From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <aconole@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by dpdk.org (Postfix) with ESMTP id 2EECD1B94E;
 Fri,  8 Feb 2019 22:28:54 +0100 (CET)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.redhat.com (Postfix) with ESMTPS id 6997785363;
 Fri,  8 Feb 2019 21:28:53 +0000 (UTC)
Received: from dhcp-25.97.bos.redhat.com (unknown [10.18.25.61])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 940051001F5D;
 Fri,  8 Feb 2019 21:28:52 +0000 (UTC)
From: Aaron Conole <aconole@redhat.com>
To: Pallantla Poornima <pallantlax.poornima@intel.com>
Cc: dev@dpdk.org, reshma.pattan@intel.com, david.hunt@intel.com,
 stable@dpdk.org
References: <1549265096-4812-1-git-send-email-pallantlax.poornima@intel.com>
Date: Fri, 08 Feb 2019 16:28:51 -0500
In-Reply-To: <1549265096-4812-1-git-send-email-pallantlax.poornima@intel.com>
 (Pallantla Poornima's message of "Mon, 4 Feb 2019 07:24:56 +0000")
Message-ID: <f7tk1iadl64.fsf@dhcp-25.97.bos.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
 (mx1.redhat.com [10.5.110.25]); Fri, 08 Feb 2019 21:28:53 +0000 (UTC)
Subject: Re: [dpdk-dev] [PATCH] power: fix sprintf with snprintf
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Feb 2019 21:28:54 -0000

Pallantla Poornima <pallantlax.poornima@intel.com> writes:

> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf is used.
>
> Fixes: 450f079131 ("power: add traffic pattern aware power control")
> Cc: stable@dpdk.org
>
> Signed-off-by: Pallantla Poornima <pallantlax.poornima@intel.com>
> ---
>  lib/librte_power/rte_power_empty_poll.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/librte_power/rte_power_empty_poll.c b/lib/librte_power/rte_power_empty_poll.c
> index e6145462f..df00a3968 100644
> --- a/lib/librte_power/rte_power_empty_poll.c
> +++ b/lib/librte_power/rte_power_empty_poll.c
> @@ -159,7 +159,7 @@ update_training_stats(struct priority_worker *poll_stats,
>  	char pfi_str[32];
>  	uint64_t p0_empty_deq;
>  
> -	sprintf(pfi_str, "%02d", freq);
> +	snprintf(pfi_str, sizeof(pfi_str), "%02d", freq);

Shouldn't we just remove pfi_str completely?  I don't see it referenced
anywhere else in this function.

That would be better than changing to snprintf(), imo.

>  	if (poll_stats->cur_freq == freq &&
>  			poll_stats->thresh[freq].trained == false) {