Fix cppcheck warning "scanf without field width limits can crash with huge input data"

Fix following warnings:
[examples/pn53x-tamashell.c:162]: (warning) scanf without field width limits can crash with huge input data
[libnfc/drivers/acr122_pcsc.c:261]: (warning) scanf without field width limits can crash with huge input data
[libnfc/drivers/acr122s.c:441]: (warning) scanf without field width limits can crash with huge input data
[libnfc/drivers/arygon.c:210]: (warning) scanf without field width limits can crash with huge input data
[libnfc/drivers/arygon.c:522]: (warning) scanf without field width limits can crash with huge input data
[libnfc/drivers/pn532_uart.c:187]: (warning) scanf without field width limits can crash with huge input data
[utils/nfc-relay-picc.c:176]: (warning) scanf without field width limits can crash with huge input data
This commit is contained in:
Philippe Teuwen 2013-03-06 00:52:08 +01:00
parent 4769392157
commit d577fda412
6 changed files with 9 additions and 7 deletions

View file

@ -159,7 +159,7 @@ int main(int argc, const char *argv[])
while (isspace(cmd[offset])) { while (isspace(cmd[offset])) {
offset++; offset++;
} }
sscanf(cmd + offset, "%d", &s); sscanf(cmd + offset, "%10d", &s);
printf("Pause for %i msecs\n", s); printf("Pause for %i msecs\n", s);
if (s > 0) { if (s > 0) {
sleep(s * SUSP_TIME); sleep(s * SUSP_TIME);

View file

@ -258,7 +258,7 @@ acr122_pcsc_open(const nfc_context *context, const nfc_connstring connstring)
if (strlen(ndd.pcsc_device_name) < 5) { // We can assume it's a reader ID as pcsc_name always ends with "NN NN" if (strlen(ndd.pcsc_device_name) < 5) { // We can assume it's a reader ID as pcsc_name always ends with "NN NN"
// Device was not specified, only ID, retrieve it // Device was not specified, only ID, retrieve it
size_t index; size_t index;
if (sscanf(ndd.pcsc_device_name, "%lu", &index) != 1) if (sscanf(ndd.pcsc_device_name, "%4lu", &index) != 1)
return NULL; return NULL;
nfc_connstring *ncs = malloc(sizeof(nfc_connstring) * (index + 1)); nfc_connstring *ncs = malloc(sizeof(nfc_connstring) * (index + 1));
if (!ncs) { if (!ncs) {

View file

@ -438,7 +438,7 @@ acr122s_connstring_decode(const nfc_connstring connstring, struct acr122s_descri
return 2; return 2;
} }
unsigned long speed; unsigned long speed;
if (sscanf(speed_s, "%lu", &speed) != 1) { if (sscanf(speed_s, "%10lu", &speed) != 1) {
// speed_s is not a number // speed_s is not a number
free(cs); free(cs);
return 2; return 2;

View file

@ -207,7 +207,7 @@ arygon_connstring_decode(const nfc_connstring connstring, struct arygon_descript
return 2; return 2;
} }
unsigned long speed; unsigned long speed;
if (sscanf(speed_s, "%lu", &speed) != 1) { if (sscanf(speed_s, "%10lu", &speed) != 1) {
// speed_s is not a number // speed_s is not a number
free(cs); free(cs);
return 2; return 2;
@ -519,7 +519,9 @@ arygon_firmware(nfc_device *pnd, char *str)
if (0 == memcmp(abtRx, arygon_error_none, 6)) { if (0 == memcmp(abtRx, arygon_error_none, 6)) {
uint8_t *p = abtRx + 6; uint8_t *p = abtRx + 6;
unsigned int szData; unsigned int szData;
sscanf((const char *)p, "%02x%s", &szData, p); sscanf((const char *)p, "%02x%9s", &szData, p);
if (szData > 9)
szData = 9;
memcpy(str, p, szData); memcpy(str, p, szData);
*(str + szData) = '\0'; *(str + szData) = '\0';
} }

View file

@ -184,7 +184,7 @@ pn532_connstring_decode(const nfc_connstring connstring, struct pn532_uart_descr
return 2; return 2;
} }
unsigned long speed; unsigned long speed;
if (sscanf(speed_s, "%lu", &speed) != 1) { if (sscanf(speed_s, "%10lu", &speed) != 1) {
// speed_s is not a number // speed_s is not a number
free(cs); free(cs);
return 2; return 2;

View file

@ -173,7 +173,7 @@ main(int argc, char *argv[])
printf("INFO: %s\n", "Swapping devices."); printf("INFO: %s\n", "Swapping devices.");
swap_devices = true; swap_devices = true;
} else if (0 == strcmp(argv[arg], "-n")) { } else if (0 == strcmp(argv[arg], "-n")) {
if (++arg == argc || (sscanf(argv[arg], "%i", &waiting_time) < 1)) { if (++arg == argc || (sscanf(argv[arg], "%10i", &waiting_time) < 1)) {
ERR("Missing or wrong waiting time value: %s.", argv[arg]); ERR("Missing or wrong waiting time value: %s.", argv[arg]);
print_usage(argv); print_usage(argv);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);