On Wed, Feb 06, 2019 at 10:39:07AM +0000, Pallantla Poornima wrote:
> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf is used.
>
> Fixes: f74df2c57e ("test/distributor: test single and burst API")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Pallantla Poornima <pallantlax.poorn...@intel.com>
> ---
> test/test/test_distributor.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/test/test/test_distributor.c b/test/test/test_distributor.c
> index 98919ec0c..03df32b05 100644
> --- a/test/test/test_distributor.c
> +++ b/test/test/test_distributor.c
> @@ -642,9 +642,11 @@ test_distributor(void)
>
> worker_params.dist = dist[i];
> if (i)
> - sprintf(worker_params.name, "burst");
> + snprintf(worker_params.name,
> + sizeof(worker_params.name), "burst");
> else
> - sprintf(worker_params.name, "single");
> + snprintf(worker_params.name,
> + sizeof(worker_params.name), "single");
>
> rte_eal_mp_remote_launch(handle_work,
> &worker_params, SKIP_MASTER);
> --
While not wrong here, I think changing these to string copies using
"strlcpy" might be better, since this is constant text in each case, and no
printf formatting is actually needed.
/Bruce
