pei/scrcpy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Replace sprintf() with safer snprintf()

Browse Source 
PR #4373 <https://github.com/Genymobile/scrcpy/pull/4373>

Co-authored-by: Romain Vimont <rom@rom1v.com>
Signed-off-by: Romain Vimont <rom@rom1v.com>
This commit is contained in:
Avinash Sonawane
2023-10-24 06:26:40 +05:30
committed by Romain Vimont
parent bc8913e12b
commit ed43d423d9
1 changed files with 32 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
app/src/adb/adb.c
View File

@@ -218,8 +218,16 @@ sc_adb_forward(struct sc_intr *intr, const char *serial, uint16_t local_port,
const char *device_socket_name, unsigned flags) { const char *device_socket_name, unsigned flags) {
char local[4 + 5 + 1]; // tcp:PORT char local[4 + 5 + 1]; // tcp:PORT
char remote[108 + 14 + 1]; // localabstract:NAME char remote[108 + 14 + 1]; // localabstract:NAME
sprintf(local, "tcp:%" PRIu16, local_port);
snprintf(remote, sizeof(remote), "localabstract:%s", device_socket_name); int r = snprintf(local, sizeof(local), "tcp:%" PRIu16, local_port);
assert(r != -1 && (size_t) r < sizeof(local));
r = snprintf(remote, sizeof(remote), "localabstract:%s",
device_socket_name);
if (r == -1 || (size_t) r >= sizeof(remote)) {
LOGE("Device socket name too long");
return false;
}
assert(serial); assert(serial);
const char *const argv[] = const char *const argv[] =
@@ -233,7 +241,9 @@ bool
sc_adb_forward_remove(struct sc_intr *intr, const char *serial, sc_adb_forward_remove(struct sc_intr *intr, const char *serial,
uint16_t local_port, unsigned flags) { uint16_t local_port, unsigned flags) {
char local[4 + 5 + 1]; // tcp:PORT char local[4 + 5 + 1]; // tcp:PORT
sprintf(local, "tcp:%" PRIu16, local_port); int r = snprintf(local, sizeof(local), "tcp:%" PRIu16, local_port);
assert(r != -1 && (size_t) r < sizeof(local));
(void) r;
assert(serial); assert(serial);
const char *const argv[] = const char *const argv[] =
@@ -249,8 +259,16 @@ sc_adb_reverse(struct sc_intr *intr, const char *serial,
unsigned flags) { unsigned flags) {
char local[4 + 5 + 1]; // tcp:PORT char local[4 + 5 + 1]; // tcp:PORT
char remote[108 + 14 + 1]; // localabstract:NAME char remote[108 + 14 + 1]; // localabstract:NAME
sprintf(local, "tcp:%" PRIu16, local_port); int r = snprintf(local, sizeof(local), "tcp:%" PRIu16, local_port);
snprintf(remote, sizeof(remote), "localabstract:%s", device_socket_name); assert(r != -1 && (size_t) r < sizeof(local));
r = snprintf(remote, sizeof(remote), "localabstract:%s",
device_socket_name);
if (r == -1 || (size_t) r >= sizeof(remote)) {
LOGE("Device socket name too long");
return false;
}
assert(serial); assert(serial);
const char *const argv[] = const char *const argv[] =
SC_ADB_COMMAND("-s", serial, "reverse", remote, local); SC_ADB_COMMAND("-s", serial, "reverse", remote, local);
@@ -263,7 +281,12 @@ bool
sc_adb_reverse_remove(struct sc_intr *intr, const char *serial, sc_adb_reverse_remove(struct sc_intr *intr, const char *serial,
const char *device_socket_name, unsigned flags) { const char *device_socket_name, unsigned flags) {
char remote[108 + 14 + 1]; // localabstract:NAME char remote[108 + 14 + 1]; // localabstract:NAME
snprintf(remote, sizeof(remote), "localabstract:%s", device_socket_name); int r = snprintf(remote, sizeof(remote), "localabstract:%s",
device_socket_name);
if (r == -1 || (size_t) r >= sizeof(remote)) {
LOGE("Device socket name too long");
return false;
}
assert(serial); assert(serial);
const char *const argv[] = const char *const argv[] =
@@ -333,7 +356,9 @@ bool
sc_adb_tcpip(struct sc_intr *intr, const char *serial, uint16_t port, sc_adb_tcpip(struct sc_intr *intr, const char *serial, uint16_t port,
unsigned flags) { unsigned flags) {
char port_string[5 + 1]; char port_string[5 + 1];
sprintf(port_string, "%" PRIu16, port); int r = snprintf(port_string, sizeof(port_string), "%" PRIu16, port);
assert(r != -1 && (size_t) r < sizeof(port_string));
(void) r;
assert(serial); assert(serial);
const char *const argv[] = const char *const argv[] =