size_t i;
char *u = r + sizeof (qemu_prefix) - 1;
- strcpy (r, qemu_prefix);
- strcat (r, s);
+ pstrcpy (r, len + sizeof (qemu_prefix), qemu_prefix);
+ pstrcat (r, len, s);
for (i = 0; i < len; ++i) {
u[i] = toupper (u[i]);
{
char *optname;
const char qemu_prefix[] = "QEMU_";
- size_t preflen;
+ size_t preflen, optlen;
if (audio_bug (AUDIO_FUNC, !prefix)) {
dolog ("prefix = NULL\n");
/* len of opt->name + len of prefix + size of qemu_prefix
* (includes trailing zero) + zero + underscore (on behalf of
* sizeof) */
- optname = qemu_malloc (len + preflen + sizeof (qemu_prefix) + 1);
+ optlen = len + preflen + sizeof (qemu_prefix) + 1;
+ optname = qemu_malloc (optlen);
if (!optname) {
dolog ("Could not allocate memory for option name `%s'\n",
opt->name);
continue;
}
- strcpy (optname, qemu_prefix);
+ pstrcpy (optname, optlen, qemu_prefix);
+ optlen -= preflen;
/* copy while upper-casing, including trailing zero */
for (i = 0; i <= preflen; ++i) {
optname[i + sizeof (qemu_prefix) - 1] = toupper (prefix[i]);
}
- strcat (optname, "_");
- strcat (optname, opt->name);
+ pstrcat (optname, optlen, "_");
+ optlen--;
+ pstrcat (optname, optlen, opt->name);
+ optlen -= len;
def = 1;
switch (opt->tag) {
return -1;
tmp_str = strstr(desc,"parentCID");
- strcpy(tmp_desc, tmp_str);
+ pstrcpy(tmp_desc, sizeof(tmp_desc), tmp_str);
if ((p_name = strstr(desc,"CID")) != 0) {
p_name += sizeof("CID");
- sprintf(p_name,"%x\n",cid);
- strcat(desc,tmp_desc);
+ snprintf(p_name, sizeof(desc) - (p_name - desc), "%x\n", cid);
+ pstrcat(desc, sizeof(desc), tmp_desc);
}
if (bdrv_pwrite(s->hd, 0x200, desc, DESC_SIZE) != DESC_SIZE)
if ((temp_str = strrchr(real_filename, ':')) != NULL)
real_filename = temp_str + 1;
- sprintf(s_desc, desc_template, p_cid, p_cid, backing_file
- , (uint32_t)header.capacity, real_filename);
+ snprintf(s_desc, sizeof(s_desc), desc_template, p_cid, p_cid, backing_file,
+ (uint32_t)header.capacity, real_filename);
/* write the descriptor */
if (lseek(snp_fd, 0x200, SEEK_SET) == -1)
path_combine(parent_img_name, sizeof(parent_img_name),
filename, s->hd->backing_file);
} else {
- strcpy(parent_img_name, s->hd->backing_file);
+ pstrcpy(parent_img_name, sizeof(parent_img_name),
+ s->hd->backing_file);
}
s->hd->backing_hd = bdrv_new("");
real_filename = temp_str + 1;
if ((temp_str = strrchr(real_filename, ':')) != NULL)
real_filename = temp_str + 1;
- sprintf(desc, desc_template, time(NULL), (unsigned long)total_size,
- real_filename, (flags & BLOCK_FLAG_COMPAT6 ? 6 : 4), total_size / (63 * 16));
+ snprintf(desc, sizeof(desc), desc_template, time(NULL), (unsigned long)total_size,
+ real_filename, (flags & BLOCK_FLAG_COMPAT6 ? 6 : 4), total_size / (63 * 16));
/* write the descriptor */
lseek(fd, le64_to_cpu(header.desc_offset) << 9, SEEK_SET);
char path2[PATH_MAX];
assert(path_len < PATH_MAX); /* len was tested before! */
- strcpy(path2, path);
+ pstrcpy(path2, sizeof(path2), path);
path2[path_len] = '/';
path2[path_len + 1] = '\0';
fprintf(stderr, "Name too long: %s/%s\n", path, lfn.name);
goto fail;
}
- strcpy(path2 + path_len + 1, (char*)lfn.name);
+ pstrcpy(path2 + path_len + 1, sizeof(path2) - path_len - 1,
+ (char*)lfn.name);
if (is_directory(direntries + i)) {
if (begin_of_direntry(direntries + i) == 0) {
assert(!strncmp(m->path, mapping->path, l2));
- strcpy(new_path, mapping->path);
- strcpy(new_path + l1, m->path + l2);
+ pstrcpy(new_path, l + diff + 1, mapping->path);
+ pstrcpy(new_path + l1, l + diff + 1 - l1,
+ m->path + l2);
schedule_rename(s, m->begin, new_path);
}
typedef int64_t bfd_signed_vma;
typedef uint8_t bfd_byte;
#define sprintf_vma(s,x) sprintf (s, "%0" PRIx64, x)
+#define snprintf_vma(s,ss,x) snprintf (s, ss, "%0" PRIx64, x)
#define BFD64
/* parse any 'q' packets here */
if (!strcmp(p,"qemu.sstepbits")) {
/* Query Breakpoint bit definitions */
- sprintf(buf,"ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
- SSTEP_ENABLE,
- SSTEP_NOIRQ,
- SSTEP_NOTIMER);
+ snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
+ SSTEP_ENABLE,
+ SSTEP_NOIRQ,
+ SSTEP_NOTIMER);
put_packet(s, buf);
break;
} else if (strncmp(p,"qemu.sstep",10) == 0) {
p += 10;
if (*p != '=') {
/* Display current setting */
- sprintf(buf,"0x%x", sstep_flags);
+ snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
put_packet(s, buf);
break;
}
else if (strncmp(p, "Offsets", 7) == 0) {
TaskState *ts = env->opaque;
- sprintf(buf,
- "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
- ";Bss=" TARGET_ABI_FMT_lx,
- ts->info->code_offset,
- ts->info->data_offset,
- ts->info->data_offset);
+ snprintf(buf, sizeof(buf),
+ "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
+ ";Bss=" TARGET_ABI_FMT_lx,
+ ts->info->code_offset,
+ ts->info->data_offset,
+ ts->info->data_offset);
put_packet(s, buf);
break;
}
switch (*fmt++) {
case 'x':
addr = va_arg(va, target_ulong);
- p += sprintf(p, TARGET_FMT_lx, addr);
+ p += snprintf(p, &buf[sizeof(buf)] - p, TARGET_FMT_lx, addr);
break;
case 'l':
if (*(fmt++) != 'x')
goto bad_format;
i64 = va_arg(va, uint64_t);
- p += sprintf(p, "%" PRIx64, i64);
+ p += snprintf(p, &buf[sizeof(buf)] - p, "%" PRIx64, i64);
break;
case 's':
addr = va_arg(va, target_ulong);
- p += sprintf(p, TARGET_FMT_lx "/%x", addr, va_arg(va, int));
+ p += snprintf(p, &buf[sizeof(buf)] - p, TARGET_FMT_lx "/%x",
+ addr, va_arg(va, int));
break;
default:
bad_format:
for (i = 0; i < sizeof(image); i++)
image[i] = m48t59_read(nvram, i) & 0xff;
- strcpy((char *)header->boot_devices, boot_device);
+ pstrcpy((char *)header->boot_devices, sizeof(header->boot_devices),
+ boot_device);
header->nboot_devices = strlen(boot_device) & 0xff;
header->crc = cpu_to_be16(OHW_compute_crc(header, 0x00, 0xF8));
memset(image, '\0', sizeof(image));
// Try to match PPC NVRAM
- strcpy((char *)header->struct_ident, "QEMU_BIOS");
+ pstrcpy((char *)header->struct_ident, sizeof(header->struct_ident),
+ "QEMU_BIOS");
header->struct_version = cpu_to_be32(3); /* structure v3 */
header->nvram_size = cpu_to_be16(0x2000);
header->nvram_arch_ptr = cpu_to_be16(sizeof(ohwcfg_v3_t));
header->nvram_arch_size = cpu_to_be16(sizeof(struct sparc_arch_cfg));
- strcpy((char *)header->arch, arch);
+ pstrcpy((char *)header->arch, sizeof(header->arch), arch);
header->nb_cpus = smp_cpus & 0xff;
header->RAM0_base = 0;
header->RAM0_size = cpu_to_be64((uint64_t)RAM_size);
- strcpy((char *)header->boot_devices, boot_devices);
+ pstrcpy((char *)header->boot_devices, sizeof(header->boot_devices),
+ boot_devices);
header->nboot_devices = strlen(boot_devices) & 0xff;
header->kernel_image = cpu_to_be64((uint64_t)KERNEL_LOAD_ADDR);
header->kernel_size = cpu_to_be64((uint64_t)kernel_size);
// Variable partition
part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
part_header->signature = OPENBIOS_PART_SYSTEM;
- strcpy(part_header->name, "system");
+ pstrcpy(part_header->name, sizeof(part_header->name), "system");
end = start + sizeof(struct OpenBIOS_nvpart_v1);
for (i = 0; i < nb_prom_envs; i++)
start = end;
part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
part_header->signature = OPENBIOS_PART_FREE;
- strcpy(part_header->name, "free");
+ pstrcpy(part_header->name, sizeof(part_header->name), "free");
end = 0x1fd0;
OpenBIOS_finish_partition(part_header, end - start);
for (i = 0; i < sizeof(image); i++)
image[i] = m48t59_read(nvram, i) & 0xff;
- strcpy((char *)header->boot_devices, boot_device);
+ pstrcpy((char *)header->boot_devices, sizeof(header->boot_devices),
+ boot_device);
header->nboot_devices = strlen(boot_device) & 0xff;
header->crc = cpu_to_be16(OHW_compute_crc(header, 0x00, 0xF8));
memset(image, '\0', sizeof(image));
// Try to match PPC NVRAM
- strcpy((char *)header->struct_ident, "QEMU_BIOS");
+ pstrcpy((char *)header->struct_ident, sizeof(header->struct_ident),
+ "QEMU_BIOS");
header->struct_version = cpu_to_be32(3); /* structure v3 */
header->nvram_size = cpu_to_be16(NVRAM_size);
header->nvram_arch_ptr = cpu_to_be16(sizeof(ohwcfg_v3_t));
header->nvram_arch_size = cpu_to_be16(sizeof(struct sparc_arch_cfg));
- strcpy((char *)header->arch, arch);
+ pstrcpy((char *)header->arch, sizeof(header->arch), arch);
header->nb_cpus = smp_cpus & 0xff;
header->RAM0_base = 0;
header->RAM0_size = cpu_to_be64((uint64_t)RAM_size);
- strcpy((char *)header->boot_devices, boot_devices);
+ pstrcpy((char *)header->boot_devices, sizeof(header->boot_devices),
+ boot_devices);
header->nboot_devices = strlen(boot_devices) & 0xff;
header->kernel_image = cpu_to_be64((uint64_t)kernel_image);
header->kernel_size = cpu_to_be64((uint64_t)kernel_size);
// Variable partition
part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
part_header->signature = OPENBIOS_PART_SYSTEM;
- strcpy(part_header->name, "system");
+ pstrcpy(part_header->name, sizeof(part_header->name), "system");
end = start + sizeof(struct OpenBIOS_nvpart_v1);
for (i = 0; i < nb_prom_envs; i++)
start = end;
part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
part_header->signature = OPENBIOS_PART_FREE;
- strcpy(part_header->name, "free");
+ pstrcpy(part_header->name, sizeof(part_header->name), "free");
end = 0x1fd0;
OpenBIOS_finish_partition(part_header, end - start);
} USBNetState;
static int ndis_query(USBNetState *s, uint32_t oid,
- uint8_t *inbuf, unsigned int inlen, uint8_t *outbuf)
+ uint8_t *inbuf, unsigned int inlen, uint8_t *outbuf,
+ size_t outlen)
{
unsigned int i, count;
/* mandatory */
case OID_GEN_VENDOR_DESCRIPTION:
- strcpy(outbuf, "QEMU USB RNDIS Net");
+ pstrcpy(outbuf, outlen, "QEMU USB RNDIS Net");
return strlen(outbuf) + 1;
case OID_GEN_VENDOR_DRIVER_VERSION:
return USB_RET_STALL;
infobuflen = ndis_query(s, le32_to_cpu(buf->OID),
- bufoffs + (uint8_t *) buf, buflen, infobuf);
+ bufoffs + (uint8_t *) buf, buflen, infobuf,
+ sizeof(infobuf));
resplen = sizeof(rndis_query_cmplt_type) +
((infobuflen < 0) ? 0 : infobuflen);
resp = rndis_queue_response(s, resplen);
if (!full_update)
return;
- sprintf(msg_buffer, "%i x %i Text mode", width, height);
+ snprintf(msg_buffer, sizeof(msg_buffer), "%i x %i Text mode",
+ width, height);
break;
}
return;
s->get_resolution(s, &width, &height);
- sprintf(msg_buffer, "%i x %i Graphic mode", width, height);
+ snprintf(msg_buffer, sizeof(msg_buffer), "%i x %i Graphic mode",
+ width, height);
break;
case GMODE_BLANK:
default:
if (!full_update)
return;
- sprintf(msg_buffer, "VGA Blank mode");
+ snprintf(msg_buffer, sizeof(msg_buffer), "VGA Blank mode");
break;
}
#include <stdlib.h>
#include "dis-asm.h"
+#include "qemu-common.h"
#define MAXLEN 20
static void oappend PARAMS ((const char *));
static void append_seg PARAMS ((void));
static void OP_indirE PARAMS ((int, int));
-static void print_operand_value PARAMS ((char *, int, bfd_vma));
+static void print_operand_value (char *buf, size_t bufsize, int hex,
+ bfd_vma disp);
static void OP_E PARAMS ((int, int));
static void OP_G PARAMS ((int, int));
static bfd_vma get64 PARAMS ((void));
/* Instruction fnstsw is only one with strange arg. */
if (floatop == 0xdf && codep[-1] == 0xe0)
- strcpy (op1out, names16[0]);
+ pstrcpy (op1out, sizeof(op1out), names16[0]);
}
else
{
int bytemode;
int sizeflag;
{
- sprintf (scratchbuf, "%%st(%d)", rm);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%st(%d)", rm);
oappend (scratchbuf + intel_syntax);
}
if (*p == '}')
{
/* Alternative not valid. */
- strcpy (obuf, "(bad)");
+ pstrcpy (obuf, sizeof(obuf), "(bad)");
obufp = obuf + 5;
return 1;
}
oappend (s)
const char *s;
{
- strcpy (obufp, s);
+ pstrcpy (obufp, (size_t)(obufp - obuf), s);
obufp += strlen (s);
}
}
static void
-print_operand_value (buf, hex, disp)
- char *buf;
- int hex;
- bfd_vma disp;
+print_operand_value (char *buf, size_t bufsize, int hex, bfd_vma disp)
{
if (mode_64bit)
{
int i;
buf[0] = '0';
buf[1] = 'x';
- sprintf_vma (tmp, disp);
+ snprintf_vma (tmp, sizeof(tmp), disp);
for (i = 0; tmp[i] == '0' && tmp[i + 1]; i++);
- strcpy (buf + 2, tmp + i);
+ pstrcpy (buf + 2, bufsize - 2, tmp + i);
}
else
{
/* Check for possible overflow on 0x8000000000000000. */
if (v < 0)
{
- strcpy (buf, "9223372036854775808");
+ pstrcpy (buf, bufsize, "9223372036854775808");
return;
}
}
if (!v)
{
- strcpy (buf, "0");
+ pstrcpy (buf, bufsize, "0");
return;
}
v /= 10;
i++;
}
- strcpy (buf, tmp + 29 - i);
+ pstrcpy (buf, bufsize, tmp + 29 - i);
}
}
else
{
if (hex)
- sprintf (buf, "0x%x", (unsigned int) disp);
+ snprintf (buf, bufsize, "0x%x", (unsigned int) disp);
else
- sprintf (buf, "%d", (int) disp);
+ snprintf (buf, bufsize, "%d", (int) disp);
}
}
if (!intel_syntax)
if (mod != 0 || (base & 7) == 5)
{
- print_operand_value (scratchbuf, !riprel, disp);
+ print_operand_value (scratchbuf, sizeof(scratchbuf), !riprel, disp);
oappend (scratchbuf);
if (riprel)
{
*obufp++ = separator_char;
*obufp = '\0';
}
- sprintf (scratchbuf, "%s",
- mode_64bit && (sizeflag & AFLAG)
- ? names64[index] : names32[index]);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%s",
+ mode_64bit && (sizeflag & AFLAG)
+ ? names64[index] : names32[index]);
}
else
- sprintf (scratchbuf, ",%s",
- mode_64bit && (sizeflag & AFLAG)
- ? names64[index] : names32[index]);
+ snprintf (scratchbuf, sizeof(scratchbuf), ",%s",
+ mode_64bit && (sizeflag & AFLAG)
+ ? names64[index] : names32[index]);
oappend (scratchbuf);
}
if (!intel_syntax
{
*obufp++ = scale_char;
*obufp = '\0';
- sprintf (scratchbuf, "%d", 1 << scale);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%d", 1 << scale);
oappend (scratchbuf);
}
}
*obufp = '\0';
}
- print_operand_value (scratchbuf, 0, disp);
+ print_operand_value (scratchbuf, sizeof(scratchbuf), 0,
+ disp);
oappend (scratchbuf);
}
}
oappend (names_seg[ds_reg - es_reg]);
oappend (":");
}
- print_operand_value (scratchbuf, 1, disp);
+ print_operand_value (scratchbuf, sizeof(scratchbuf), 1, disp);
oappend (scratchbuf);
}
}
if (!intel_syntax)
if (mod != 0 || (rm & 7) == 6)
{
- print_operand_value (scratchbuf, 0, disp);
+ print_operand_value (scratchbuf, sizeof(scratchbuf), 0, disp);
oappend (scratchbuf);
}
op &= mask;
scratchbuf[0] = '$';
- print_operand_value (scratchbuf + 1, 1, op);
+ print_operand_value (scratchbuf + 1, sizeof(scratchbuf) - 1, 1, op);
oappend (scratchbuf + intel_syntax);
scratchbuf[0] = '\0';
}
op &= mask;
scratchbuf[0] = '$';
- print_operand_value (scratchbuf + 1, 1, op);
+ print_operand_value (scratchbuf + 1, sizeof(scratchbuf) - 1, 1, op);
oappend (scratchbuf + intel_syntax);
scratchbuf[0] = '\0';
}
}
scratchbuf[0] = '$';
- print_operand_value (scratchbuf + 1, 1, op);
+ print_operand_value (scratchbuf + 1, sizeof(scratchbuf) - 1, 1, op);
oappend (scratchbuf + intel_syntax);
}
}
disp = (start_pc + codep - start_codep + disp) & mask;
set_op (disp, 0);
- print_operand_value (scratchbuf, 1, disp);
+ print_operand_value (scratchbuf, sizeof(scratchbuf), 1, disp);
oappend (scratchbuf);
}
}
used_prefixes |= (prefixes & PREFIX_DATA);
if (intel_syntax)
- sprintf (scratchbuf, "0x%x,0x%x", seg, offset);
+ snprintf (scratchbuf, sizeof(scratchbuf), "0x%x,0x%x", seg, offset);
else
- sprintf (scratchbuf, "$0x%x,$0x%x", seg, offset);
+ snprintf (scratchbuf, sizeof(scratchbuf), "$0x%x,$0x%x", seg, offset);
oappend (scratchbuf);
}
oappend (":");
}
}
- print_operand_value (scratchbuf, 1, off);
+ print_operand_value (scratchbuf, sizeof(scratchbuf), 1, off);
oappend (scratchbuf);
}
oappend (":");
}
}
- print_operand_value (scratchbuf, 1, off);
+ print_operand_value (scratchbuf, sizeof(scratchbuf), 1, off);
oappend (scratchbuf);
}
USED_REX (REX_EXTX);
if (rex & REX_EXTX)
add = 8;
- sprintf (scratchbuf, "%%cr%d", reg + add);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%cr%d", reg + add);
oappend (scratchbuf + intel_syntax);
}
if (rex & REX_EXTX)
add = 8;
if (intel_syntax)
- sprintf (scratchbuf, "db%d", reg + add);
+ snprintf (scratchbuf, sizeof(scratchbuf), "db%d", reg + add);
else
- sprintf (scratchbuf, "%%db%d", reg + add);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%db%d", reg + add);
oappend (scratchbuf);
}
int dummy;
int sizeflag;
{
- sprintf (scratchbuf, "%%tr%d", reg);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%tr%d", reg);
oappend (scratchbuf + intel_syntax);
}
add = 8;
used_prefixes |= (prefixes & PREFIX_DATA);
if (prefixes & PREFIX_DATA)
- sprintf (scratchbuf, "%%xmm%d", reg + add);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%xmm%d", reg + add);
else
- sprintf (scratchbuf, "%%mm%d", reg + add);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%mm%d", reg + add);
oappend (scratchbuf + intel_syntax);
}
USED_REX (REX_EXTX);
if (rex & REX_EXTX)
add = 8;
- sprintf (scratchbuf, "%%xmm%d", reg + add);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%xmm%d", reg + add);
oappend (scratchbuf + intel_syntax);
}
codep++;
used_prefixes |= (prefixes & PREFIX_DATA);
if (prefixes & PREFIX_DATA)
- sprintf (scratchbuf, "%%xmm%d", rm + add);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%xmm%d", rm + add);
else
- sprintf (scratchbuf, "%%mm%d", rm + add);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%mm%d", rm + add);
oappend (scratchbuf + intel_syntax);
}
/* Skip mod/rm byte. */
MODRM_CHECK;
codep++;
- sprintf (scratchbuf, "%%xmm%d", rm + add);
+ snprintf (scratchbuf, sizeof(scratchbuf), "%%xmm%d", rm + add);
oappend (scratchbuf + intel_syntax);
}
suffix1 = 's', suffix2 = 'd';
}
}
- sprintf (scratchbuf, "cmp%s%c%c",
- simd_cmp_op[cmp_type], suffix1, suffix2);
+ snprintf (scratchbuf, sizeof(scratchbuf), "cmp%s%c%c",
+ simd_cmp_op[cmp_type], suffix1, suffix2);
used_prefixes |= (prefixes & PREFIX_REPZ);
oappend (scratchbuf);
}
goto fail;
}
str = qemu_malloc(strlen(buf) + 1);
- strcpy(str, buf);
+ pstrcpy(str, sizeof(buf), buf);
str_allocated[nb_args] = str;
add_str:
if (nb_args >= MAX_ARGS) {
if (!p) {
input_path_len = 0;
pstrcpy(file_prefix, sizeof(file_prefix), input);
- strcpy(path, ".");
+ pstrcpy(path, sizeof(path), ".");
} else {
input_path_len = p - input + 1;
memcpy(path, input, input_path_len);
break;
if (strstart(d->d_name, file_prefix, NULL)) {
memcpy(file, input, input_path_len);
- strcpy(file + input_path_len, d->d_name);
+ if (input_path_len < sizeof(file))
+ pstrcpy(file + input_path_len, sizeof(file) - input_path_len,
+ d->d_name);
/* stat the file to find out if it's a directory.
* In that case add a slash to speed up typing long paths
*/
stat(file, &sb);
if(S_ISDIR(sb.st_mode))
- strcat(file, "/");
+ pstrcat(file, sizeof(file), "/");
add_completion(file);
}
}
char *qemu_strdup(const char *str)
{
char *ptr;
- ptr = qemu_malloc(strlen(str) + 1);
+ size_t len = strlen(str);
+ ptr = qemu_malloc(len + 1);
if (!ptr)
return NULL;
- strcpy(ptr, str);
+ pstrcpy(ptr, len, str);
return ptr;
}
{
char buff[256];
- sprintf(buff, "Error: execvp of %s failed: %s\n",
- argv[0], strerror(errno));
+ snprintf(buff, sizeof(buff),
+ "Error: execvp of %s failed: %s\n",
+ argv[0], strerror(errno));
write(2, buff, strlen(buff)+1);
}
close(0); close(1); close(2); /* XXX */
static int get_dns_addr(struct in_addr *pdns_addr)
{
char buff[512];
- char buff2[256];
+ char buff2[257];
FILE *f;
int found = 0;
struct in_addr tmp_addr;
struct mbuf *m;
{
u_int n1, n2, n3, n4, n5, n6;
- char buff[256];
+ char buff[257];
u_int32_t laddr;
u_int lport;
char *bptr;
}
}
}
- so_rcv->sb_cc = sprintf(so_rcv->sb_data, "%d,%d\r\n", n1, n2);
+ so_rcv->sb_cc = snprintf(so_rcv->sb_data,
+ so_rcv->sb_datalen,
+ "%d,%d\r\n", n1, n2);
so_rcv->sb_rptr = so_rcv->sb_data;
so_rcv->sb_wptr = so_rcv->sb_data + so_rcv->sb_cc;
}
n4 = (laddr & 0xff);
m->m_len = bptr - m->m_data; /* Adjust length */
- m->m_len += sprintf(bptr,"ORT %d,%d,%d,%d,%d,%d\r\n%s",
- n1, n2, n3, n4, n5, n6, x==7?buff:"");
+ m->m_len += snprintf(bptr, m->m_hdr.mh_size - m->m_len,
+ "ORT %d,%d,%d,%d,%d,%d\r\n%s",
+ n1, n2, n3, n4, n5, n6, x==7?buff:"");
return 1;
} else if ((bptr = (char *)strstr(m->m_data, "27 Entering")) != NULL) {
/*
n4 = (laddr & 0xff);
m->m_len = bptr - m->m_data; /* Adjust length */
- m->m_len += sprintf(bptr,"27 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n%s",
- n1, n2, n3, n4, n5, n6, x==7?buff:"");
+ m->m_len += snprintf(bptr, m->m_hdr.mh_size - m->m_len,
+ "27 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n%s",
+ n1, n2, n3, n4, n5, n6, x==7?buff:"");
return 1;
}
}
if (m->m_data[m->m_len-1] == '\0' && lport != 0 &&
(so = solisten(0, so->so_laddr.s_addr, htons(lport), SS_FACCEPTONCE)) != NULL)
- m->m_len = sprintf(m->m_data, "%d", ntohs(so->so_fport))+1;
+ m->m_len = snprintf(m->m_data, m->m_hdr.mh_size, "%d",
+ ntohs(so->so_fport)) + 1;
return 1;
case EMU_IRC:
return 1;
m->m_len = bptr - m->m_data; /* Adjust length */
- m->m_len += sprintf(bptr, "DCC CHAT chat %lu %u%c\n",
- (unsigned long)ntohl(so->so_faddr.s_addr),
- ntohs(so->so_fport), 1);
+ m->m_len += snprintf(bptr, m->m_hdr.mh_size,
+ "DCC CHAT chat %lu %u%c\n",
+ (unsigned long)ntohl(so->so_faddr.s_addr),
+ ntohs(so->so_fport), 1);
} else if (sscanf(bptr, "DCC SEND %256s %u %u %u", buff, &laddr, &lport, &n1) == 4) {
if ((so = solisten(0, htonl(laddr), htons(lport), SS_FACCEPTONCE)) == NULL)
return 1;
m->m_len = bptr - m->m_data; /* Adjust length */
- m->m_len += sprintf(bptr, "DCC SEND %s %lu %u %u%c\n",
- buff, (unsigned long)ntohl(so->so_faddr.s_addr),
- ntohs(so->so_fport), n1, 1);
+ m->m_len += snprintf(bptr, m->m_hdr.mh_size,
+ "DCC SEND %s %lu %u %u%c\n", buff,
+ (unsigned long)ntohl(so->so_faddr.s_addr),
+ ntohs(so->so_fport), n1, 1);
} else if (sscanf(bptr, "DCC MOVE %256s %u %u %u", buff, &laddr, &lport, &n1) == 4) {
if ((so = solisten(0, htonl(laddr), htons(lport), SS_FACCEPTONCE)) == NULL)
return 1;
m->m_len = bptr - m->m_data; /* Adjust length */
- m->m_len += sprintf(bptr, "DCC MOVE %s %lu %u %u%c\n",
- buff, (unsigned long)ntohl(so->so_faddr.s_addr),
- ntohs(so->so_fport), n1, 1);
+ m->m_len += snprintf(bptr, m->m_hdr.mh_size,
+ "DCC MOVE %s %lu %u %u%c\n", buff,
+ (unsigned long)ntohl(so->so_faddr.s_addr),
+ ntohs(so->so_fport), n1, 1);
}
return 1;
/* FALLTHROUGH */
case CTL_ALIAS:
- sb->sb_cc = sprintf(sb->sb_wptr,
- "Error: No application configured.\r\n");
+ sb->sb_cc = snprintf(sb->sb_wptr, sb->sb_datalen - (sb->sb_wptr - sb->sb_data),
+ "Error: No application configured.\r\n");
sb->sb_wptr += sb->sb_cc;
return(0);
*/
#include <slirp.h>
+#include "qemu-common.h" // for pstrcpy
struct tftp_session {
int in_use;
m->m_data += sizeof(struct udpiphdr);
tp->tp_op = htons(TFTP_OACK);
- n += sprintf(tp->x.tp_buf + n, "%s", key) + 1;
- n += sprintf(tp->x.tp_buf + n, "%u", value) + 1;
+ n += snprintf(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%s", key) + 1;
+ n += snprintf(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%u", value) + 1;
saddr.sin_addr = recv_tp->ip.ip_dst;
saddr.sin_port = recv_tp->udp.uh_dport;
tp->tp_op = htons(TFTP_ERROR);
tp->x.tp_error.tp_error_code = htons(errorcode);
- strcpy(tp->x.tp_error.tp_msg, msg);
+ pstrcpy(tp->x.tp_error.tp_msg, sizeof(tp->x.tp_error.tp_msg), msg);
saddr.sin_addr = recv_tp->ip.ip_dst;
saddr.sin_port = recv_tp->udp.uh_dport;
char cbuf[50] = "\n\r";
if (term_escape_char > 0 && term_escape_char < 26) {
- sprintf(cbuf,"\n\r");
- sprintf(ebuf,"C-%c", term_escape_char - 1 + 'a');
+ snprintf(cbuf, sizeof(cbuf), "\n\r");
+ snprintf(ebuf, sizeof(ebuf), "C-%c", term_escape_char - 1 + 'a');
} else {
- sprintf(cbuf,"\n\rEscape-Char set to Ascii: 0x%02x\n\r\n\r",
- term_escape_char);
+ snprintf(cbuf, sizeof(cbuf),
+ "\n\rEscape-Char set to Ascii: 0x%02x\n\r\n\r",
+ term_escape_char);
}
chr->chr_write(chr, (uint8_t *)cbuf, strlen(cbuf));
for (i = 0; mux_help[i] != NULL; i++) {
* Allocate TAP device, returns opened fd.
* Stores dev name in the first arg(must be large enough).
*/
-int tap_alloc(char *dev)
+int tap_alloc(char *dev, size_t dev_size)
{
int tap_fd, if_fd, ppa = -1;
static int ip_fd = 0;
syslog (LOG_ERR, "Can't set multiplexor id");
}
- sprintf(dev, "tap%d", ppa);
+ snprintf(dev, dev_size, "tap%d", ppa);
return tap_fd;
}
{
char dev[10]="";
int fd;
- if( (fd = tap_alloc(dev)) < 0 ){
+ if( (fd = tap_alloc(dev, sizeof(dev))) < 0 ){
fprintf(stderr, "Cannot allocate TAP device\n");
return -1;
}
!strcmp(machine->name, "versatileab")) {
type = IF_SCSI;
max_devs = MAX_SCSI_DEVS;
- strcpy(devname, "scsi");
+ pstrcpy(devname, sizeof(devname), "scsi");
} else {
type = IF_IDE;
max_devs = MAX_IDE_DEVS;
- strcpy(devname, "ide");
+ pstrcpy(devname, sizeof(devname), "ide");
}
media = MEDIA_DISK;