From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by dpdk.org (Postfix) with ESMTP id 2469F1B926; Fri, 8 Feb 2019 22:19:45 +0100 (CET) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 4465B3C2CFC; Fri, 8 Feb 2019 21:19:44 +0000 (UTC) Received: from dhcp-25.97.bos.redhat.com (unknown [10.18.25.61]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 965F91019637; Fri, 8 Feb 2019 21:19:43 +0000 (UTC) From: Aaron Conole To: Pallantla Poornima Cc: dev@dpdk.org, reshma.pattan@intel.com, nikhil.rao@intel.com, stable@dpdk.org References: <1549449822-412-1-git-send-email-pallantlax.poornima@intel.com> Date: Fri, 08 Feb 2019 16:19:42 -0500 In-Reply-To: <1549449822-412-1-git-send-email-pallantlax.poornima@intel.com> (Pallantla Poornima's message of "Wed, 6 Feb 2019 10:43:42 +0000") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Fri, 08 Feb 2019 21:19:44 +0000 (UTC) Subject: Re: [dpdk-stable] [dpdk-dev] [PATCH] test/eventdev: fix sprintf with snprintf X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 08 Feb 2019 21:19:45 -0000 Pallantla Poornima writes: > sprintf function is not secure as it doesn't check the length of string. > More secure function snprintf is used. > > Fixes: 2a9c83ae3b ("test/eventdev: add multi-ports test") > Cc: stable@dpdk.org > > Signed-off-by: Pallantla Poornima > --- > test/test/test_event_eth_rx_adapter.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/test/test/test_event_eth_rx_adapter.c b/test/test/test_event_eth_rx_adapter.c > index 1d3be82b5..38f5c039f 100644 > --- a/test/test/test_event_eth_rx_adapter.c > +++ b/test/test/test_event_eth_rx_adapter.c > @@ -479,7 +479,8 @@ adapter_multi_eth_add_del(void) > /* add the max port for rx_adapter */ > port_index = rte_eth_dev_count_total(); > for (; port_index < RTE_MAX_ETHPORTS; port_index += 1) { > - sprintf(driver_name, "%s%u", "net_null", drv_id); > + snprintf(driver_name, sizeof(driver_name), "%s%u", "net_null", > + drv_id); > err = rte_vdev_init(driver_name, NULL); > TEST_ASSERT(err == 0, "Failed driver %s got %d", > driver_name, err); You call this a fix, but it's not possible for the value of drv_id to exceed '32' and the buffer size is plenty accommodating for that. Did I miss something? What is this fixing?