From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45534)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aneesh.kumar@linux.vnet.ibm.com>) id 1WKUsA-0006Uf-Ae
	for qemu-devel@nongnu.org; Mon, 03 Mar 2014 10:33:51 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <aneesh.kumar@linux.vnet.ibm.com>) id 1WKUs1-0006y1-Cv
	for qemu-devel@nongnu.org; Mon, 03 Mar 2014 10:33:42 -0500
Received: from e23smtp03.au.ibm.com ([202.81.31.145]:45832)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aneesh.kumar@linux.vnet.ibm.com>) id 1WKUs0-0006xd-AN
	for qemu-devel@nongnu.org; Mon, 03 Mar 2014 10:33:33 -0500
Received: from /spool/local
	by e23smtp03.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use
	Only! Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <aneesh.kumar@linux.vnet.ibm.com>;
	Tue, 4 Mar 2014 01:33:27 +1000
Received: from d23relay05.au.ibm.com (d23relay05.au.ibm.com [9.190.235.152])
	by d23dlp02.au.ibm.com (Postfix) with ESMTP id B8BF62BB0045
	for <qemu-devel@nongnu.org>; Tue,  4 Mar 2014 02:33:23 +1100 (EST)
Received: from d23av04.au.ibm.com (d23av04.au.ibm.com [9.190.235.139])
	by d23relay05.au.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	s23FDM1353411990
	for <qemu-devel@nongnu.org>; Tue, 4 Mar 2014 02:13:23 +1100
Received: from d23av04.au.ibm.com (localhost [127.0.0.1])
	by d23av04.au.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id
	s23FXMEt016867
	for <qemu-devel@nongnu.org>; Tue, 4 Mar 2014 02:33:22 +1100
From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
In-Reply-To: <53145F65.1000304@gmail.com>
References: <52EF68CA.9060604@gmail.com> <20140203103429.GB10408@redhat.com>
	<52EF71DC.3000309@gmail.com> <52F0C8BA.7020709@gmail.com>
	<20140204110631.GD5632@redhat.com> <52F0CD67.5070601@gmail.com>
	<87siry3l7t.fsf@linux.vnet.ibm.com>
	<52F17B5E.1050602@gmail.com> <52FF3182.9090106@gmail.com>
	<53097D8E.1030803@gmail.com> <87sir850ho.fsf@blackfin.pond.sub.org>
	<CAMCqw8J5y-h0waS6ZtFc75r8OHN27P6LUAGqp4j-wHxxwu0iOw@mail.gmail.com>
	<87ha7o3c5x.fsf@blackfin.pond.sub.org>
	<530FCBAD.10305@gmail.com> <531219CC.4050505@gmail.com>
	<53121A12.5050105@gmail.com> <53121A4B.70308@gmail.com>
	<87txbf65q6.fsf@blackfin.pond.sub.org> <53145F65.1000304@gmail.com>
Date: Mon, 03 Mar 2014 21:03:18 +0530
Message-ID: <87iorvxpoh.fsf@linux.vnet.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Re: [Qemu-devel] [PATCH 2/3] hw/9pfs/virtio-9p-local.c: use
	snprintf() instead of sprintf()
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Chen Gang <gang.chen.5i5j@gmail.com>, Markus Armbruster <armbru@redhat.com>
Cc: QEMU Developers <qemu-devel@nongnu.org>, aliguori@amazon.com

Chen Gang <gang.chen.5i5j@gmail.com> writes:

> On 03/03/2014 04:34 PM, Markus Armbruster wrote:
>> Chen Gang <gang.chen.5i5j@gmail.com> writes:
>> 
>>> 'ctx->fs_root' + 'path'/'fullname.data' may be larger than PATH_MAX, so
>>> need use snprintf() instead of sprintf() just like another area have done in 9pfs.
>>>
>>> Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
>>> ---
>>>  hw/9pfs/virtio-9p-local.c | 7 ++++---
>>>  1 file changed, 4 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/hw/9pfs/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c
>>> index 77a04cd..61be75a 100644
>>> --- a/hw/9pfs/virtio-9p-local.c
>>> +++ b/hw/9pfs/virtio-9p-local.c
>>> @@ -898,7 +898,8 @@ static int local_remove(FsContext *ctx, const char *path)
>>>           * directory
>>>           */
>>>          if (S_ISDIR(stbuf.st_mode)) {
>>> -            sprintf(buffer, "%s/%s/%s", ctx->fs_root, path, VIRTFS_META_DIR);
>>> +            snprintf(buffer, ARRAY_SIZE(buffer), "%s/%s/%s",
>>> +                     ctx->fs_root, path, VIRTFS_META_DIR);
>>>              err = remove(buffer);
>>>              if (err < 0 && errno != ENOENT) {
>>>                  /*
>>> @@ -1033,8 +1034,8 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
>>>               * If directory remove .virtfs_metadata contained in the
>>>               * directory
>>>               */
>>> -            sprintf(buffer, "%s/%s/%s", ctx->fs_root,
>>> -                    fullname.data, VIRTFS_META_DIR);
>>> +            snprintf(buffer, ARRAY_SIZE(buffer), "%s/%s/%s", ctx->fs_root,
>>> +                     fullname.data, VIRTFS_META_DIR);
>>>              ret = remove(buffer);
>>>              if (ret < 0 && errno != ENOENT) {
>>>                  /*
>> 
>> Turns a buffer overrun bug into a truncation bug.  The next commit fixes
>> truncation bugs including this one.  Would be nice to spell this out in
>> the commit message.  Perhaps Aneesh can do it on commit.
>> 
>
> Please help doing it on commit.

Will update when i am applyting this to my tree.

-aneesh