Re: [dpdk-dev] [PATCH] power: fix sprintf with snprintf

Aaron Conole Fri, 08 Feb 2019 13:29:32 -0800

Pallantla Poornima <pallantlax.poorn...@intel.com> writes:

> sprintf function is not secure as it doesn't check the length of string.
> More secure function snprintf is used.
>
> Fixes: 450f079131 ("power: add traffic pattern aware power control")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Pallantla Poornima <pallantlax.poorn...@intel.com>
> ---
>  lib/librte_power/rte_power_empty_poll.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/lib/librte_power/rte_power_empty_poll.c 
> b/lib/librte_power/rte_power_empty_poll.c
> index e6145462f..df00a3968 100644
> --- a/lib/librte_power/rte_power_empty_poll.c
> +++ b/lib/librte_power/rte_power_empty_poll.c
> @@ -159,7 +159,7 @@ update_training_stats(struct priority_worker *poll_stats,
>       char pfi_str[32];
>       uint64_t p0_empty_deq;
>  
> -     sprintf(pfi_str, "%02d", freq);
> +     snprintf(pfi_str, sizeof(pfi_str), "%02d", freq);


Shouldn't we just remove pfi_str completely?  I don't see it referenced
anywhere else in this function.

That would be better than changing to snprintf(), imo.

>       if (poll_stats->cur_freq == freq &&
>                       poll_stats->thresh[freq].trained == false) {

Re: [dpdk-dev] [PATCH] power: fix sprintf with snprintf

Reply via email to