log_xxd_always(): use safer snprintf() instead of sprintf()

coverity: Event secure_coding: [VERY RISKY]. Using "sprintf" can cause a buffer overflow when done incorrectly. Because sprintf() assumes an arbitrarily long string, callers must be careful not to overflow the actual space of the destination. Use snprintf() instead, or correct precision specifiers. git-svn-id: svn:https://anonscm.debian.org/svn/pcsclite/trunk/PCSC@5849 0ce88b0d-b2fd-0310-8134-9614164e65ea
LudovicRousseau · Jul 6, 2011 · 849eb34 · 849eb34
1 parent 80b85d7
commit 849eb34
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/debuglog.c b/src/debuglog.c
@@ -188,7 +188,8 @@ static void log_xxd_always(const int priority, const char *msg,
 
  for (i = 0; (i < len) && (c < debug_buf_end); ++i)
  {
- sprintf(c, "%02X ", buffer[i]);
+ /* 2 hex characters, 1 space, 1 NUL : total 4 characters */
+ snprintf(c, 4, "%02X ", buffer[i]);
  c += 3;
  }