From 580ac72ec28b77d4c496e258801b5fc81fad6e42 Mon Sep 17 00:00:00 2001 From: Martin Pulec Date: Thu, 13 Apr 2023 09:39:17 +0200 Subject: [PATCH] replaced all remaining sprintf witn snprintf using bound checking variants Remained last one instance in utils/text.c, that does the checking by itself and vsnprintf compat using vsprintf, that is not used, anyways. --- src/audio/capture/wasapi.cpp | 4 ++-- src/audio/playback/wasapi.cpp | 4 ++-- src/audio/portaudio_common.c | 4 ++-- src/jack_common.h | 8 ++++---- src/lib_common.cpp | 7 ++++--- src/rtp/net_udp.c | 4 ++-- src/rtsp/BasicRTSPOnlySubsession.cpp | 5 +++-- src/utils/jpeg_reader.c | 4 ++-- src/utils/net.c | 7 ++++--- src/utils/sdp.c | 4 ++-- src/utils/time.c | 6 +++--- src/utils/time.h | 16 ++++++---------- src/video_capture/rtsp.c | 10 ++++------ src/video_capture/switcher.c | 2 +- src/video_display/bluefish444.cpp | 4 ++-- src/video_display/deltacast.cpp | 4 ++-- 16 files changed, 45 insertions(+), 48 deletions(-) diff --git a/src/audio/capture/wasapi.cpp b/src/audio/capture/wasapi.cpp index 9115286c8..71eedd25b 100644 --- a/src/audio/capture/wasapi.cpp +++ b/src/audio/capture/wasapi.cpp @@ -113,8 +113,8 @@ static void audio_cap_wasapi_probe(struct device_info **available_devices, int * THROW_IF_FAILED(pDevice->GetId(&pwszID)); *available_devices = (struct device_info *) realloc(*available_devices, (*dev_count + 1) * sizeof(struct device_info)); memset(&(*available_devices)[*dev_count], 0, sizeof(struct device_info)); - sprintf((*available_devices)[*dev_count].dev, ":%u", i); ///< @todo This may be rather id than index - sprintf((*available_devices)[*dev_count].name, "WASAPI %s", get_name(pDevice).c_str()); + snprintf((*available_devices)[*dev_count].dev, sizeof (*available_devices)[*dev_count].dev, ":%u", i); ///< @todo This may be rather id than index + snprintf((*available_devices)[*dev_count].name, sizeof (*available_devices)[*dev_count].name, "WASAPI %s", get_name(pDevice).c_str()); ++*dev_count; } catch (ug_runtime_error &e) { LOG(LOG_LEVEL_WARNING) << MOD_NAME << "Device " << i << ": " << e.what() << "\n"; diff --git a/src/audio/playback/wasapi.cpp b/src/audio/playback/wasapi.cpp index 0dd3acccc..4e40e533e 100644 --- a/src/audio/playback/wasapi.cpp +++ b/src/audio/playback/wasapi.cpp @@ -134,8 +134,8 @@ static void audio_play_wasapi_probe(struct device_info **available_devices, int THROW_IF_FAILED(pDevice->GetId(&pwszID)); *available_devices = (struct device_info *) realloc(*available_devices, (*dev_count + 1) * sizeof(struct device_info)); memset(&(*available_devices)[*dev_count], 0, sizeof(struct device_info)); - sprintf((*available_devices)[*dev_count].dev, ":%u", i); ///< @todo This may be rather id than index - sprintf((*available_devices)[*dev_count].name, "WASAPI %s", get_name(pDevice).c_str()); + snprintf((*available_devices)[*dev_count].dev, sizeof (*available_devices)[*dev_count].dev, ":%u", i); ///< @todo This may be rather id than index + snprintf((*available_devices)[*dev_count].name, sizeof (*available_devices)[*dev_count].name, "WASAPI %s", get_name(pDevice).c_str()); ++*dev_count; } catch (ug_runtime_error &e) { LOG(LOG_LEVEL_WARNING) << MOD_NAME << "Device " << i << ": " << e.what() << "\n"; diff --git a/src/audio/portaudio_common.c b/src/audio/portaudio_common.c index 72e3e9156..5ba60429d 100644 --- a/src/audio/portaudio_common.c +++ b/src/audio/portaudio_common.c @@ -155,8 +155,8 @@ void audio_portaudio_probe(struct device_info **available_devices, int *count, e numDevices = 0; } *available_devices = calloc(1 + numDevices, sizeof(struct device_info)); - strcpy((*available_devices)[0].dev, ""); - sprintf((*available_devices)[0].name, "Portaudio default %s%s", dir == PORTAUDIO_IN ? "input" : "output", notice); + strncpy((*available_devices)[0].dev, "", sizeof (*available_devices)[0].dev); + snprintf((*available_devices)[0].name, sizeof (*available_devices)[0].name, "Portaudio default %s%s", dir == PORTAUDIO_IN ? "input" : "output", notice); *count = 1; for(int i = 0; i < numDevices; i++) { diff --git a/src/jack_common.h b/src/jack_common.h index e3229db54..f2c59267b 100644 --- a/src/jack_common.h +++ b/src/jack_common.h @@ -235,8 +235,8 @@ static inline struct device_info *audio_jack_probe(const char *client_name, continue; } if(last_name && strcmp(last_name, name) != 0) { - sprintf(available_devices[*count].name, "jack:%s (%d channels)", last_name, channel_count); - sprintf(available_devices[*count].dev, ":\"%s\"", last_name); + snprintf(available_devices[*count].name, sizeof available_devices[*count].name, "jack:%s (%d channels)", last_name, channel_count); + snprintf(available_devices[*count].dev, sizeof available_devices[*count].dev, ":\"%s\"", last_name); channel_count = 0; (*count)++; } @@ -245,8 +245,8 @@ static inline struct device_info *audio_jack_probe(const char *client_name, free(item); } if(last_name) { - sprintf(available_devices[*count].name, "jack:%s (%d channels)", last_name, channel_count); - sprintf(available_devices[*count].dev, ":\"%s\"", last_name); + snprintf(available_devices[*count].name, sizeof available_devices[*count].name, "jack:%s (%d channels)", last_name, channel_count); + snprintf(available_devices[*count].dev, sizeof available_devices[*count].dev, ":\"%s\"", last_name); (*count)++; } free(last_name); diff --git a/src/lib_common.cpp b/src/lib_common.cpp index 207e395b6..455dce243 100644 --- a/src/lib_common.cpp +++ b/src/lib_common.cpp @@ -3,7 +3,7 @@ * @author Martin Pulec */ /* - * Copyright (c) 2012-2022 CESNET, z. s. p. o. + * Copyright (c) 2012-2023 CESNET, z. s. p. o. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -148,8 +148,9 @@ static int running_from_path(char * uv_argv[]) { break; for (size_t i = 0; binarynames[i] != NULL && rval == 0; ++i) { - char * candidate = (char *)calloc(1, strlen(pathelem) + 1 + strlen(binarynames[i]) + 1); - sprintf(candidate, "%s/%s", pathelem, binarynames[i]); + const size_t len = strlen(pathelem) + 1 + strlen(binarynames[i]) + 1; + char * candidate = (char *)calloc(1, len); + snprintf(candidate, len, "%s/%s", pathelem, binarynames[i]); char * real_candidate = realpath(candidate, NULL); if (real_candidate != NULL) { diff --git a/src/rtp/net_udp.c b/src/rtp/net_udp.c index de7babffe..22880ff97 100644 --- a/src/rtp/net_udp.c +++ b/src/rtp/net_udp.c @@ -7,7 +7,7 @@ * Martin Pulec * * Copyright (c) 2005-2010 Fundació i2CAT, Internet I Innovació Digital a Catalunya - * Copyright (c) 2005-2021 CESNET z.s.p.o. + * Copyright (c) 2005-2023 CESNET z.s.p.o. * Copyright (c) 1998-2000 University College London * All rights reserved. * @@ -1409,7 +1409,7 @@ static int resolve_address(socket_udp *s, const char *addr, uint16_t tx_port) hints.ai_socktype = SOCK_DGRAM; char tx_port_str[7]; - sprintf(tx_port_str, "%u", tx_port); + snprintf(tx_port_str, sizeof tx_port_str, "%u", tx_port); if ((err = getaddrinfo(addr, tx_port_str, &hints, &res0)) != 0) { /* We should probably try to do a DNS lookup on the name */ /* here, but I'm trying to get the basics going first... */ diff --git a/src/rtsp/BasicRTSPOnlySubsession.cpp b/src/rtsp/BasicRTSPOnlySubsession.cpp index 3dc0d2ea7..bed3f49cb 100644 --- a/src/rtsp/BasicRTSPOnlySubsession.cpp +++ b/src/rtsp/BasicRTSPOnlySubsession.cpp @@ -4,6 +4,7 @@ * Gerard Castillo * * Copyright (c) 2005-2010 Fundació i2CAT, Internet I Innovació Digital a Catalunya + * Copyright (c) 2014-2023 CESNET, z. s. p. o. * * Redistribution and use in source and binary forms, with or without * modification, is permitted provided that the following conditions @@ -116,7 +117,7 @@ void BasicRTSPOnlySubsession::setSDPLines() { + strlen(rtpmapLine) + strlen(trackId()); char* sdpLines = new char[sdpFmtSize]; - sprintf(sdpLines, sdpFmt, mediaType, // m= + snprintf(sdpLines, sdpFmtSize, sdpFmt, mediaType, // m= rtp_port,//fPortNumForSDP, // m= rtpPayloadType, // m= ipAddressStr.val(), // c= address @@ -160,7 +161,7 @@ void BasicRTSPOnlySubsession::setSDPLines() { + strlen(rtpmapLine) + strlen(trackId()); char* sdpLines = new char[sdpFmtSize]; - sprintf(sdpLines, sdpFmt, + snprintf(sdpLines, sizeof sdpFmtSize, sdpFmt, mediaType, // m= rtp_port_audio,//fPortNumForSDP, // m= rtpPayloadType, // m= diff --git a/src/utils/jpeg_reader.c b/src/utils/jpeg_reader.c index 2ccf0240c..d61c1c497 100644 --- a/src/utils/jpeg_reader.c +++ b/src/utils/jpeg_reader.c @@ -3,7 +3,7 @@ * @author Martin Pulec */ /* - * Copyright (c) 2018 CESNET, z. s. p. o. + * Copyright (c) 2018-2023 CESNET, z. s. p. o. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -256,7 +256,7 @@ static const char* jpeg_marker_name(enum jpeg_marker_code code) default: { static char buffer[255]; - sprintf(buffer, "Unknown (0x%X)", code); + snprintf(buffer, sizeof buffer, "Unknown (0x%X)", code); return buffer; } } diff --git a/src/utils/net.c b/src/utils/net.c index 219449ef9..719276c61 100644 --- a/src/utils/net.c +++ b/src/utils/net.c @@ -3,7 +3,7 @@ * @author Martin Pulec */ /* - * Copyright (c) 2016-2021 CESNET z.s.p.o. + * Copyright (c) 2016-2023 CESNET z.s.p.o. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -426,14 +426,15 @@ void get_sockaddr_addr_str(struct sockaddr *sa, char *buf, size_t n){ const char *get_sockaddr_str(struct sockaddr *sa) { - _Thread_local static char addr[IN6_MAX_ASCII_LEN + 3 /* []: */ + 5 /* port */ + 1 /* \0 */] = ""; + enum { ADDR_LEN = IN6_MAX_ASCII_LEN + 3 /* []: */ + 5 /* port */ + 1 /* \0 */ }; + _Thread_local static char addr[ADDR_LEN] = ""; get_sockaddr_addr_str(sa, addr, sizeof(addr)); unsigned port = get_sockaddr_addr_port(sa); if(port == UINT_MAX) return addr; - sprintf(addr + strlen(addr), ":%u", port); + snprintf(addr + strlen(addr), ADDR_LEN, ":%u", port); return addr; } diff --git a/src/utils/sdp.c b/src/utils/sdp.c index 7fa5ce583..1aeb668b3 100644 --- a/src/utils/sdp.c +++ b/src/utils/sdp.c @@ -4,7 +4,7 @@ * Martin Pulec * * Copyright (c) 2005-2010 Fundació i2CAT, Internet I Innovació Digital a Catalunya - * Copyright (c) 2018-2021 CESNET, z. s. p. o. + * Copyright (c) 2018-2023 CESNET, z. s. p. o. * * Redistribution and use in source and binary forms, with or without * modification, is permitted provided that the following conditions @@ -171,7 +171,7 @@ int sdp_add_audio(struct sdp *sdp, int port, int sample_rate, int channels, audi if (sample_rate == 8000 && channels == 1 && (codec == AC_ALAW || codec == AC_MULAW)) { pt = codec == AC_MULAW ? PT_ITU_T_G711_PCMU : PT_ITU_T_G711_PCMA; } - sprintf(sdp->stream[index].media_info, "m=audio %d RTP/AVP %d\n", port, pt); + snprintf(sdp->stream[index].media_info, sizeof sdp->stream[index].media_info, "m=audio %d RTP/AVP %d\n", port, pt); if (pt == PT_DynRTP_Type97) { // we need rtpmap for our dynamic packet type const char *audio_codec = NULL; int ts_rate = sample_rate; // equals for PCMA/PCMU diff --git a/src/utils/time.c b/src/utils/time.c index 5b3d61356..95d6416d1 100644 --- a/src/utils/time.c +++ b/src/utils/time.c @@ -3,7 +3,7 @@ * @author Martin Pulec */ /* - * Copyright (c) 2019 CESNET, z. s. p. o. + * Copyright (c) 2019-2023 CESNET, z. s. p. o. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -43,7 +43,7 @@ #include "utils/time.h" -void format_time_ms(uint64_t ts, char *buf) { +void format_time_ms(uint64_t ts, char buf[static FORMAT_TIME_MS_BUF_LEN]) { int ms = ts % 1000; ts /= 1000; int s = ts % 60; @@ -52,5 +52,5 @@ void format_time_ms(uint64_t ts, char *buf) { ts /= 60; int h = ts % 100; // 99 max - sprintf(buf, "%02d:%02d:%02d.%03d", h, m, s, ms); + snprintf(buf, FORMAT_TIME_MS_BUF_LEN, "%02d:%02d:%02d.%03d", h, m, s, ms); } diff --git a/src/utils/time.h b/src/utils/time.h index f3bda2c40..023a9632b 100644 --- a/src/utils/time.h +++ b/src/utils/time.h @@ -5,7 +5,7 @@ * Time utility functions */ /* - * Copyright (c) 2019 CESNET, z. s. p. o. + * Copyright (c) 2019-2023 CESNET, z. s. p. o. * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -40,12 +40,12 @@ #ifndef UTILS_TIME_H_ #define UTILS_TIME_H_ -#ifdef __cplusplus -extern "C" { -#endif - #include +enum { + FORMAT_TIME_MS_BUF_LEN = 13 +}; + /** * Formats textual represenation of timestamp (in ms) in format HH:MM:SS.mmm * (mmm is milliseconds). @@ -53,11 +53,7 @@ extern "C" { * @param[in] ts timestamp in ms * @param[out] buf output buffer (must be at least 13 B long) */ -void format_time_ms(uint64_t ts, char *buf); - -#ifdef __cplusplus -} // extern "C" -#endif +void format_time_ms(uint64_t ts, char buf[static FORMAT_TIME_MS_BUF_LEN]); #endif// UTILS_TIME_H_ diff --git a/src/video_capture/rtsp.c b/src/video_capture/rtsp.c index f72f8cb24..048400e61 100644 --- a/src/video_capture/rtsp.c +++ b/src/video_capture/rtsp.c @@ -690,10 +690,8 @@ init_rtsp(struct rtsp_state *s) { verbose_msg(MOD_NAME "request %s\n", VERSION_STR); verbose_msg(MOD_NAME " Project web site: http://code.google.com/p/rtsprequest/\n"); verbose_msg(MOD_NAME " Requires cURL V7.20 or greater\n\n"); - char Atransport[256]; - char Vtransport[256]; - memset(Atransport, 0, 256); - memset(Vtransport, 0, 256); + char Atransport[256] = ""; + char Vtransport[256] = ""; int port = s->vrtsp_state.port; FILE *sdp_file = tmpfile(); if (sdp_file == NULL) { @@ -704,10 +702,10 @@ init_rtsp(struct rtsp_state *s) { } } - sprintf(Vtransport, "RTP/AVP;unicast;client_port=%d-%d", port, port + 1); + snprintf(Vtransport, sizeof Vtransport, "RTP/AVP;unicast;client_port=%d-%d", port, port + 1); //THIS AUDIO PORTS ARE AS DEFAULT UG AUDIO PORTS BUT AREN'T RELATED... - sprintf(Atransport, "RTP/AVP;unicast;client_port=%d-%d", port+2, port + 3); + snprintf(Atransport, sizeof Atransport, "RTP/AVP;unicast;client_port=%d-%d", port+2, port + 3); my_curl_easy_setopt(s->curl, CURLOPT_NOSIGNAL, 1, goto error); //This tells curl not to use any functions that install signal handlers or cause signals to be sent to your process. //my_curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, 1); diff --git a/src/video_capture/switcher.c b/src/video_capture/switcher.c index c603bd4c4..e2a3f1a81 100644 --- a/src/video_capture/switcher.c +++ b/src/video_capture/switcher.c @@ -94,7 +94,7 @@ static void vidcap_switcher_probe(struct device_info **available_cards, int *cou static void vidcap_switcher_register_keyboard_ctl(struct vidcap_switcher_state *s) { for (unsigned int i = 0U; i < MIN(s->devices_cnt, 10); ++i) { struct msg_universal *m = (struct msg_universal *) new_message(sizeof(struct msg_universal)); - sprintf(m->text, "map %d capture.data %d#switch to video input %d", i + 1, i, i + 1); + snprintf(m->text, sizeof m->text, "map %d capture.data %d#switch to video input %d", i + 1, i, i + 1); struct response *r = send_message_sync(get_root_module(&s->mod), "keycontrol", (struct message *) m, 100, SEND_MESSAGE_FLAG_QUIET | SEND_MESSAGE_FLAG_NO_STORE); if (response_get_status(r) != RESPONSE_OK) { log_msg(LOG_LEVEL_ERROR, "Cannot register keyboard control for video switcher (error %d)!\n", response_get_status(r)); diff --git a/src/video_display/bluefish444.cpp b/src/video_display/bluefish444.cpp index ee09ddb60..170078f63 100644 --- a/src/video_display/bluefish444.cpp +++ b/src/video_display/bluefish444.cpp @@ -842,8 +842,8 @@ static void display_bluefish444_probe(struct device_info **available_cards, int *available_cards = (struct device_info *) calloc(iDevices, sizeof(struct device_info)); *count = iDevices; for (int i = 0; i < iDevices; i++) { - sprintf((*available_cards)[i].dev, ":device=%d", iDevices); - sprintf((*available_cards)[i].name, "Bluefish444 card #%d", iDevices); + snprintf((*available_cards)[i].dev, sizeof (*available_cards)[i].dev, ":device=%d", iDevices); + snprintf((*available_cards)[i].name, sizeof (*available_cards)[i].name, "Bluefish444 card #%d", iDevices); } } diff --git a/src/video_display/deltacast.cpp b/src/video_display/deltacast.cpp index c3748e509..cc72d82d8 100644 --- a/src/video_display/deltacast.cpp +++ b/src/video_display/deltacast.cpp @@ -279,8 +279,8 @@ static void display_deltacast_probe(struct device_info **available_cards, int *c *available_cards = (struct device_info *) realloc(*available_cards, *count * sizeof(struct device_info)); memset(*available_cards + *count - 1, 0, sizeof(struct device_info)); - sprintf((*available_cards)[*count - 1].dev, ":device=%d", *count - 1); - sprintf((*available_cards)[*count - 1].dev, "\"embeddedAudioAvailable\":\"t\""); + snprintf((*available_cards)[*count - 1].dev, sizeof (*available_cards)[*count - 1].dev, ":device=%d", *count - 1); + snprintf((*available_cards)[*count - 1].extra, sizeof (*available_cards)[*count - 1].extra, R"("embeddedAudioAvailable":"t")"); (*available_cards)[*count - 1].repeatable = false; if (Result == VHDERR_NOERROR)