crewID/libnfc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix cppcheck warning "scanf without field width limits can crash with huge input data"

Browse source
This commit is contained in:
Philippe Teuwen 2013-03-06 11:42:35 +01:00
parent f0d5896140
commit 658ec4585a
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
libnfc/drivers/acr122_usb.c
View file

@ -372,7 +372,9 @@ acr122_usb_connstring_decode(const nfc_connstring connstring, struct acr122_usb_
driver_name[0] = '\0'; driver_name[0] = '\0';
int res = sscanf(connstring, "%[^:]:%[^:]:%[^:]", driver_name, dirname, filename); char format[32];
snprintf(format, sizeof(format), "%%%i[^:]:%%%i[^:]:%%%i[^:]", n - 1, n - 1, n - 1);
int res = sscanf(connstring, format, driver_name, dirname, filename);
if (!res || ((0 != strcmp(driver_name, ACR122_USB_DRIVER_NAME)) && (0 != strcmp(driver_name, "usb")))) { if (!res || ((0 != strcmp(driver_name, ACR122_USB_DRIVER_NAME)) && (0 != strcmp(driver_name, "usb")))) {
// Driver name does not match. // Driver name does not match.

4
libnfc/drivers/pn53x_usb.c
View file

@ -257,7 +257,9 @@ pn53x_usb_connstring_decode(const nfc_connstring connstring, struct pn53x_usb_de
driver_name[0] = '\0'; driver_name[0] = '\0';
int res = sscanf(connstring, "%[^:]:%[^:]:%[^:]", driver_name, dirname, filename); char format[32];
snprintf(format, sizeof(format), "%%%i[^:]:%%%i[^:]:%%%i[^:]", n - 1, n - 1, n - 1);
int res = sscanf(connstring, format, driver_name, dirname, filename);
if (!res || ((0 != strcmp(driver_name, PN53X_USB_DRIVER_NAME)) && (0 != strcmp(driver_name, "usb")))) { if (!res || ((0 != strcmp(driver_name, PN53X_USB_DRIVER_NAME)) && (0 != strcmp(driver_name, "usb")))) {
// Driver name does not match. // Driver name does not match.