edk2[19582] MdeModulePkg: For RegularExpressionDxe use 'sprintf_s' to replace 'sprintf'.

shenshushi Sun, 03 Jan 2016 21:16:04 -0800

Revision: 19582
          http://sourceforge.net/p/edk2/code/19582
Author:   shenshushi
Date:     2016-01-04 05:14:53 +0000 (Mon, 04 Jan 2016)
Log Message:
-----------
MdeModulePkg: For RegularExpressionDxe use 'sprintf_s' to replace 'sprintf'.


Function 'sprintf' has potential buffer overflow risk. This patch use 
'sprintf_s' to improve the code.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <[email protected]>
Reviewed-by: Yao Jiewen <[email protected]>
Reviewed-by: Cinnamon Shia <[email protected]>
Reviewed-by: Samer El-Haj-Mahmoud <[email protected]>

Modified Paths:
--------------
    
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.c
    
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.h
    trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
    trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c
    
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regversion.c

Modified: 
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.c
===================================================================
--- 
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.c
        2016-01-04 02:48:18 UTC (rev 19581)
+++ 
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.c
        2016-01-04 05:14:53 UTC (rev 19582)
@@ -14,13 +14,13 @@
 **/
 #include "OnigurumaUefiPort.h"
 
-int sprintf(char *str, char const *fmt, ...)
+int sprintf_s(char *str, size_t sizeOfBuffer, char const *fmt, ...)
 {
   VA_LIST Marker;
   int   NumberOfPrinted;
 
   VA_START (Marker, fmt);
-  NumberOfPrinted = (int)AsciiVSPrint (str, 1000000, fmt, Marker);
+  NumberOfPrinted = (int)AsciiVSPrint (str, sizeOfBuffer, fmt, Marker);
   VA_END (Marker);
 
   return NumberOfPrinted;

Modified: 
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.h
===================================================================
--- 
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.h
        2016-01-04 02:48:18 UTC (rev 19581)
+++ 
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.h
        2016-01-04 05:14:53 UTC (rev 19582)
@@ -59,7 +59,7 @@
 
 int OnigStrCmp (char* Str1, char* Str2);
 
-int sprintf (char *str, char const *fmt, ...);
+int sprintf_s (char *str, size_t sizeOfBuffer, char const *fmt, ...);
 
 #define exit(n) ASSERT(FALSE);
 

Modified: 
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
===================================================================
--- trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c 
2016-01-04 02:48:18 UTC (rev 19581)
+++ trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c 
2016-01-04 05:14:53 UTC (rev 19582)
@@ -191,12 +191,12 @@
 
 static void sprint_byte(char* s, unsigned int v)
 {
-  sprintf(s, "%02x", (v & 0377));
+  sprintf_s(s, sizeof("00"), "%02x", (v & 0377));
 }
 
 static void sprint_byte_with_x(char* s, unsigned int v)
 {
-  sprintf(s, "\\x%02x", (v & 0377));
+  sprintf_s(s, sizeof("\\x00"), "\\x%02x", (v & 0377));
 }
 
 static int to_ascii(OnigEncoding enc, UChar *s, UChar *end,

Modified: 
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c
===================================================================
--- 
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c    
    2016-01-04 02:48:18 UTC (rev 19581)
+++ 
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c    
    2016-01-04 05:14:53 UTC (rev 19582)
@@ -88,7 +88,7 @@
     s = "";
   }
   else {
-    sprintf(tbuf, "undefined error code (%d)", posix_ecode);
+    sprintf_s(tbuf, sizeof(tbuf), "undefined error code (%d)", posix_ecode);
     s = tbuf;
   }
 

Modified: 
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regversion.c
===================================================================
--- 
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regversion.c   
    2016-01-04 02:48:18 UTC (rev 19581)
+++ 
trunk/edk2/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regversion.c   
    2016-01-04 05:14:53 UTC (rev 19582)
@@ -36,7 +36,9 @@
 {
   static char s[12];
 
-  sprintf(s, "%d.%d.%d",
+  sprintf_s(s, 
+          sizeof(s),
+          "%d.%d.%d",
           ONIGURUMA_VERSION_MAJOR,
           ONIGURUMA_VERSION_MINOR,
           ONIGURUMA_VERSION_TEENY);
@@ -48,7 +50,9 @@
 {
   static char s[58];
 
-  sprintf(s, "Oniguruma %d.%d.%d : Copyright (C) 2002-2008 K.Kosako",
+  sprintf_s(s,
+          sizeof(s),
+          "Oniguruma %d.%d.%d : Copyright (C) 2002-2008 K.Kosako",
           ONIGURUMA_VERSION_MAJOR,
           ONIGURUMA_VERSION_MINOR,
           ONIGURUMA_VERSION_TEENY);


------------------------------------------------------------------------------
_______________________________________________
edk2-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/edk2-commits

edk2[19582] MdeModulePkg: For RegularExpressionDxe use 'sprintf_s' to replace 'sprintf'.

Reply via email to