MdeModulePkg: For RegularExpressionDxe use 'sprintf_s' to replace 'sprintf'.

Function 'sprintf' has potential buffer overflow risk. This patch use 'sprintf_s' to improve the code.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Yao Jiewen <Jiewen.Yao@intel.com>
Reviewed-by: Cinnamon Shia <cinnamon.shia@hpe.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>
git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19582 6f19259b-4bc3-4df7-8a09-765794883524

diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.c b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.c
index 081fcb346b0e9435b7554515983d0883e2afa5be..aaa5d3dc74a8e96737d98e6dc091dff33167c35a 100644 (file)
--- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.c
+++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.c
@@ -14,13 +14,13 @@
 **/\r
 #include "OnigurumaUefiPort.h"\r
 \r
-int sprintf(char *str, char const *fmt, ...)\r
+int sprintf_s(char *str, size_t sizeOfBuffer, char const *fmt, ...)\r
 {\r
   VA_LIST Marker;\r
   int   NumberOfPrinted;\r
 \r
   VA_START (Marker, fmt);\r
-  NumberOfPrinted = (int)AsciiVSPrint (str, 1000000, fmt, Marker);\r
+  NumberOfPrinted = (int)AsciiVSPrint (str, sizeOfBuffer, fmt, Marker);\r
   VA_END (Marker);\r
 \r
   return NumberOfPrinted;\r

diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.h b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.h
index 18f2851e974a06cd51ed4b4bb10022ce080a8b39..cb791f8c84c65679e329ca4c74fe6ef3ecfe6520 100644 (file)
--- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.h
+++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.h
@@ -59,7 +59,7 @@ typedef UINTN size_t;
 \r
 int OnigStrCmp (char* Str1, char* Str2);\r
 \r
-int sprintf (char *str, char const *fmt, ...);\r
+int sprintf_s (char *str, size_t sizeOfBuffer, char const *fmt, ...);\r
 \r
 #define exit(n) ASSERT(FALSE);\r
 \r

diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
index c3ec3626eb44f857dd355f8db998604fe4272f9b..fbc764aa426695bb8189574c611ab1e4ba4c019a 100644 (file)
--- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
+++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c
@@ -191,12 +191,12 @@ onig_error_code_to_format(int code)
 \r
 static void sprint_byte(char* s, unsigned int v)\r
 {\r
-  sprintf(s, "%02x", (v & 0377));\r
+  sprintf_s(s, sizeof("00"), "%02x", (v & 0377));\r
 }\r
 \r
 static void sprint_byte_with_x(char* s, unsigned int v)\r
 {\r
-  sprintf(s, "\\x%02x", (v & 0377));\r
+  sprintf_s(s, sizeof("\\x00"), "\\x%02x", (v & 0377));\r
 }\r
 \r
 static int to_ascii(OnigEncoding enc, UChar *s, UChar *end,\r

diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c
index e72448a868ffb61af91924b8d9f91722e18b678c..fb1b9286a2063528436ea10ec121b99060952f91 100644 (file)
--- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c
+++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c
@@ -88,7 +88,7 @@ regerror(int posix_ecode, const regex_t* reg ARG_UNUSED, char* buf,
     s = "";\r
   }\r
   else {\r
-    sprintf(tbuf, "undefined error code (%d)", posix_ecode);\r
+    sprintf_s(tbuf, sizeof(tbuf), "undefined error code (%d)", posix_ecode);\r
     s = tbuf;\r
   }\r
 \r

diff --git a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regversion.c b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regversion.c
index 087c6ad8990ce2fd95d64d6fdca45cd67adc3fec..2c81244303e032fcc3cdff42ef6dd5698f540be6 100644 (file)
--- a/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regversion.c
+++ b/MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regversion.c
@@ -36,7 +36,9 @@ onig_version(void)
 {\r
   static char s[12];\r
 \r
-  sprintf(s, "%d.%d.%d",\r
+  sprintf_s(s, \r
+          sizeof(s),\r
+          "%d.%d.%d",\r
           ONIGURUMA_VERSION_MAJOR,\r
           ONIGURUMA_VERSION_MINOR,\r
           ONIGURUMA_VERSION_TEENY);\r
@@ -48,7 +50,9 @@ onig_copyright(void)
 {\r
   static char s[58];\r
 \r
-  sprintf(s, "Oniguruma %d.%d.%d : Copyright (C) 2002-2008 K.Kosako",\r
+  sprintf_s(s,\r
+          sizeof(s),\r
+          "Oniguruma %d.%d.%d : Copyright (C) 2002-2008 K.Kosako",\r
           ONIGURUMA_VERSION_MAJOR,\r
           ONIGURUMA_VERSION_MINOR,\r
           ONIGURUMA_VERSION_TEENY);\r