Pallantla Poornima <[email protected]> writes:
> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf is used.
>
> Fixes: 450f079131 ("power: add traffic pattern aware power control")
> Cc: [email protected]
>
> Signed-off-by: Pallantla Poornima <[email protected]>
> ---
> lib/librte_power/rte_power_empty_poll.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/librte_power/rte_power_empty_poll.c
> b/lib/librte_power/rte_power_empty_poll.c
> index e6145462f..df00a3968 100644
> --- a/lib/librte_power/rte_power_empty_poll.c
> +++ b/lib/librte_power/rte_power_empty_poll.c
> @@ -159,7 +159,7 @@ update_training_stats(struct priority_worker *poll_stats,
> char pfi_str[32];
> uint64_t p0_empty_deq;
>
> - sprintf(pfi_str, "%02d", freq);
> + snprintf(pfi_str, sizeof(pfi_str), "%02d", freq);
Shouldn't we just remove pfi_str completely? I don't see it referenced
anywhere else in this function.
That would be better than changing to snprintf(), imo.
> if (poll_stats->cur_freq == freq &&
> poll_stats->thresh[freq].trained == false) {
