diff options
| author | Michael Kubacki <michael.kubacki@microsoft.com> | 2022-11-09 11:40:10 -0500 |
|---|---|---|
| committer | mergify[bot] <37929162+mergify[bot]@users.noreply.github.com> | 2023-04-03 15:29:08 +0000 |
| commit | dbe820d5fa158f3bb04d2a9b335bf6e0ca0e0bb0 (patch) | |
| tree | ddb73a499da133883db5959353c571c0e4780883 /BaseTools/Source | |
| parent | 4693b325e85c1d7e3529ab2a209405701da6f274 (diff) | |
| download | edk2-dbe820d5fa158f3bb04d2a9b335bf6e0ca0e0bb0.tar.gz edk2-dbe820d5fa158f3bb04d2a9b335bf6e0ca0e0bb0.tar.bz2 edk2-dbe820d5fa158f3bb04d2a9b335bf6e0ca0e0bb0.zip | |
BaseTools/VfrCompile: Fix potential buffer overwrites
While more portable methods exist to handle these cases, this change
does not attempt to do more than fix the immediate problem and
follow the conventions already established in this code.
`snprintf()` is introduced as the minimum improvement apart from
making the buffers larger.
Fixes the following CodeQL alerts:
1. Failure on line 2339 in
BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c
- Type: Potentially overrunning write
- Severity: Critical
- Problem: This 'call to sprintf' operation requires 17 bytes but
the destination is only 16 bytes.
2. Failure on line 2341 in
BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c
- Type: Potentially overrunning write
- Severity: Critical
- Problem: This 'call to sprintf' operation requires 17 bytes but
the destination is only 16 bytes.
3. Failure on line 1309 in
BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c
- Type: Potentially overrunning write
- Severity: Critical
- Problem: This 'call to sprintf' operation requires 25 bytes but
the destination is only 20 bytes.
Cc: Bob Feng <bob.c.feng@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Cc: Michael D Kinney <michael.d.kinney@intel.com>
Cc: Sean Brogan <sean.brogan@microsoft.com>
Cc: Yuwei Chen <yuwei.chen@intel.com>
Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>
Reviewed-by: Michael D Kinney <michael.d.kinney@intel.com>
Reviewed-by: Oliver Smith-Denny <osd@smith-denny.com>
Diffstat (limited to 'BaseTools/Source')
| -rw-r--r-- | BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c | 10 | ||||
| -rw-r--r-- | BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c | 4 |
2 files changed, 7 insertions, 7 deletions
diff --git a/BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c b/BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c index 8e41239f47..33d9cac4c7 100644 --- a/BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c +++ b/BaseTools/Source/C/VfrCompile/Pccts/antlr/gen.c @@ -2331,14 +2331,14 @@ TokNode *p; set_nameErrSet = bufErrSet; /* MR23 */
}
else { /* wild card */
- static char buf[sizeof("zzerr")+10];
- static char bufErrSet[sizeof("zzerr")+10];
+ static char buf[sizeof("zzerr")+11];
+ static char bufErrSet[sizeof("zzerr")+11];
int n = DefErrSet( &b, 0, NULL );
int nErrSet = DefErrSetWithSuffix(0, &bErrSet, 1, NULL, "_set");
- if ( GenCC ) sprintf(buf, "err%d", n);
- else sprintf(buf, "zzerr%d", n);
+ if ( GenCC ) snprintf(buf, 11, "err%d", n);
+ else snprintf(buf, 11, "zzerr%d", n);
if ( GenCC ) sprintf(bufErrSet, "err%d", nErrSet);
- else sprintf(bufErrSet, "zzerr%d", nErrSet);
+ else snprintf(bufErrSet, 11, "zzerr%d", nErrSet);
set_name = buf;
set_nameErrSet = bufErrSet;
}
diff --git a/BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c b/BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c index 051ee4ec5d..488b4b9046 100644 --- a/BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c +++ b/BaseTools/Source/C/VfrCompile/Pccts/antlr/main.c @@ -1295,7 +1295,7 @@ int token; #endif
{
int j;
- static char imag_name[20];
+ static char imag_name[25];
/* look in all lexclasses for the token */
if ( TokenString(token) != NULL ) return TokenString(token);
@@ -1306,7 +1306,7 @@ int token; }
if (1) {
- sprintf(imag_name,"UnknownToken#%d",token); /* MR13 */
+ snprintf(imag_name, 25, "UnknownToken#%d", token); /* MR13 */
return imag_name; /* MR13 */
}
|