On Thu, Sep 26, 2002 at 02:33:50AM +0200, Andi Kleen wrote: > David Brownell <[EMAIL PROTECTED]> writes: > > > > + /* stuff we want to pass to /sbin/hotplug */ > > > + envp[i++] = scratch; > > > + scratch += sprintf (scratch, "PCI_CLASS=%04X", pdev->class) + 1; > > > + > > > + envp[i++] = scratch; > > > + scratch += sprintf (scratch, "PCI_ID=%04X:%04X", > > > + pdev->vendor, pdev->device) + 1; > > > > And so forth. Use "snprintf" and prevent overrunning those buffers... > > Hmm? An %04X format is perfectly bounded.
Technically, it isn't bounded. The field will expand if the value exceeds
4 digits.
However, these values can't do that. At least not now.
But, as a good programming practice, snprintf should be used. Heck, PCI
3.0 might use 32-bit vendor and device values, instead of 8 bit. So, if
nothing else, do it as insurance for the future.
Matt
--
Matthew Dharm Home: [EMAIL PROTECTED]
Maintainer, Linux USB Mass Storage Driver
It was a new hope.
-- Dust Puppy
User Friendly, 12/25/1998
msg08123/pgp00000.pgp
Description: PGP signature
