[dpdk-stable] [dpdk-dev] [PATCH] test/eventdev: fix sprintf with snprintf

Aaron Conole aconole at redhat.com
Tue Mar 12 15:44:56 CET 2019

Previous message: [dpdk-stable] [dpdk-dev] [PATCH] test/eventdev: fix sprintf with snprintf
Next message: [dpdk-stable] [dpdk-dev] [PATCH] test/eventdev: fix sprintf with snprintf
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

"Parthasarathy, JananeeX M" <jananeex.m.parthasarathy at intel.com> writes:

> Hi
>
>>-----Original Message-----
>>From: Parthasarathy, JananeeX M
>>Sent: Tuesday, February 19, 2019 6:33 PM
>>To: Aaron Conole <aconole at redhat.com>; Poornima, PallantlaX
>><pallantlax.poornima at intel.com>
>>Cc: dev at dpdk.org; Pattan, Reshma <reshma.pattan at intel.com>; Rao, Nikhil
>><nikhil.rao at intel.com>; stable at dpdk.org
>>Subject: RE: [dpdk-dev] [PATCH] test/eventdev: fix sprintf with snprintf
>>
>>
>>
>>>-----Original Message-----
>>>From: dev [mailto:dev-bounces at dpdk.org] On Behalf Of Aaron Conole
>>>Sent: Saturday, February 09, 2019 2:50 AM
>>>To: Poornima, PallantlaX <pallantlax.poornima at intel.com>
>>>Cc: dev at dpdk.org; Pattan, Reshma <reshma.pattan at intel.com>; Rao, Nikhil
>>><nikhil.rao at intel.com>; stable at dpdk.org
>>>Subject: Re: [dpdk-dev] [PATCH] test/eventdev: fix sprintf with
>>>snprintf
>>>
>>>Pallantla Poornima <pallantlax.poornima at intel.com> writes:
>>>
>>>> sprintf function is not secure as it doesn't check the length of string.
>>>> More secure function snprintf is used.
>>>>
>>>> Fixes: 2a9c83ae3b ("test/eventdev: add multi-ports test")
>>>> Cc: stable at dpdk.org
>>>>
>>>> Signed-off-by: Pallantla Poornima <pallantlax.poornima at intel.com>
>>>> ---
>>>>  test/test/test_event_eth_rx_adapter.c | 3 ++-
>>>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>>>
>>>> diff --git a/test/test/test_event_eth_rx_adapter.c
>>>> b/test/test/test_event_eth_rx_adapter.c
>>>> index 1d3be82b5..38f5c039f 100644
>>>> --- a/test/test/test_event_eth_rx_adapter.c
>>>> +++ b/test/test/test_event_eth_rx_adapter.c
>>>> @@ -479,7 +479,8 @@ adapter_multi_eth_add_del(void)
>>>>  	/* add the max port for rx_adapter */
>>>>  	port_index = rte_eth_dev_count_total();
>>>>  	for (; port_index < RTE_MAX_ETHPORTS; port_index += 1) {
>>>> -		sprintf(driver_name, "%s%u", "net_null", drv_id);
>>>> +		snprintf(driver_name, sizeof(driver_name), "%s%u", "net_null",
>>>> +				drv_id);
>>>>  		err = rte_vdev_init(driver_name, NULL);
>>>>  		TEST_ASSERT(err == 0, "Failed driver %s got %d",
>>>>  		driver_name, err);
>>>
>>>You call this a fix, but it's not possible for the value of drv_id to
>>>exceed '32' and the buffer size is plenty accommodating for that.  Did
>>>I miss something?  What is this fixing?
>>
>>It is better practice to use snprintf although in this case buffer will not overflow
>>as size is big enough to accommodate. The changes were done mainly to
>>replace sprintf to snprintf. Probably we can remove "fix" line as it is not issue in
>>this scenario.
>>
>>Thanks
>>M.P.Jananee
>
> Please suggest if we can remove "fix" line.

This is a stylistic change, I don't think it's appropriate to call it a
fix, so I think you can remove the "Fixes" line.

On further reflection, I actually think it will still be wrong.  If the
size buffer is ever changed, what will happen on truncation?  We don't
get an overflow any longer, but we still pass an invalid argument, so I
don't think this 'fix' is really even a fix.  It still has a bug -
albeit not one that immediately triggers SSP exception or stack
overflow.

Makes sense?

> Thanks

Previous message: [dpdk-stable] [dpdk-dev] [PATCH] test/eventdev: fix sprintf with snprintf
Next message: [dpdk-stable] [dpdk-dev] [PATCH] test/eventdev: fix sprintf with snprintf
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list