From: Mingjie Shen <shen497@purdue.edu>
Date: Wed, 18 Jun 2025 21:47:28 +0000 (-0400)
Subject: Use snprintf instead of sprintf to prevent buffer overruns
X-Git-Tag: v3.14.0~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a213399f8f2929f0f275660625f5e817baf8b3c6;p=thirdparty%2Fpciutils.git

Use snprintf instead of sprintf to prevent buffer overruns

In bitops.h, update the TABLE macro to call snprintf(buf, sizeof(buf),
...) rather than unbounded sprintf, ensuring that out-of-range indices
produce a bounded "??%d" string.

In setpci.c, change the device slot formatting from sprintf(slot, ...) to
snprintf(slot, sizeof(slot), ...), capping output to the 16-byte buffer
and avoiding overflow when printing PCI domain, bus, dev, and func
values.

Signed-off-by: Mingjie Shen <shen497@purdue.edu>
---

diff --git a/bitops.h b/bitops.h
index 029741e..b4e3ba3 100644
--- a/bitops.h
+++ b/bitops.h
@@ -34,6 +34,6 @@
   (((reg) & ~(mask)) | (((val) * ((mask) & ~((mask) << 1))) & (mask)))
 
 #define TABLE(tab, x, buf)                                                                         \
-  ((x) < sizeof(tab) / sizeof((tab)[0]) ? (tab)[x] : (sprintf((buf), "??%d", (x)), (buf)))
+  ((x) < sizeof(tab) / sizeof((tab)[0]) ? (tab)[x] : (snprintf((buf), sizeof(buf), "??%d", (x)), (buf)))
 
 #endif
diff --git a/setpci.c b/setpci.c
index 4932b8d..2a2c72a 100644
--- a/setpci.c
+++ b/setpci.c
@@ -118,7 +118,7 @@ exec_op(struct op *op, struct pci_dev *dev)
   int width = op->width;
   char slot[16];
 
-  sprintf(slot, "%04x:%02x:%02x.%x", dev->domain, dev->bus, dev->dev, dev->func);
+  snprintf(slot, sizeof(slot), "%04x:%02x:%02x.%x", dev->domain, dev->bus, dev->dev, dev->func);
   trace("%s ", slot);
   if (op->cap_type)
     {