Reviewed-by: Samer El-Haj-Mahmoud <el...@hpe.com>
-----Original Message-----
From: Qiu, Shumin [shumin....@intel.com]
Received: Sunday, 03 Jan 2016, 9:06PM
To: El-Haj-Mahmoud, Samer [samer.el-haj-mahm...@hpe.com]; Shia, Cinnamon
[cinnamon.s...@hpe.com]
CC: edk2-devel@lists.01.org [edk2-devel@lists.01.org]
Subject: FW: [PATCH] MdeModulePkg: For RegularExpressionDxe use 'sprintf_s' to
replace 'sprintf'.
Hi Samer and Cinnamon,
Do you have any comments?
-Shumin
-----Original Message-----
From: Qiu, Shumin
Sent: Wednesday, December 30, 2015 7:47 PM
To: edk2-devel@lists.01.org
Cc: Qiu, Shumin; Dong, Eric
Subject: [PATCH] MdeModulePkg: For RegularExpressionDxe use 'sprintf_s' to
replace 'sprintf'.
Function 'sprintf' has potential buffer overflow risk. This patch use
'sprintf_s' to improve the code.
Cc: Eric Dong <eric.d...@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin....@intel.com>
Reviewed-by: Yao Jiewen <jiewen....@intel.com>
---
.../Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.c | 4 ++--
.../Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.h | 2 +-
MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c | 4 ++--
MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c | 2 +-
.../Universal/RegularExpressionDxe/Oniguruma/regversion.c | 8 ++++++--
5 files changed, 12 insertions(+), 8 deletions(-)
diff --git
a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.c
b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.c
index 081fcb3..aaa5d3d 100644
--- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.c
+++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUef
+++ iPort.c
@@ -14,13 +14,13 @@
**/
#include "OnigurumaUefiPort.h"
-int sprintf(char *str, char const *fmt, ...)
+int sprintf_s(char *str, size_t sizeOfBuffer, char const *fmt, ...)
{
VA_LIST Marker;
int NumberOfPrinted;
VA_START (Marker, fmt);
- NumberOfPrinted = (int)AsciiVSPrint (str, 1000000, fmt, Marker);
+ NumberOfPrinted = (int)AsciiVSPrint (str, sizeOfBuffer, fmt, Marker);
VA_END (Marker);
return NumberOfPrinted;
diff --git
a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.h
b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.h
index 18f2851..cb791f8 100644
--- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.h
+++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUef
+++ iPort.h
@@ -59,7 +59,7 @@ typedef UINTN size_t;
int OnigStrCmp (char* Str1, char* Str2);
-int sprintf (char *str, char const *fmt, ...);
+int sprintf_s (char *str, size_t sizeOfBuffer, char const *fmt, ...);
#define exit(n) ASSERT(FALSE);
diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
index c3ec362..fbc764a 100644
--- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
+++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
@@ -191,12 +191,12 @@ onig_error_code_to_format(int code)
static void sprint_byte(char* s, unsigned int v) {
- sprintf(s, "%02x", (v & 0377));
+ sprintf_s(s, sizeof("00"), "%02x", (v & 0377));
}
static void sprint_byte_with_x(char* s, unsigned int v) {
- sprintf(s, "\\x%02x", (v & 0377));
+ sprintf_s(s, sizeof("\\x00"), "\\x%02x", (v & 0377));
}
static int to_ascii(OnigEncoding enc, UChar *s, UChar *end, diff --git
a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c
b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c
index e72448a..fb1b928 100644
--- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c
+++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c
@@ -88,7 +88,7 @@ regerror(int posix_ecode, const regex_t* reg ARG_UNUSED,
char* buf,
s = "";
}
else {
- sprintf(tbuf, "undefined error code (%d)", posix_ecode);
+ sprintf_s(tbuf, sizeof(tbuf), "undefined error code (%d)",
+ posix_ecode);
s = tbuf;
}
diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regversion.c
b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regversion.c
index 087c6ad..2c81244 100644
--- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regversion.c
+++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regversion.c
@@ -36,7 +36,9 @@ onig_version(void)
{
static char s[12];
- sprintf(s, "%d.%d.%d",
+ sprintf_s(s,
+ sizeof(s),
+ "%d.%d.%d",
ONIGURUMA_VERSION_MAJOR,
ONIGURUMA_VERSION_MINOR,
ONIGURUMA_VERSION_TEENY);
@@ -48,7 +50,9 @@ onig_copyright(void)
{
static char s[58];
- sprintf(s, "Oniguruma %d.%d.%d : Copyright (C) 2002-2008 K.Kosako",
+ sprintf_s(s,
+ sizeof(s),
+ "Oniguruma %d.%d.%d : Copyright (C) 2002-2008 K.Kosako",
ONIGURUMA_VERSION_MAJOR,
ONIGURUMA_VERSION_MINOR,
ONIGURUMA_VERSION_TEENY);
--
1.9.5.msysgit.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
