apps: Fix printf overflow warnings

Newer versions of GCC complain when printf could possibly overflow and the return value is not checked. Convert to snprintf, and check the return value.
minoca · Jun 21, 2020 · 460ae51 · 460ae51
1 parent 8438101
commit 460ae51
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 8 deletions.
diff --git a/apps/debug/client/armdis.c b/apps/debug/client/armdis.c
@@ -1964,19 +1964,28 @@ Return Value:
 {
 
     PSTR MnemonicSuffix;
+    INT Result;
 
     MnemonicSuffix = DbgpArmGetLoadStoreTypeString(Context->Instruction);
     sprintf(Context->Mnemonic, "%s%s", ARM_SRS_MNEMONIC, MnemonicSuffix);
     DbgpArmPrintMode(Context->Operand2, Context->Instruction);
     if ((Context->Instruction & ARM_WRITE_BACK_BIT) != 0) {
-        sprintf(Context->Operand1, "%s!, %s",
-                DbgArmRegisterNames[ARM_STACK_REGISTER],
-                Context->Operand2);
+        Result = snprintf(Context->Operand1,
+                          sizeof(Context->Operand1),
+                          "%s!, %s",
+                          DbgArmRegisterNames[ARM_STACK_REGISTER],
+                          Context->Operand2);
 
     } else {
-        sprintf(Context->Operand1, "%s, %s",
-                DbgArmRegisterNames[ARM_STACK_REGISTER],
-                Context->Operand2);
+        Result = snprintf(Context->Operand1,
+                          sizeof(Context->Operand1),
+                          "%s, %s",
+                          DbgArmRegisterNames[ARM_STACK_REGISTER],
+                          Context->Operand2);
+    }
+
+    if (Result < 0) {
+        Context->Operand1[0] = '\0';
     }
 
     Context->Operand2[0] = '\0';

diff --git a/apps/lib/lzma/util/lzma.c b/apps/lib/lzma/util/lzma.c
@@ -609,7 +609,7 @@ Return Value:
     PSTR OutPathBuffer;
     size_t OutPathSize;
     ULONG Ratio;
-    CHAR RatioString[6];
+    CHAR RatioString[32];
     PCSTR Search;
     INT Status;
 

diff --git a/apps/setup/uos/part.c b/apps/setup/uos/part.c
@@ -264,7 +264,11 @@ Return Value:
 
         Description = &(Results[ResultCount]);
         memset(Description, 0, sizeof(SETUP_PARTITION_DESCRIPTION));
-        snprintf(Path, sizeof(Path), "/dev/%s", Device);
+        Status = snprintf(Path, sizeof(Path), "/dev/%s", Device);
+        if (Status < 0) {
+            Status = EINVAL;
+            goto OsEnumerateDevicesEnd;
+        }
 
         //
         // Figure out if this thing is a partition or a disk. If no entry is