[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 4/4 v2] Use NT Safe String printf in log.c

CodeQL generates a warning about using sprintf(). Switch to using
RtlStringCbPrintf() when formatting debug messages.
Avoid calling vDbgPrintExWithPrefix when RtlStringCbPrintf reports
an error.

Signed-off-by: Owen Smith <owen.smith@xxxxxxxxxx>
---
 src/xencrsh/log.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/xencrsh/log.c b/src/xencrsh/log.c
index a1e8a5a..5d3fcc0 100644
--- a/src/xencrsh/log.c
+++ b/src/xencrsh/log.c
@@ -34,6 +34,7 @@
 #include "driver.h"
 #include "assert.h"
 #include <stdio.h>
+#include <ntstrsafe.h>
 
 static PVOID Port12 = ((PVOID)(ULONG_PTR)0x12);
 
@@ -252,10 +253,18 @@ LogVDebug(
     IN  va_list     Args
     )
 {
-    static CHAR Buffer[256];
+    static CHAR     Buffer[256];
+    NTSTATUS        status;
+
+    status = RtlStringCbPrintfA(Buffer,
+                                sizeof(Buffer),
+                                "%s|%s|%s:",
+                                Module,
+                                __Mode(),
+                                Function);
+    if (!NT_SUCCESS(status))
+        return; // Buffer is not safe to use
 
-#pragma warning(suppress : 28719) // SDV
-    sprintf(Buffer, "%s|%s|%s:", Module, __Mode(), Function);
     Buffer[255] = 0;
 
     vDbgPrintExWithPrefix(Buffer,
-- 
2.51.2.windows.1

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.