On Wed, Mar 20, 2019 at 02:51:29PM +0000, Frediano Ziglio wrote: > Although id is not supposed to be big prevent possible > warning/overflow. > > Signed-off-by: Frediano Ziglio <fzig...@redhat.com> > --- > server/red-worker.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > This was signaled by Christophe Fergeau > > diff --git a/server/red-worker.c b/server/red-worker.c > index 8051d1e4..a25a0cd8 100644 > --- a/server/red-worker.c > +++ b/server/red-worker.c > @@ -1291,7 +1291,7 @@ RedWorker* red_worker_new(QXLInstance *qxl, > worker->zlib_glz_state = reds_get_zlib_glz_state(reds); > worker->driver_cap_monitors_config = 0; > char worker_str[SPICE_STAT_NODE_NAME_MAX]; > - sprintf(worker_str, "display[%d]", worker->qxl->id); > + snprintf(worker_str, sizeof(worker_str), "display[%d]", worker->qxl->id);
You pointed out that in the protocol, the id is 8 bits, so I'd change to worker->qxl->id & 0xff while at it. Note that with SPICE_STAT_NODE_NAME_MAX (which is 20), you can still get snprintf to misbehave: "display[]" is 9 bytes %d may need 11 bytes to be printed (if id is less than (unsigned int)-4000000000) so we'd be need 20 bytes in the buffer plus the trailing \0. Christophe
signature.asc
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/spice-devel
