e4defrag: use snprintf to assure that there can't be a buffer overflow

The size of msg_buffer is carefully calculated so it can never
overflow, but it triggers a Coverity warning.  Use snprintf instead of
sprintf to silence the Coverity warning.

Addresses-Coverty-Bug: 1520603
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

diff --git a/misc/e4defrag.c b/misc/e4defrag.c
index e3011d7cd52c3c510273024462b80a2306ec2bf4..5bfa6ff14afaeed8f03493503c44282a423a0aa5 100644 (file)
--- a/misc/e4defrag.c
+++ b/misc/e4defrag.c
@@ -1206,9 +1206,8 @@ static int file_statistic(const char *file, const struct stat64 *buf,
 
        if (mode_flag & DETAIL) {
                /* Print statistic info */
-               sprintf(msg_buffer, "[%u/%u]%.*s",
-                               defraged_file_count, total_count,
-                       PATH_MAX, file);
+               snprintf(msg_buffer, sizeof(msg_buffer), "[%u/%u]%.*s",
+                        defraged_file_count, total_count, PATH_MAX, file);
                if (current_uid == ROOT_UID) {
                        if (strlen(msg_buffer) > 40)
                                printf("\033[79;0H\033[K%s\n"