|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH 4/4 v2] Use NT Safe String printf in log.c
On 03/03/2026 10:36, Owen Smith wrote:
> CodeQL generates a warning about using sprintf(). Switch to using
> RtlStringCbPrintf() when formatting debug messages.
> Avoid calling vDbgPrintExWithPrefix when RtlStringCbPrintf reports
> an error.
>
> Signed-off-by: Owen Smith <owen.smith@xxxxxxxxxx>
Acked-by: Tu Dinh <ngoc-tu.dinh@xxxxxxxxxx>
> ---
> src/xencrsh/log.c | 15 ++++++++++++---
> 1 file changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/src/xencrsh/log.c b/src/xencrsh/log.c
> index a1e8a5a..5d3fcc0 100644
> --- a/src/xencrsh/log.c
> +++ b/src/xencrsh/log.c
> @@ -34,6 +34,7 @@
> #include "driver.h"
> #include "assert.h"
> #include <stdio.h>
> +#include <ntstrsafe.h>
>
> static PVOID Port12 = ((PVOID)(ULONG_PTR)0x12);
>
> @@ -252,10 +253,18 @@ LogVDebug(
> IN va_list Args
> )
> {
> - static CHAR Buffer[256];
> + static CHAR Buffer[256];
> + NTSTATUS status;
> +
> + status = RtlStringCbPrintfA(Buffer,
> + sizeof(Buffer),
> + "%s|%s|%s:",
> + Module,
> + __Mode(),
> + Function);
> + if (!NT_SUCCESS(status))
> + return; // Buffer is not safe to use
>
> -#pragma warning(suppress : 28719) // SDV
> - sprintf(Buffer, "%s|%s|%s:", Module, __Mode(), Function);
> Buffer[255] = 0;
>
> vDbgPrintExWithPrefix(Buffer,
--
Ngoc Tu Dinh | Vates XCP-ng Developer
XCP-ng & Xen Orchestra - Vates solutions
web: https://vates.tech
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |