From 0654183b9a83428a97909724aa49a1e29535bd62 Mon Sep 17 00:00:00 2001
From: Alex Tereschenko <alext.mkrs@gmail.com>
Date: Sat, 13 May 2017 18:08:00 +0200
Subject: [PATCH] stability: replace sprintf with snprintf to avoid potential
 overflows

Signed-off-by: Alex Tereschenko <alext.mkrs@gmail.com>
---
 src/gpio/gpio.c              | 2 +-
 src/iio/iio.c                | 4 ++--
 src/pwm/pwm.c                | 4 ++--
 src/spi/spi.c                | 2 +-
 src/x86/intel_edison_fab_c.c | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/gpio/gpio.c b/src/gpio/gpio.c
index 96feaa1..7803881 100644
--- a/src/gpio/gpio.c
+++ b/src/gpio/gpio.c
@@ -248,7 +248,7 @@ mraa_gpio_interrupt_handler(void* arg)
     } else {
         // open gpio value with open(3)
         char bu[MAX_SIZE];
-        sprintf(bu, SYSFS_CLASS_GPIO "/gpio%d/value", dev->pin);
+        snprintf(bu, MAX_SIZE, SYSFS_CLASS_GPIO "/gpio%d/value", dev->pin);
         fp = open(bu, O_RDONLY);
         if (fp < 0) {
             syslog(LOG_ERR, "gpio%i: interrupt_handler: failed to open 'value' : %s", dev->pin, strerror(errno));
diff --git a/src/iio/iio.c b/src/iio/iio.c
index 9d90b67..9163f4a 100644
--- a/src/iio/iio.c
+++ b/src/iio/iio.c
@@ -355,7 +355,7 @@ mraa_iio_trigger_buffer(mraa_iio_context dev, void (*fptr)(char* data), void* ar
         return MRAA_ERROR_NO_RESOURCES;
     }
 
-    sprintf(bu, IIO_SLASH_DEV "%d", dev->num);
+    snprintf(bu, MAX_SIZE, IIO_SLASH_DEV "%d", dev->num);
     dev->fp = open(bu, O_RDONLY | O_NONBLOCK);
     if (dev->fp == -1) {
         return MRAA_ERROR_INVALID_RESOURCE;
@@ -505,7 +505,7 @@ mraa_iio_event_setup_callback(mraa_iio_context dev, void (*fptr)(struct iio_even
         return MRAA_ERROR_NO_RESOURCES;
     }
 
-    sprintf(bu, IIO_SLASH_DEV "%d", dev->num);
+    snprintf(bu, MAX_SIZE, IIO_SLASH_DEV "%d", dev->num);
     dev->fp = open(bu, O_RDONLY | O_NONBLOCK);
     if (dev->fp == -1) {
         return MRAA_ERROR_INVALID_RESOURCE;
diff --git a/src/pwm/pwm.c b/src/pwm/pwm.c
index 3753fc8..3465c11 100644
--- a/src/pwm/pwm.c
+++ b/src/pwm/pwm.c
@@ -102,8 +102,8 @@ mraa_pwm_write_duty(mraa_pwm_context dev, int duty)
             return MRAA_ERROR_INVALID_RESOURCE;
         }
     }
-    char bu[64];
-    int length = sprintf(bu, "%d", duty);
+    char bu[MAX_SIZE];
+    int length = snprintf(bu, MAX_SIZE, "%d", duty);
     if (write(dev->duty_fp, bu, length * sizeof(char)) == -1)
     {
         syslog(LOG_ERR, "pwm%i write_duty: Failed to write to duty_cycle: %s", dev->pin, strerror(errno));
diff --git a/src/spi/spi.c b/src/spi/spi.c
index a0c21e0..2a1c688 100644
--- a/src/spi/spi.c
+++ b/src/spi/spi.c
@@ -157,7 +157,7 @@ mraa_spi_init_raw(unsigned int bus, unsigned int cs)
     }
 
     char path[MAX_SIZE];
-    sprintf(path, "/dev/spidev%u.%u", bus, cs);
+    snprintf(path, MAX_SIZE, "/dev/spidev%u.%u", bus, cs);
 
     dev->devfd = open(path, O_RDWR);
     if (dev->devfd < 0) {
diff --git a/src/x86/intel_edison_fab_c.c b/src/x86/intel_edison_fab_c.c
index 4962d2d..4f1d298 100644
--- a/src/x86/intel_edison_fab_c.c
+++ b/src/x86/intel_edison_fab_c.c
@@ -140,7 +140,7 @@ mraa_intel_edison_pinmode_change(int sysfs, int mode)
 
     mraa_result_t ret = MRAA_SUCCESS;
     char mode_buf[MAX_MODE_SIZE];
-    int length = sprintf(mode_buf, "%s%u", useDebugFS ? "mode" : "", mode);
+    int length = snprintf(mode_buf, MAX_MODE_SIZE, "%s%u", useDebugFS ? "mode" : "", mode);
     if (write(modef, mode_buf, length * sizeof(char)) == -1) {
         ret = MRAA_ERROR_INVALID_RESOURCE;
     }