filename, "/dev/v4l-subdev%d", i++);
+        snprintf(filename, sizeof(filename), "/dev/v4l-subdev%d", i++);
 
         /* if the node is video device */
         if ((lstat(filename, &s) == 0) && S_ISCHR(s.st_mode) &&
@@ -90,7 +90,7 @@ int exynos_subdev_get_node_num(const char *devname, int oflag, ...)
             minor = (int)((unsigned short)(s.st_rdev & 0x3f));
             ALOGD("try node: %s, minor: %d", filename, minor);
             /* open sysfs entry */
-            sprintf(filename, "/sys/class/video4linux/v4l-subdev%d/name", minor);
+            snprintf(filename, sizeof(filename), "/sys/class/video4linux/v4l-subdev%d/name", minor);
             stream_fd = fopen(filename, "r");
             if (stream_fd == NULL) {
                 ALOGE("failed to open sysfs entry for subdev");
@@ -137,7 +137,7 @@ int exynos_subdev_open_devname(const char *devname, int oflag, ...)
             break;
 
         /* video device node */
-        sprintf(filename, "/dev/v4l-subdev%d", i++);
+        snprintf(filename, sizeof(filename), "/dev/v4l-subdev%d", i++);
 
         /* if the node is video device */
         if ((lstat(filename, &s) == 0) && S_ISCHR(s.st_mode) &&
@@ -145,7 +145,7 @@ int exynos_subdev_open_devname(const char *devname, int oflag, ...)
             minor = (int)((unsigned short)(s.st_rdev & 0x3f));
             ALOGD("try node: %s, minor: %d", filename, minor);
             /* open sysfs entry */
-            sprintf(filename, "/sys/class/video4linux/v4l-subdev%d/name", minor);
+            snprintf(filename, sizeof(filename), "/sys/class/video4linux/v4l-subdev%d/name", minor);
             stream_fd = fopen(filename, "r");
             if (stream_fd == NULL) {
                 ALOGE("failed to open sysfs entry for subdev");
diff --git a/libv4l2/exynos_v4l2.c b/libv4l2/exynos_v4l2.c
index c737c07..b54766d 100644
--- a/libv4l2/exynos_v4l2.c
+++ b/libv4l2/exynos_v4l2.c
@@ -121,7 +121,7 @@ int exynos_v4l2_open_devname(const char *devname, int oflag, ...)
             break;
 
         /* video device node */
-        sprintf(filename, "/dev/video%d", i++);
+        snprintf(filename, sizeof(filename), "/dev/video%d", i++);
 
         /* if the node is video device */
         if ((lstat(filename, &s) == 0) && S_ISCHR(s.st_mode) &&
@@ -129,7 +129,7 @@ int exynos_v4l2_open_devname(const char *devname, int oflag, ...)
             minor = (int)((unsigned short)(s.st_rdev & 0x3f));
             ALOGD("try node: %s, minor: %d", filename, minor);
             /* open sysfs entry */
-            sprintf(filename, "/sys/class/video4linux/video%d/name", minor);
+            snprintf(filename, sizeof(filename), "/sys/class/video4linux/video%d/name", minor);
             stream_fd = fopen(filename, "r");
             if (stream_fd == NULL) {
                 ALOGE("failed to open sysfs entry for videodev");
@@ -201,7 +201,7 @@ bool exynos_v4l2_enuminput(int fd, int index, char *input_name_buf)
     }
 
     input.index = index;
-    ret = ioctl(fd, VIDIOC_ENUMINPUT, &input);
+    ret = ioctl(fd, VIDIOC_ENUMINPUT, &input, 32);
     if (ret) {
         ALOGE("%s: no matching index founds", __func__);
         return false;
@@ -209,7 +209,7 @@ bool exynos_v4l2_enuminput(int fd, int index, char *input_name_buf)
 
     ALOGI("Name of input channel[%d] is %s", input.index, input.name);
 
-    strcpy(input_name_buf, (const char *)input.name);
+    strncpy(input_name_buf, (const char *)input.name, 32);
 
     Exynos_v4l2_Out();
 
-- 
2.20.1