From 658ec4585a8d197481860f050e1a3035078c9e85 Mon Sep 17 00:00:00 2001 From: Philippe Teuwen Date: Wed, 6 Mar 2013 11:42:35 +0100 Subject: [PATCH] Fix cppcheck warning "scanf without field width limits can crash with huge input data" --- libnfc/drivers/acr122_usb.c | 4 +++- libnfc/drivers/pn53x_usb.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/libnfc/drivers/acr122_usb.c b/libnfc/drivers/acr122_usb.c index c39cac6..db57d76 100644 --- a/libnfc/drivers/acr122_usb.c +++ b/libnfc/drivers/acr122_usb.c @@ -372,7 +372,9 @@ acr122_usb_connstring_decode(const nfc_connstring connstring, struct acr122_usb_ driver_name[0] = '\0'; - int res = sscanf(connstring, "%[^:]:%[^:]:%[^:]", driver_name, dirname, filename); + char format[32]; + snprintf(format, sizeof(format), "%%%i[^:]:%%%i[^:]:%%%i[^:]", n - 1, n - 1, n - 1); + int res = sscanf(connstring, format, driver_name, dirname, filename); if (!res || ((0 != strcmp(driver_name, ACR122_USB_DRIVER_NAME)) && (0 != strcmp(driver_name, "usb")))) { // Driver name does not match. diff --git a/libnfc/drivers/pn53x_usb.c b/libnfc/drivers/pn53x_usb.c index f440b5a..9f6efc0 100644 --- a/libnfc/drivers/pn53x_usb.c +++ b/libnfc/drivers/pn53x_usb.c @@ -257,7 +257,9 @@ pn53x_usb_connstring_decode(const nfc_connstring connstring, struct pn53x_usb_de driver_name[0] = '\0'; - int res = sscanf(connstring, "%[^:]:%[^:]:%[^:]", driver_name, dirname, filename); + char format[32]; + snprintf(format, sizeof(format), "%%%i[^:]:%%%i[^:]:%%%i[^:]", n - 1, n - 1, n - 1); + int res = sscanf(connstring, format, driver_name, dirname, filename); if (!res || ((0 != strcmp(driver_name, PN53X_USB_DRIVER_NAME)) && (0 != strcmp(driver_name, "usb")))) { // Driver name does not match.