From: Seraphime Kirkovski Date: Tue, 4 Apr 2017 17:31:59 +0000 (+0200) Subject: tools:misc:xenlockprof: fix possible format string overflow X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~2351 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=f49fa658b53580cf2ad354d2bf1796766cc11222;p=xen.git tools:misc:xenlockprof: fix possible format string overflow GCC7 complains about a possible overflow/truncation in xenlockprof. xenlockprof.c: In function ‘main’: xenlockprof.c:100:53: error: ‘%s’ directive writing up to 39 bytes into a region of size between 17 and 37 [-Werror=format-overflow=] sprintf(name, "unknown type(%d) %d lock %s", data[j].type, ^~ xenlockprof.c:100:13: note: ‘sprintf’ output between 24 and 83 bytes into a destination of size 60 sprintf(name, "unknown type(%d) %d lock %s", data[j].type, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ data[j].idx, data[j].name); ~~~~~~~~~~~~~~~~~~~~~~~~~~ This increases the size of name to 100. Not the most scalable solution, but certainly the "cheapest", as it doesn't add dependencies for asprintf. Signed-off-by: Seraphime Kirkovski Acked-by: Wei Liu --- diff --git a/tools/misc/xenlockprof.c b/tools/misc/xenlockprof.c index 41fcb792cc..df23c82912 100644 --- a/tools/misc/xenlockprof.c +++ b/tools/misc/xenlockprof.c @@ -24,7 +24,7 @@ int main(int argc, char *argv[]) uint32_t i, j, n; uint64_t time; double l, b, sl, sb; - char name[60]; + char name[100]; DECLARE_HYPERCALL_BUFFER(xc_lockprof_data_t, data); if ( (argc > 2) || ((argc == 2) && (strcmp(argv[1], "-r") != 0)) )