BaseTools/C/Common: Refine using sprintf() with '%s' in format string

The commit removes the usages of sprintf() function calls with '%s' in
the format string. And uses strncpy/strncat instead to ensure the
destination string buffers will not be accessed beyond their boundary.

Cc: Yonghong Zhu <yonghong.zhu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Hao Wu <hao.a.wu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>

diff --git a/BaseTools/Source/C/Common/EfiUtilityMsgs.c b/BaseTools/Source/C/Common/EfiUtilityMsgs.c
index 5496a439e279989776c09d8c3d5dccd11f8b3402..44925c642ba9bd4bfa215adf00f3284b873de503 100644 (file)
--- a/BaseTools/Source/C/Common/EfiUtilityMsgs.c
+++ b/BaseTools/Source/C/Common/EfiUtilityMsgs.c
@@ -462,10 +462,11 @@ Notes:
                        );\r
     }\r
     if (Cptr != NULL) {\r
-      sprintf (Line, ": %s", Cptr);\r
+      strcpy (Line, ": ");\r
+      strncat (Line, Cptr, MAX_LINE_LEN - strlen (Line) - 1);\r
       if (LineNumber != 0) {\r
         sprintf (Line2, "(%u)", (unsigned) LineNumber);\r
-        strcat (Line, Line2);\r
+        strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);\r
       }\r
     }\r
   } else {\r
@@ -476,14 +477,16 @@ Notes:
       if (mUtilityName[0] != '\0') {\r
         fprintf (stdout, "%s...\n", mUtilityName);\r
       }\r
-      sprintf (Line, "%s", Cptr);\r
+      strncpy (Line, Cptr, MAX_LINE_LEN - 1);\r
+      Line[MAX_LINE_LEN - 1] = 0;\r
       if (LineNumber != 0) {\r
         sprintf (Line2, "(%u)", (unsigned) LineNumber);\r
-        strcat (Line, Line2);\r
+        strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);\r
       }\r
     } else {\r
       if (mUtilityName[0] != '\0') {\r
-        sprintf (Line, "%s", mUtilityName);\r
+        strncpy (Line, mUtilityName, MAX_LINE_LEN - 1);\r
+        Line[MAX_LINE_LEN - 1] = 0;\r
       }\r
     }\r
 \r
@@ -501,12 +504,12 @@ Notes:
   // Have to print an error code or Visual Studio won't find the\r
   // message for you. It has to be decimal digits too.\r
   //\r
+  strncat (Line, ": ", MAX_LINE_LEN - strlen (Line) - 1);\r
+  strncat (Line, Type, MAX_LINE_LEN - strlen (Line) - 1);\r
   if (MessageCode != 0) {\r
-    sprintf (Line2, ": %s %04u", Type, (unsigned) MessageCode);\r
-  } else {\r
-    sprintf (Line2, ": %s", Type);\r
+    sprintf (Line2, " %04u", (unsigned) MessageCode);\r
+    strncat (Line, Line2, MAX_LINE_LEN - strlen (Line) - 1);\r
   }\r
-  strcat (Line, Line2);\r
   fprintf (stdout, "%s", Line);\r
   //\r
   // If offending text was provided, then print it\r