Index: branches/cparm/TODO =================================================================== --- branches/cparm/TODO (revision 1985) +++ branches/cparm/TODO (revision 1986) @@ -1,8 +1,6 @@ TODO List for Chameleon Boot Loader ==================================== -- Try to sync our prf() with the apple/mach __doprnt() (in Xnu/osfmk/kern/printf.c) to normalize the formating in our printf, sprintf, etc ..., and facilitate bug fixes (almost done !!) - - split nvidia, gma and ati code into separate modules - move device_inject, MBR (OSX works better on Guid partition theme anyway), winfs, bsdfs, ext2fs, befs, and the command lspci, memory, more and video into modules - Implement a pool allocator, so each module will run and allocate memory in there own pool, de-alloc all allocated memory by the module, Index: branches/cparm/Chameleon.xcodeproj/project.pbxproj =================================================================== --- branches/cparm/Chameleon.xcodeproj/project.pbxproj (revision 1985) +++ branches/cparm/Chameleon.xcodeproj/project.pbxproj (revision 1986) @@ -210,7 +210,6 @@ AB43B2E214C37E520018D529 /* libsa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libsa.h; sourceTree = ""; }; AB43B2E314C37E520018D529 /* Makefile */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.make; path = Makefile; sourceTree = ""; }; AB43B2E414C37E520018D529 /* memory.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = memory.h; sourceTree = ""; }; - AB43B2E514C37E520018D529 /* prf.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = prf.c; sourceTree = ""; }; AB43B2E614C37E520018D529 /* printf.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = printf.c; sourceTree = ""; }; AB43B2E714C37E520018D529 /* qsort.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = qsort.c; sourceTree = ""; }; AB43B2E914C37E520018D529 /* setjmp.s */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; path = setjmp.s; sourceTree = ""; }; @@ -953,7 +952,6 @@ AB43B2E214C37E520018D529 /* libsa.h */, AB43B2E314C37E520018D529 /* Makefile */, AB43B2E414C37E520018D529 /* memory.h */, - AB43B2E514C37E520018D529 /* prf.c */, AB43B2E614C37E520018D529 /* printf.c */, AB43B2E714C37E520018D529 /* qsort.c */, AB43B2E914C37E520018D529 /* setjmp.s */, Index: branches/cparm/CHANGES =================================================================== --- branches/cparm/CHANGES (revision 1985) +++ branches/cparm/CHANGES (revision 1986) @@ -1,3 +1,6 @@ +- security, stability, bugs fixes +- moved __doprnt to the xnu version + - security and stability fixes - Fixed a bug where prf may return a wrong string len (for ex : in the previous versions newStringWithformat("%02x%02x%02x%02x%02x%02x",101,117,104,113,103,100) may not return the entire string) - Fixed a bug in xml.c Index: branches/cparm/i386/libsaio/console.c =================================================================== --- branches/cparm/i386/libsaio/console.c (revision 1985) +++ branches/cparm/i386/libsaio/console.c (revision 1986) @@ -103,6 +103,7 @@ */ void putchar(char c) { + if ( c == '\t' ) { for (c = 0; c < 8; c++) putc(' '); @@ -113,7 +114,7 @@ { putc('\r'); } - + putc(c); } Index: branches/cparm/i386/libsaio/device_tree.c =================================================================== --- branches/cparm/i386/libsaio/device_tree.c (revision 1985) +++ branches/cparm/i386/libsaio/device_tree.c (revision 1986) @@ -74,7 +74,7 @@ { Property *prop; - DPRINTF("DT__AddProperty([Node '%s'], '%s', %d, 0x%x)\n", DT__GetName(node), name, length, value); + DPRINTF("DT__AddProperty([Node '%s'], '%s', %d, %p)\n", DT__GetName(node), name, length, value); if (freeProperties == NULL) { void *buf = malloc(kAllocSize); if (buf == 0) return 0; @@ -110,7 +110,7 @@ node->last_prop = prop; prop->next = 0; - DPRINTF("Done [0x%x]\n", prop); + DPRINTF("Done [%p]\n", prop); DTInfo.numProperties++; DTInfo.totalPropertySize += RoundToLong(length); @@ -142,11 +142,11 @@ node++; } } - DPRINTF("DT__AddChild(0x%x, '%s')\n", parent, name); + DPRINTF("DT__AddChild(%p, '%s')\n", parent, name); node = freeNodes; freeNodes = node->next; - DPRINTF("Got free node 0x%x\n", node); - DPRINTF("prop = 0x%x, children = 0x%x, next = 0x%x\n", node->properties, node->children, node->next); + DPRINTF("Got free node %p\n", node); + DPRINTF("prop = %p, children = %p, next = %p\n", node->properties, node->children, node->next); if (parent == NULL) { rootNode = node; @@ -205,7 +205,7 @@ for (prop = allocedProperties; prop != NULL; prop = prop->next) { if (prop->value) free(prop->value); if (prop->name) free(prop->name); - + } allocedProperties = NULL; freeProperties = NULL; @@ -269,7 +269,7 @@ uint32_t totalSize; void *buf; - DPRINTF("DT__FlattenDeviceTree(0x%x, 0x%x)\n", buffer_p, length); + DPRINTF("DT__FlattenDeviceTree(%p, %u)\n", buffer_p, *length); #if DEBUG if (buffer_p) DT__PrintTree(rootNode); #endif @@ -331,7 +331,7 @@ // Start at root node = rootNode; - DPRINTF("root = 0x%x\n", rootNode); + DPRINTF("root = %p\n", rootNode); while (node) { // Skip leading slash @@ -347,7 +347,7 @@ DPRINTF("Node '%s'\n", nameBuf); for (child = node->children; child != 0; child = child->next) { - DPRINTF("Child 0x%x\n", child); + DPRINTF("Child %p\n", child); if (strcmp(DT__GetName(child), nameBuf) == 0) { break; } Index: branches/cparm/i386/libsaio/hfs.c =================================================================== --- branches/cparm/i386/libsaio/hfs.c (revision 1985) +++ branches/cparm/i386/libsaio/hfs.c (revision 1986) @@ -27,7 +27,7 @@ * DRI: Josh de Cesare */ -#include +#include "sl.h" #include #include "hfs.h" @@ -418,9 +418,9 @@ } #if DEBUG - printf("extent start 0x%x\n", (unsigned long)GetExtentStart(extents, 0)); - printf("block size 0x%x\n", (unsigned long)gBlockSize); - printf("Allocation offset 0x%x\n", (unsigned long)gAllocationOffset); + printf("extent start 0x%lx\n", (unsigned long)GetExtentStart(extents, 0)); + printf("block size 0x%lx\n", (unsigned long)gBlockSize); + printf("Allocation offset 0x%lx\n", (unsigned long)gAllocationOffset); #endif *firstBlock = ((unsigned long long)GetExtentStart(extents, 0) * (unsigned long long) gBlockSize + gAllocationOffset) / 512ULL; return 0; Index: branches/cparm/i386/libsaio/hfs_compare.c =================================================================== --- branches/cparm/i386/libsaio/hfs_compare.c (revision 1985) +++ branches/cparm/i386/libsaio/hfs_compare.c (revision 1986) @@ -27,7 +27,7 @@ * DRI: Josh de Cesare */ -#include +#include "sl.h" #include "hfs_CaseTables.h" #if ! UNCOMPRESSED Index: branches/cparm/i386/libsaio/ufs.c =================================================================== --- branches/cparm/i386/libsaio/ufs.c (revision 1985) +++ branches/cparm/i386/libsaio/ufs.c (revision 1986) @@ -26,7 +26,7 @@ * * DRI: Josh de Cesare */ -#include +#include "sl.h" #include "ufs.h" #include "ufs_byteorder.h" Index: branches/cparm/i386/libsaio/bootXnu.h =================================================================== --- branches/cparm/i386/libsaio/bootXnu.h (revision 1985) +++ branches/cparm/i386/libsaio/bootXnu.h (revision 1986) @@ -91,6 +91,17 @@ typedef struct Boot_Video Boot_Video; +/* Struct describing an image passed in by the booter */ +struct boot_icon_element { + unsigned int width; + unsigned int height; + int y_offset_from_center; + unsigned int data_size; + unsigned int __reserved1[4]; + unsigned char data[0]; +}; +typedef struct boot_icon_element boot_icon_element; + /* Values for v_display */ #define GRAPHICS_MODE 1 @@ -146,44 +157,47 @@ typedef struct boot_args_107 { uint16_t Revision; /* Revision of boot_args structure */ uint16_t Version; /* Version of boot_args structure */ - + uint8_t efiMode; /* 32 = 32-bit, 64 = 64-bit */ uint8_t debugMode; /* Bit field with behavior changes */ uint8_t __reserved1[2]; - + char CommandLine[BOOT_LINE_LENGTH]; /* Passed in command line */ - + uint32_t MemoryMap; /* Physical address of memory map */ uint32_t MemoryMapSize; uint32_t MemoryMapDescriptorSize; uint32_t MemoryMapDescriptorVersion; - + Boot_Video Video; /* Video Information */ - + uint32_t deviceTreeP; /* Physical address of flattened device tree */ uint32_t deviceTreeLength; /* Length of flattened tree */ - + uint32_t kaddr; /* Physical address of beginning of kernel text */ uint32_t ksize; /* Size of combined kernel text+data+efi */ - + uint32_t efiRuntimeServicesPageStart; /* physical address of defragmented runtime pages */ uint32_t efiRuntimeServicesPageCount; uint64_t efiRuntimeServicesVirtualPageStart; /* virtual address of defragmented runtime pages */ - + uint32_t efiSystemTable; /* physical address of system table in runtime area */ uint32_t __reserved2; - + uint32_t performanceDataStart; /* physical address of log */ uint32_t performanceDataSize; - + uint32_t keyStoreDataStart; /* physical address of key store data */ uint32_t keyStoreDataSize; uint64_t bootMemStart; uint64_t bootMemSize; uint64_t PhysicalMemorySize; uint64_t FSBFrequency; - uint32_t __reserved4[734]; - + uint64_t pciConfigSpaceBaseAddress; + uint32_t pciConfigSpaceStartBusNumber; + uint32_t pciConfigSpaceEndBusNumber; + uint32_t __reserved4[730]; + } boot_args_107; typedef struct boot_args_108 { @@ -225,11 +239,12 @@ uint64_t bootMemSize; uint64_t PhysicalMemorySize; uint64_t FSBFrequency; + uint64_t pciConfigSpaceBaseAddress; + uint32_t pciConfigSpaceStartBusNumber; + uint32_t pciConfigSpaceEndBusNumber; + uint32_t __reserved4[730]; - uint32_t __reserved3[4]; - uint32_t __reserved4[730]; - -} boot_args_108; +} boot_args_108; // for now apparently the same package for 10.8 and 10.7 typedef struct boot_args_header { uint16_t Revision; /* Revision of boot_args structure */ @@ -275,7 +290,9 @@ uint64_t bootMemSize; uint64_t PhysicalMemorySize; - uint32_t __reserved[4]; + uint64_t pciConfigSpaceBaseAddress; + uint32_t pciConfigSpaceStartBusNumber; + uint32_t pciConfigSpaceEndBusNumber; } boot_args_10x; typedef struct boot_args_10x boot_args_common; Index: branches/cparm/i386/libsaio/device_inject.c =================================================================== --- branches/cparm/i386/libsaio/device_inject.c (revision 1985) +++ branches/cparm/i386/libsaio/device_inject.c (revision 1986) @@ -182,7 +182,17 @@ } struct DevPropDevice **string_entries_arrey = (struct DevPropDevice **) string->entries; - string->numentries++; + if ((string->numentries+1) < MAX_STRING_NUM_ENTRIES) + { + string->numentries++; + + } + else + { + free(string->entries); + free(device); + return NULL; + } string_entries_arrey[string->numentries-1] = device; @@ -305,7 +315,17 @@ } struct DevPropDevice **string_entries_arrey = (struct DevPropDevice **) string->entries; - string->numentries++; + if ((string->numentries+1) < MAX_STRING_NUM_ENTRIES) + { + string->numentries++; + + } + else + { + free(string->entries); + free(device); + return NULL; + } string_entries_arrey[string->numentries-1] = device; @@ -407,6 +427,10 @@ while(i < string->numentries) { + if (!(ilength), dp_swap16(string_entries_arrey[i]->numentries), string_entries_arrey[i]->WHAT2); @@ -454,9 +478,13 @@ int i; struct DevPropDevice **string_entries_arrey = (struct DevPropDevice **) string->entries; - + for(i = 0; i < string->numentries; i++) { + if (!(idata) @@ -464,11 +492,12 @@ free(string_entries_arrey[i]->data); string_entries_arrey[i]->data = NULL; } - free(string_entries_arrey[i]); - string_entries_arrey[i] = NULL; } } - + + free(string->entries); + string->entries = NULL; + free(string); string = NULL; } \ No newline at end of file Index: branches/cparm/i386/libsaio/load.c =================================================================== --- branches/cparm/i386/libsaio/load.c (revision 1985) +++ branches/cparm/i386/libsaio/load.c (revision 1986) @@ -257,7 +257,7 @@ return 0; } -#if DEBUG +#if 0 printf("segname: %s, vmaddr: %x, vmsize: %x, fileoff: %x, filesize: %x, nsects: %d, flags: %x.\n", segCmd->segname, (unsigned)vmaddr, (unsigned)vmsize, (unsigned)fileaddr, (unsigned)filesize, (unsigned) segCmd->nsects, (unsigned)segCmd->flags); Index: branches/cparm/i386/libsaio/disk.c =================================================================== --- branches/cparm/i386/libsaio/disk.c (revision 1985) +++ branches/cparm/i386/libsaio/disk.c (revision 1986) @@ -310,7 +310,7 @@ } divisor = bps / BPS; - DEBUG_DISK(("Biosread dev %x sec %d bps %d\n", biosdev, secno, bps)); + DEBUG_DISK(("Biosread dev %x sec %llu bps %d\n", biosdev, secno, bps)); // To read the disk sectors, use EBIOS if we can. Otherwise, // revert to the standard BIOS calls. @@ -338,8 +338,8 @@ rc = 0; break; } - printf(" EBIOS read error: %s\n", bios_error(rc), rc); - printf(" Block 0x%x Sectors %d\n", secno, xnsecs); + printf(" EBIOS read error (%d): %s\n", rc, bios_error(rc) ); + printf(" Block 0x%llx Sectors %d\n", secno, xnsecs); sleep(1); } } @@ -380,8 +380,8 @@ rc = 0; break; } - printf(" BIOS read error: %s\n", bios_error(rc), rc); - printf(" Block %d, Cyl %d Head %d Sector %d\n", + printf(" BIOS read error(%d): %s\n", rc, bios_error(rc)); + printf(" Block %llu, Cyl %d Head %d Sector %d\n", secno, cyl, head, sec); sleep(1); } @@ -431,7 +431,7 @@ int error; int copy_len; - DEBUG_DISK(("%s: dev %x block %x [%d] -> 0x%x...", __FUNCTION__, + DEBUG_DISK(("%s: dev %x block %llu [%d] -> 0x%x...", __FUNCTION__, biosdev, blkno, byteCount, (unsigned)cbuf)); for ( ; byteCount; cbuf += copy_len, blkno++ ) @@ -1955,7 +1955,7 @@ if (!bvr) { break; } - printf(" bvr: %d, dev: %d, part: %d, flags: %d, vis: %d\n", bvr, bvr->biosdev, bvr->part_no, bvr->flags, bvr->visible); + printf(" bvr: %p, dev: %d, part: %d, flags: %d, vis: %d\n", bvr, bvr->biosdev, bvr->part_no, bvr->flags, bvr->visible); } printf("count: %d\n", bvCount); getc(); Index: branches/cparm/i386/libsaio/fake_efi.c =================================================================== --- branches/cparm/i386/libsaio/fake_efi.c (revision 1985) +++ branches/cparm/i386/libsaio/fake_efi.c (revision 1986) @@ -696,16 +696,7 @@ kType = get_env(envType); DT__AddProperty(node, SYSTEM_TYPE_PROP, sizeof(uint8_t), &kType); } -#ifdef NO_BOOT_IMG -struct boot_progress_element { - unsigned int width; - unsigned int height; - int yOffset; - unsigned int res[5]; - unsigned char data[0]; -}; -typedef struct boot_progress_element boot_progress_element; -#endif + static VOID setupEfiDeviceTree(void) { Node *node; @@ -748,7 +739,7 @@ ((boot_progress_element *)bootPict)->yOffset = kFailedBootOffset; if (((BVRef)(uint32_t)get_env(envgBootVolume))->OSVersion[3] == '8') { - ((boot_progress_element *)bootPict)->res[0] = size - 32; + ((boot_progress_element *)bootPict)->data_size = size - 32; } bcopy((char *)gFailedBootPict, (char *)(bootPict + 32), size - 32); } Index: branches/cparm/i386/boot2/boot.c =================================================================== --- branches/cparm/i386/boot2/boot.c (revision 1985) +++ branches/cparm/i386/boot2/boot.c (revision 1986) @@ -528,8 +528,8 @@ } #if DEBUG - printf(" Default: %d, ->biosdev: %d, ->part_no: %d ->flags: %d\n", ((BVRef)(uint32_t)get_env(envgBootVolume)), ((BVRef)(uint32_t)get_env(envgBootVolume))->biosdev, ((BVRef)(uint32_t)get_env(envgBootVolume))->part_no, ((BVRef)(uint32_t)get_env(envgBootVolume))->flags); - printf(" bt(0,0): %d, ->biosdev: %d, ->part_no: %d ->flags: %d\n", ((BVRef)(uint32_t)get_env(envgBIOSBootVolume)), ((BVRef)(uint32_t)get_env(envgBIOSBootVolume))->biosdev, ((BVRef)(uint32_t)get_env(envgBIOSBootVolume))->part_no, ((BVRef)(uint32_t)get_env(envgBIOSBootVolume))->flags); + printf(" Default: %p, ->biosdev: %d, ->part_no: %d ->flags: %d\n", ((BVRef)(uint32_t)get_env(envgBootVolume)), ((BVRef)(uint32_t)get_env(envgBootVolume))->biosdev, ((BVRef)(uint32_t)get_env(envgBootVolume))->part_no, ((BVRef)(uint32_t)get_env(envgBootVolume))->flags); + printf(" bt(0,0): %p, ->biosdev: %d, ->part_no: %d ->flags: %d\n", ((BVRef)(uint32_t)get_env(envgBIOSBootVolume)), ((BVRef)(uint32_t)get_env(envgBIOSBootVolume))->biosdev, ((BVRef)(uint32_t)get_env(envgBIOSBootVolume))->part_no, ((BVRef)(uint32_t)get_env(envgBIOSBootVolume))->flags); getc(); #endif Index: branches/cparm/i386/boot2/options.c =================================================================== --- branches/cparm/i386/boot2/options.c (revision 1985) +++ branches/cparm/i386/boot2/options.c (revision 1986) @@ -268,7 +268,9 @@ else putca(' ', 0x07, 40); - printf(" %40s\n", item->name); + char Item[40]; + snprintf(Item, sizeof(Item), item->name); + printf(" %s\n", Item); } //========================================================================== Index: branches/cparm/i386/boot2/Makefile =================================================================== --- branches/cparm/i386/boot2/Makefile (revision 1985) +++ branches/cparm/i386/boot2/Makefile (revision 1986) @@ -71,8 +71,8 @@ CFLAGS += -DSAFE_MALLOC -GFLAGS += -DNO_MULTIBOOT_SUPPORT -#OBJS += mboot.o +#GFLAGS += -DNO_MULTIBOOT_SUPPORT +OBJS += mboot.o # CFLAGS += -DBOOT_HELPER_SUPPORT # +992 bytes Index: branches/cparm/i386/modules/SMBiosGetters/mysmbios.c =================================================================== --- branches/cparm/i386/modules/SMBiosGetters/mysmbios.c (revision 1985) +++ branches/cparm/i386/modules/SMBiosGetters/mysmbios.c (revision 1986) @@ -543,13 +543,13 @@ // Append all charaters to the string char tmp[2]; bzero(tmp,sizeof(tmp)); - sprintf(tmp,"%c",sn_gen_pn_str[rand_sn1]); - strlcpy (str, tmp, sizeof(tmp)+1); + snprintf(tmp, sizeof(tmp),"%c",sn_gen_pn_str[rand_sn1]); + strlcpy (str, tmp, sizeof(str)); - sprintf(tmp,"%c",sn_gen_pn_str[rand_sn2]); + snprintf(tmp, sizeof(tmp),"%c",sn_gen_pn_str[rand_sn2]); strcat (str, tmp); - sprintf(tmp,"%c",sn_gen_pn_str[rand_sn3]); + snprintf(tmp, sizeof(tmp),"%c",sn_gen_pn_str[rand_sn3]); strcat (str, tmp); DBG ("fake_productNumber: %s\n",str); @@ -566,17 +566,17 @@ // Get randomized characters int rand_week ; rand_week = arc4random_unirange(0,47); - + // Append all charaters to the string char tmp[3]; bzero(tmp,sizeof(tmp)); if (rand_week < 10) { - sprintf(tmp,"0%d",rand_week); - strlcpy (str, tmp, sizeof(tmp)+1); + snprintf(tmp, sizeof(tmp),"0%d",rand_week); + strlcpy (str, tmp, sizeof(str)); } else if (rand_week < 100) { // avoid overflow in case random return a number >= 100 - sprintf(tmp,"%d",rand_week); - strlcpy (str, tmp, sizeof(tmp)+1); + snprintf(tmp, sizeof(tmp),"%d",rand_week); + strlcpy (str, tmp, sizeof(str)); } DBG ("fake_week: %s\n",str); @@ -600,8 +600,8 @@ bzero(tmp,sizeof(tmp)); if (rand_year < 10) { - sprintf(tmp,"%d",rand_year); - strlcpy (str, tmp, sizeof(tmp)+1); + snprintf(tmp, sizeof(tmp),"%d",rand_year); + strlcpy (str, tmp, sizeof(str)); } DBG ("fake_year: %s\n",str); Index: branches/cparm/i386/modules/Keymapper/Keymapper.c =================================================================== --- branches/cparm/i386/modules/Keymapper/Keymapper.c (revision 1985) +++ branches/cparm/i386/modules/Keymapper/Keymapper.c (revision 1986) @@ -199,15 +199,18 @@ { int *ret = (int *)arg1; int c = *(int *)ret; - + char *kMatchkey = NULL; + // Check for xml map in the config file if (match_map == NULL) match_map = XMLGetProperty(DEFAULT_BOOT_CONFIG_DICT, (const char*)"KeyboardMap"); if (match_map) { - char *kMatchkey = 0; - sprintf(kMatchkey, "%d",c); + kMatchkey = newStringWithFormat("%d",c); + if (!kMatchkey) { + return; + } TagPtr match_key; if ((match_key = XMLGetProperty(match_map, (const char*)kMatchkey))) { @@ -227,13 +230,13 @@ map_kb_type = "NONE"; // Default to QWERTY } - if (strcmp(map_kb_type, "AZERTY") == 0) + if (map_kb_type && (strcmp(map_kb_type, "AZERTY") == 0)) c = AZERTY_switch(c); out: *ret = c; - + if (kMatchkey) free(kMatchkey); } void Keymapper_start(void); Index: branches/cparm/i386/modules/SMBiosPatcher/smbios_patcher.c =================================================================== --- branches/cparm/i386/modules/SMBiosPatcher/smbios_patcher.c (revision 1985) +++ branches/cparm/i386/modules/SMBiosPatcher/smbios_patcher.c (revision 1986) @@ -313,13 +313,13 @@ // Append all charaters to the string char tmp[2]; bzero(tmp,sizeof(tmp)); - sprintf(tmp,"%c",sn_gen_pn_str[rand_sn1]); - strlcpy (str, tmp, sizeof(tmp)+1); + snprintf(tmp,sizeof(tmp),"%c",sn_gen_pn_str[rand_sn1]); + strlcpy (str, tmp, sizeof(str)); - sprintf(tmp,"%c",sn_gen_pn_str[rand_sn2]); + snprintf(tmp,sizeof(tmp),"%c",sn_gen_pn_str[rand_sn2]); strcat (str, tmp); - sprintf(tmp,"%c",sn_gen_pn_str[rand_sn3]); + snprintf(tmp,sizeof(tmp),"%c",sn_gen_pn_str[rand_sn3]); strcat (str, tmp); DBG ("fake_productNumber: %s\n",str); @@ -336,17 +336,17 @@ // Get randomized characters int rand_week ; rand_week = arc4random_unirange(0,47); - + // Append all charaters to the string char tmp[3]; bzero(tmp,sizeof(tmp)); if (rand_week < 10) { - sprintf(tmp,"0%d",rand_week); - strlcpy (str, tmp, sizeof(tmp)+1); + snprintf(tmp,sizeof(tmp),"0%d",rand_week); + strlcpy (str, tmp, sizeof(str)); } else if (rand_week < 100) { // avoid overflow in case random return a number >= 100 - sprintf(tmp,"%d",rand_week); - strlcpy (str, tmp, sizeof(tmp)+1); + snprintf(tmp,sizeof(tmp),"%d",rand_week); + strlcpy (str, tmp, sizeof(str)); } DBG ("fake_week: %s\n",str); @@ -370,8 +370,8 @@ bzero(tmp,sizeof(tmp)); if (rand_year < 10) { - sprintf(tmp,"%d",rand_year); - strlcpy (str, tmp, sizeof(tmp)+1); + snprintf(tmp,sizeof(tmp),"%d",rand_year); + strlcpy (str, tmp, sizeof(str)); } DBG ("fake_year: %s\n",str); Index: branches/cparm/i386/libsa/printf.c =================================================================== --- branches/cparm/i386/libsa/printf.c (revision 1985) +++ branches/cparm/i386/libsa/printf.c (revision 1986) @@ -119,6 +119,8 @@ { __doprnt(fmt, argp, dummy_putc, putc, radix); } +#endif +#if 1 #define Ctod(c) ((c) - '0') #define MAXBUF (sizeof(long long int) * 8) /* enough for binary */ @@ -651,7 +653,7 @@ return(retval); } -#if 1 +#if 0 /* * Copyright (c) 1999-2003 Apple Computer, Inc. All rights reserved. *