Xen project Mailing List

Re: [PATCH 3/3] Use NT Safe String printf in log.c

To: "Owen Smith" <owen.smith@xxxxxxxxxx>, win-pv-devel@xxxxxxxxxxxxxxxxxxxx

From: "Tu Dinh" <ngoc-tu.dinh@xxxxxxxxxx>

Date: Fri, 20 Feb 2026 09:14:01 +0000

Delivery-date: Fri, 20 Feb 2026 09:14:08 +0000

Feedback-id: 30504962:30504962.20260220:md

List-id: Developer list for the Windows PV Drivers subproject <win-pv-devel.lists.xenproject.org>

Hi, On 19/02/2026 15:40, Owen Smith wrote: > CodeQL generates a warning about using sprintf(). Switch to using > RtlStringCbPrintf() when formatting debug messages. > > Signed-off-by: Owen Smith <owen.smith@xxxxxxxxxx> Please check the return status of RtlStringCbPrintfA, as only STATUS_SUCCESS and STATUS_BUFFER_OVERFLOW guarantee a valid printable string. Also, could you please wrap the patch to 80 chars? > --- > src/xencrsh/log.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/src/xencrsh/log.c b/src/xencrsh/log.c > index a1e8a5a..dd91d5e 100644 > --- a/src/xencrsh/log.c > +++ b/src/xencrsh/log.c > @@ -34,6 +34,7 @@ > #include "driver.h" > #include "assert.h" > #include <stdio.h> > +#include <ntstrsafe.h> > > static PVOID Port12 = ((PVOID)(ULONG_PTR)0x12); > > @@ -254,8 +255,7 @@ LogVDebug( > { > static CHAR Buffer[256]; > > -#pragma warning(suppress : 28719) // SDV > - sprintf(Buffer, "%s|%s|%s:", Module, __Mode(), Function); > + RtlStringCbPrintfA(Buffer, sizeof(Buffer), "%s|%s|%s:", Module, > __Mode(), Function); > Buffer[255] = 0; > > vDbgPrintExWithPrefix(Buffer, -- Ngoc Tu Dinh | Vates XCP-ng Developer XCP-ng & Xen Orchestra - Vates solutions web: https://vates.tech

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.