@@ -73,7 +73,8 @@
/*#define PATH_MAX pathconf("/", _PC_PATH_MAX)*/
#endif
-char Wlog_Error_String[256];
+#define ERROR_STRING_LEN 1280
+char Wlog_Error_String[ERROR_STRING_LEN];
#if __STDC__
static int wlog_rec_pack(struct wlog_rec *wrec, char *buf, int flag);
@@ -120,7 +121,7 @@ int mode;
umask(omask);
if (wfile->w_afd == -1) {
- sprintf(Wlog_Error_String,
+ snprintf(Wlog_Error_String, ERROR_STRING_LEN,
"Could not open write_log - open(%s, %#o, %#o) failed: %s\n",
wfile->w_file, oflags, mode, strerror(errno));
return -1;
@@ -132,7 +133,7 @@ int mode;
oflags = O_RDWR;
if ((wfile->w_rfd = open(wfile->w_file, oflags)) == -1) {
- sprintf(Wlog_Error_String,
+ snprintf(Wlog_Error_String, ERROR_STRING_LEN,
"Could not open write log - open(%s, %#o) failed: %s\n",
wfile->w_file, oflags, strerror(errno));
close(wfile->w_afd);
The 'Wlog_Error_String' string is defined to be 256 bytes in length, but in two places we write into it with a format that contains a string (wfile->w_file) that has length 1024. This can overflow Wlog_Error_String, as we see in the new compiler warnings from gcc 7.2.1: write_log.c:124:37: warning: ā%sā directive writing up to 1023 bytes into a region of size 224 [-Wformat-overflow=] "Could not open write_log - open(%s, %#o, %#o) failed: %s\n", ^~ Fix this by increasing the length of Wlog_Error_String to 1280 characters (1024 for wfile->w_file plus 256 for the rest of the format string), and by using snprintf() instead of sprintf() so we are sure we don't overflow. Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com> --- lib/write_log.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)