From 08eeefc718053735cc64b33ca9720649f452b2d4 Mon Sep 17 00:00:00 2001 From: Daniel Verkamp Date: Fri, 13 Oct 2017 14:22:24 -0700 Subject: [PATCH] ut/lvol: remove use of sprintf() sprintf() has no bounds checks, and in this case it is actually overwriting a buffer allocated with spdk_sprintf_alloc(), which isn't guaranteed to be big enough for the name we want to place in it. Rather than trying to rewrite the name in place, just free the old one and allocate a new one. Change-Id: Ia6ea17c2f0c8e4ed4995946356b8a09ba2a02cbf Signed-off-by: Daniel Verkamp Reviewed-on: https://review.gerrithub.io/382507 Tested-by: SPDK Automated Test System Reviewed-by: Dariusz Stojaczyk Reviewed-by: Jim Harris --- test/unit/lib/bdev/vbdev_lvol.c/vbdev_lvol_ut.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/unit/lib/bdev/vbdev_lvol.c/vbdev_lvol_ut.c b/test/unit/lib/bdev/vbdev_lvol.c/vbdev_lvol_ut.c index 31e24dd76..58a9bfeca 100644 --- a/test/unit/lib/bdev/vbdev_lvol.c/vbdev_lvol_ut.c +++ b/test/unit/lib/bdev/vbdev_lvol.c/vbdev_lvol_ut.c @@ -469,7 +469,9 @@ ut_lvol_resize(void) CU_ASSERT(rc != 0); /* Resize with correct bdev name, but wrong lvol name */ - sprintf(g_lvol->name, "wrong name"); + free(g_lvol->name); + g_lvol->name = strdup("wrong name"); + SPDK_CU_ASSERT_FATAL(g_lvol->name != NULL); rc = vbdev_lvol_resize(g_base_bdev->name, 20, vbdev_lvol_resize_complete, NULL); CU_ASSERT(rc != 0);