Use the string copy function having maximum limit

- To prevent from making non-terminated string
- strcpy -> strncpy
- sprintf -> snprintf

Change-Id: I0c01ff4e25bceb943c3ade45f9fa5bacd6c9209b
Signed-off-by: Kichan Kwon <k_c.kwon@samsung.com>

diff --git a/src/common/procfs.c b/src/common/procfs.c
index b734a22..30ab8a2 100644 (file)
--- a/src/common/procfs.c
+++ b/src/common/procfs.c
@@ -200,7 +200,7 @@ int proc_get_mem_status(pid_t pid, unsigned int *vmswap, unsigned int *vmrss)
        _cleanup_fclose_ FILE *fp = NULL;
        unsigned int swap = 0, rss = 0;
 
-       sprintf(filename, "/proc/%d/status", pid);
+       snprintf(filename, PROC_BUF_MAX, "/proc/%d/status", pid);
        fp = fopen(filename, "r");
        if (!fp)
                return RESOURCED_ERROR_FAIL;

diff --git a/src/memory/vmpressure-lowmem-handler.c b/src/memory/vmpressure-lowmem-handler.c
index 440386b..0d4bc5b 100644 (file)
--- a/src/memory/vmpressure-lowmem-handler.c
+++ b/src/memory/vmpressure-lowmem-handler.c
@@ -410,6 +410,7 @@ int clear_logs(void *data)
        char fpath[BUF_MAX];
        char *fname;
        char *dir = (char*)data;
+       char len = strlen(dir);
 
        n = scandir(dir, &namelist, memps_file_select, alphasort);
        _D("num of log files %d", n);
@@ -421,12 +422,14 @@ int clear_logs(void *data)
        }
 
        strncpy(fpath, dir, BUF_MAX);
-       fname = fpath + strlen(dir);
+       fname = fpath + len;
        *fname++ = '/';
 
+       len = BUF_MAX - len - 2;
        for (i = 0; i < n; i++) {
                if (i < NUM_RM_LOGS) {
-                       strcpy(fname, namelist[i]->d_name);
+                       strncpy(fname, namelist[i]->d_name, len);
+                       fpath[BUF_MAX - 1] = '\0';
                        _D("remove log file %s", fpath);
                        ret = remove(fpath);
                        if (ret < 0)