fix svace issue(17705530)

Change-Id: I2ce1c6b48d88cbfac23feb71a5abad3e7abd3309
Signed-off-by: HyiHong Chae <hh.chae@samsung.com>

diff --git a/examples/pathutils.c b/examples/pathutils.c
index 419a543..c51214c 100755 (executable)
--- a/examples/pathutils.c
+++ b/examples/pathutils.c
@@ -42,7 +42,7 @@ lookup_folder_id (LIBMTP_folder_t * folder, char * path, char * parent)
   }
 
   current = malloc (strlen(parent) + strlen(folder->name) + 2);
-  sprintf(current,"%s/%s",parent,folder->name);
+  snprintf(current,strlen(parent)+strlen(folder->name)+1,"%s/%s",parent,folder->name);
   if (strcasecmp (path, current) == 0) {
     free (current);
     return folder->folder_id;

diff --git a/packaging/libmtp.spec b/packaging/libmtp.spec
index 7b1869e..87f3d86 100755 (executable)
--- a/packaging/libmtp.spec
+++ b/packaging/libmtp.spec
@@ -3,7 +3,7 @@
 Name:       libmtp
 Summary:    Library for media transfer protocol (mtp)
 Version:    1.1.11
-Release:    4
+Release:    5
 Group:      Network & Connectivity/Other
 License:    LGPL-2.1
 Source0:    libmtp-%{version}.tar.gz

diff --git a/src/libmtp.c b/src/libmtp.c
index 0db6a16..83e32c7 100755 (executable)
--- a/src/libmtp.c
+++ b/src/libmtp.c
@@ -5532,10 +5532,10 @@ static char *generate_unique_filename(PTPParams* params, char const * const file
 
     suffix = 1;
     char newname[ strlen(basename) + 6 + strlen(extension_position)];
-    sprintf(newname, "%s_%d%s", basename, suffix, extension_position);
+    snprintf(newname, strlen(basename) + 5 + strlen(extension_position), "%s_%d%s", basename, suffix, extension_position);
     while ((check_filename_exists(params, newname)) && (suffix < 1000000)) {
       suffix++;
-      sprintf(newname, "%s_%d%s", basename, suffix, extension_position);
+      snprintf(newname, strlen(basename) + 5 + strlen(extension_position), "%s_%d%s", basename, suffix, extension_position);
     }
   return strdup(newname);
   }

diff --git a/src/mtpz.c b/src/mtpz.c
index a07fd9e..e5ebe27 100755 (executable)
--- a/src/mtpz.c
+++ b/src/mtpz.c
@@ -126,7 +126,7 @@ int mtpz_loaddata()
 
        int plen = strlen(home) + strlen("/.mtpz-data") + 1;
        char path[plen];
-       sprintf(path, "%s/.mtpz-data", home);
+       snprintf(path, plen-1, "%s/.mtpz-data", home);
 
        FILE *fdata = fopen(path, "r");
        if (!fdata)

diff --git a/src/playlist-spl.c b/src/playlist-spl.c
index de471a8..e1c6ad9 100755 (executable)
--- a/src/playlist-spl.c
+++ b/src/playlist-spl.c
@@ -601,7 +601,7 @@ static void spl_text_t_from_tracks(text_t** p,
   *p = c; // save the top of the list!
 
   char vs[14]; // "VERSION 2.00\0"
-  sprintf(vs,"VERSION %d.%02d",ver_major,ver_minor);
+  snprintf(vs,13,"VERSION %d.%02d",ver_major,ver_minor);
 
   append_text_t(&c, vs);
   append_text_t(&c, "");

diff --git a/src/ptp-pack.c b/src/ptp-pack.c
index 1b6a1e2..2912c3b 100755 (executable)
--- a/src/ptp-pack.c
+++ b/src/ptp-pack.c
@@ -2082,7 +2082,7 @@ ptp_unpack_CANON_changes (PTPParams *params, unsigned char* data, int datasize,
                                /* mask 0x0010: 4 bytes, 04 00 00 00 observed */
                                ce[i].type = PTP_CANON_EOS_CHANGES_TYPE_UNKNOWN;
                                ce[i].u.info = malloc(strlen("OLCInfo event 0x0010 content 01234567")+1); 
-                               sprintf(ce[i].u.info,"OLCInfo event 0x0010 content %02x%02x%02x%02x",
+                               snprintf(ce[i].u.info,strlen("OLCInfo event 0x0010 content 01234567"),"OLCInfo event 0x0010 content %02x%02x%02x%02x",
                                        curdata[curoff],
                                        curdata[curoff+1],
                                        curdata[curoff+2],
@@ -2095,7 +2095,7 @@ ptp_unpack_CANON_changes (PTPParams *params, unsigned char* data, int datasize,
                                /* mask 0x0020: 6 bytes, 00 00 00 00 00 00 observed */
                                ce[i].type = PTP_CANON_EOS_CHANGES_TYPE_UNKNOWN;
                                ce[i].u.info = malloc(strlen("OLCInfo event 0x0020 content 0123456789ab")+1); 
-                               sprintf(ce[i].u.info,"OLCInfo event 0x0020 content %02x%02x%02x%02x%02x%02x",
+                               snprintf(ce[i].u.info,strlen("OLCInfo event 0x0020 content 0123456789ab"),"OLCInfo event 0x0020 content %02x%02x%02x%02x%02x%02x",
                                        curdata[curoff],
                                        curdata[curoff+1],
                                        curdata[curoff+2],
@@ -2110,7 +2110,7 @@ ptp_unpack_CANON_changes (PTPParams *params, unsigned char* data, int datasize,
                                /* mask 0x0040: 7 bytes, 01 01 00 00 00 00 00 observed */
                                ce[i].type = PTP_CANON_EOS_CHANGES_TYPE_UNKNOWN;
                                ce[i].u.info = malloc(strlen("OLCInfo event 0x0040 content 0123456789abcd")+1); 
-                               sprintf(ce[i].u.info,"OLCInfo event 0x0040 content %02x%02x%02x%02x%02x%02x%02x",
+                               snprintf(ce[i].u.info,strlen("OLCInfo event 0x0040 content 0123456789abcd"),"OLCInfo event 0x0040 content %02x%02x%02x%02x%02x%02x%02x",
                                        curdata[curoff],
                                        curdata[curoff+1],
                                        curdata[curoff+2],
@@ -2126,7 +2126,7 @@ ptp_unpack_CANON_changes (PTPParams *params, unsigned char* data, int datasize,
                                /* mask 0x0080: 4 bytes, 00 00 00 00 observed */
                                ce[i].type = PTP_CANON_EOS_CHANGES_TYPE_UNKNOWN;
                                ce[i].u.info = malloc(strlen("OLCInfo event 0x0080 content 01234567")+1); 
-                               sprintf(ce[i].u.info,"OLCInfo event 0x0080 content %02x%02x%02x%02x",
+                               snprintf(ce[i].u.info,strlen("OLCInfo event 0x0080 content 01234567"),"OLCInfo event 0x0080 content %02x%02x%02x%02x",
                                        curdata[curoff],
                                        curdata[curoff+1],
                                        curdata[curoff+2],
@@ -2139,7 +2139,7 @@ ptp_unpack_CANON_changes (PTPParams *params, unsigned char* data, int datasize,
                                /* mask 0x0100: 6 bytes, 00 00 00 00 00 00 (before focus) and 00 00 00 00 01 00 (on focus) observed */
                                ce[i].type = PTP_CANON_EOS_CHANGES_TYPE_UNKNOWN;
                                ce[i].u.info = malloc(strlen("OLCInfo event 0x0100 content 0123456789ab")+1); 
-                               sprintf(ce[i].u.info,"OLCInfo event 0x0100 content %02x%02x%02x%02x%02x%02x",
+                               snprintf(ce[i].u.info,strlen("OLCInfo event 0x0100 content 0123456789ab"),"OLCInfo event 0x0100 content %02x%02x%02x%02x%02x%02x",
                                        curdata[curoff],
                                        curdata[curoff+1],
                                        curdata[curoff+2],
@@ -2154,7 +2154,7 @@ ptp_unpack_CANON_changes (PTPParams *params, unsigned char* data, int datasize,
                                /* mask 0x0200: 7 bytes, 00 00 00 00 00 00 00 observed */
                                ce[i].type = PTP_CANON_EOS_CHANGES_TYPE_UNKNOWN;
                                ce[i].u.info = malloc(strlen("OLCInfo event 0x0200 content 0123456789abcd")+1); 
-                               sprintf(ce[i].u.info,"OLCInfo event 0x0200 content %02x%02x%02x%02x%02x%02x%02x",
+                               snprintf(ce[i].u.info,strlen("OLCInfo event 0x0200 content 0123456789abcd"),"OLCInfo event 0x0200 content %02x%02x%02x%02x%02x%02x%02x",
                                        curdata[curoff],
                                        curdata[curoff+1],
                                        curdata[curoff+2],
@@ -2170,7 +2170,7 @@ ptp_unpack_CANON_changes (PTPParams *params, unsigned char* data, int datasize,
                                /* mask 0x0400: 7 bytes, 00 00 00 00 00 00 00 observed */
                                ce[i].type = PTP_CANON_EOS_CHANGES_TYPE_UNKNOWN;
                                ce[i].u.info = malloc(strlen("OLCInfo event 0x0400 content 0123456789abcd")+1); 
-                               sprintf(ce[i].u.info,"OLCInfo event 0x0400 content %02x%02x%02x%02x%02x%02x%02x",
+                               snprintf(ce[i].u.info,strlen("OLCInfo event 0x0400 content 0123456789abcd"),"OLCInfo event 0x0400 content %02x%02x%02x%02x%02x%02x%02x",
                                        curdata[curoff],
                                        curdata[curoff+1],
                                        curdata[curoff+2],
@@ -2187,7 +2187,7 @@ ptp_unpack_CANON_changes (PTPParams *params, unsigned char* data, int datasize,
                                /*   might be mask of focus points selected */
                                ce[i].type = PTP_CANON_EOS_CHANGES_TYPE_UNKNOWN;
                                ce[i].u.info = malloc(strlen("OLCInfo event 0x0800 content 0123456789abcdef")+1); 
-                               sprintf(ce[i].u.info,"OLCInfo event 0x0800 content %02x%02x%02x%02x%02x%02x%02x%02x",
+                               snprintf(ce[i].u.info,strlen("OLCInfo event 0x0800 content 0123456789abcdef"),"OLCInfo event 0x0800 content %02x%02x%02x%02x%02x%02x%02x%02x",
                                        curdata[curoff],
                                        curdata[curoff+1],
                                        curdata[curoff+2],
@@ -2204,7 +2204,7 @@ ptp_unpack_CANON_changes (PTPParams *params, unsigned char* data, int datasize,
                                /* mask 0x1000: 1 byte, 00 observed */
                                ce[i].type = PTP_CANON_EOS_CHANGES_TYPE_UNKNOWN;
                                ce[i].u.info = malloc(strlen("OLCInfo event 0x1000 content 01")+1); 
-                               sprintf(ce[i].u.info,"OLCInfo event 0x1000 content %02x",
+                               snprintf(ce[i].u.info,strlen("OLCInfo event 0x1000 content 01"),"OLCInfo event 0x1000 content %02x",
                                        curdata[curoff]
                                );
                                curoff += 1;
@@ -2213,7 +2213,7 @@ ptp_unpack_CANON_changes (PTPParams *params, unsigned char* data, int datasize,
                        /* handle more masks */
                        ce[i].type = PTP_CANON_EOS_CHANGES_TYPE_UNKNOWN;
                        ce[i].u.info = malloc(strlen("OLCInfo event mask 0123456789")+1);
-                       sprintf(ce[i].u.info, "OLCInfo event mask=%x",  mask);
+                       snprintf(ce[i].u.info, strlen("OLCInfo event mask 0123456789"), "OLCInfo event mask=%x",  mask);
                        break;
                }
                case PTP_EC_CANON_EOS_CameraStatusChanged:
@@ -2229,15 +2229,15 @@ ptp_unpack_CANON_changes (PTPParams *params, unsigned char* data, int datasize,
                        break;
                case PTP_EC_CANON_EOS_BulbExposureTime:
                        ce[i].type = PTP_CANON_EOS_CHANGES_TYPE_UNKNOWN;
-                       ce[i].u.info = malloc(strlen("BulbExposureTime 123456789"));
-                       sprintf (ce[i].u.info, "BulbExposureTime %d",  dtoh32a(curdata+8));
+                       ce[i].u.info = malloc(strlen("BulbExposureTime 123456789")+1);
+                       snprintf (ce[i].u.info, strlen("BulbExposureTime 123456789"), "BulbExposureTime %d",  dtoh32a(curdata+8));
                        break;
                default:
                        switch (type) {
 #define XX(x)          case PTP_EC_CANON_EOS_##x:                                                              \
                                ptp_debug (params, "event %d: unhandled EOS event "#x" (size %d)", i, size);    \
-                               ce[i].u.info = malloc(strlen("unhandled EOS event "#x" (size 123456789)"));     \
-                               sprintf (ce[i].u.info, "unhandled EOS event "#x" (size %d)",  size);            \
+                               ce[i].u.info = malloc(strlen("unhandled EOS event "#x" (size 123456789)")+1);   \
+                               snprintf (ce[i].u.info, strlen("unhandled EOS event "#x" (size 123456789)"), "unhandled EOS event "#x" (size %d)",  size);              \
                                break;
                        XX(RequestGetEvent)
                        XX(ObjectRemoved)