From: Mun, Gwan-gyeong Date: Mon, 14 Mar 2016 09:03:20 +0000 (+0900) Subject: Replace vulnerable function 'sprintf' to 'snprintf on coregl_fastpath_egl.c X-Git-Tag: accepted/tizen/ivi/20160315.002852^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F95%2F62095%2F1;p=platform%2Fcore%2Fuifw%2Fcoregl.git Replace vulnerable function 'sprintf' to 'snprintf on coregl_fastpath_egl.c Change-Id: Idabe5f0a01f44ca8e00217d870847966dcd9a8fa --- diff --git a/src/modules/fastpath/coregl_fastpath_egl.c b/src/modules/fastpath/coregl_fastpath_egl.c index ad74335..44a413e 100644 --- a/src/modules/fastpath/coregl_fastpath_egl.c +++ b/src/modules/fastpath/coregl_fastpath_egl.c @@ -840,7 +840,8 @@ fastpath_eglCreateContext(EGLDisplay dpy, EGLConfig config, char ment[256]; add_to_general_trace_list(&glue_ctx_trace_list, newgctx); - sprintf(ment, "eglCreateContext completed (GlueCTX=[%12p])", newgctx); + snprintf(ment, sizeof(ment), "eglCreateContext completed (GlueCTX=[%12p])", + newgctx); _dump_context_info(ment, 1); } #endif // COREGL_FASTPATH_TRACE_CONTEXT_INFO @@ -941,7 +942,8 @@ finish: #ifdef COREGL_FASTPATH_TRACE_CONTEXT_INFO if (unlikely(trace_ctx_flag == 1)) { char ment[256]; - sprintf(ment, "eglDestroyContext completed (GlueCTX=[%12p])", ctx); + snprintf(ment, sizeof(ment), "eglDestroyContext completed (GlueCTX=[%12p])", + ctx); _dump_context_info(ment, 1); } #endif // COREGL_FASTPATH_TRACE_CONTEXT_INFO @@ -1147,7 +1149,7 @@ fastpath_eglMakeCurrent(EGLDisplay dpy, EGLSurface draw, EGLSurface read, } // Check if the object is correct - if (gctx->magic != MAGIC_GLFAST) { + if (gctx && (gctx->magic != MAGIC_GLFAST)) { COREGL_ERR("\E[40;31;1mGlue-CTX Magic Check Failed!!! (Memory broken?)\E[0m\n"); ret = EGL_FALSE; goto finish; @@ -1247,8 +1249,9 @@ finish: #ifdef COREGL_FASTPATH_TRACE_CONTEXT_INFO if (unlikely(trace_ctx_flag == 1)) { char ment[256]; - sprintf(ment, "eglMakeCurrent finished (GlueCTX=[%12p] Surf=[D:%12p R:%12p])", - ctx, draw, read); + snprintf(ment, sizeof(ment), + "eglMakeCurrent finished (GlueCTX=[%12p] Surf=[D:%12p R:%12p])", + ctx, draw, read); _dump_context_info(ment, 0); } #endif // COREGL_FASTPATH_TRACE_CONTEXT_INFO