Index: branches/cparm/Chameleon.xcodeproj/project.pbxproj =================================================================== --- branches/cparm/Chameleon.xcodeproj/project.pbxproj (revision 2043) +++ branches/cparm/Chameleon.xcodeproj/project.pbxproj (revision 2044) @@ -9,23 +9,6 @@ /* Begin PBXFileReference section */ AB0E930C14C6223500F798D7 /* cpu_intel_amd.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = cpu_intel_amd.c; sourceTree = ""; }; AB22095D15334C9E00AA9851 /* md5.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = md5.h; sourceTree = ""; }; - AB30EB4615AD7D3E000ACA09 /* acpi_codec.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = acpi_codec.c; sourceTree = ""; }; - AB30EB4715AD7D3E000ACA09 /* acpi_codec.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acpi_codec.h; sourceTree = ""; }; - AB30EB4815AD7D3E000ACA09 /* acpicode.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = acpicode.c; sourceTree = ""; }; - AB30EB4915AD7D3E000ACA09 /* acpicode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acpicode.h; sourceTree = ""; }; - AB30EB4A15AD7D3E000ACA09 /* ACPICodec.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = ACPICodec.c; sourceTree = ""; }; - AB30EB4B15AD7D3E000ACA09 /* acpidecode.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = acpidecode.c; sourceTree = ""; }; - AB30EB4C15AD7D3E000ACA09 /* acpidecode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = acpidecode.h; sourceTree = ""; }; - AB30EB4D15AD7D3E000ACA09 /* Makefile */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.make; path = Makefile; sourceTree = ""; }; - AB30EB4E15AD7DC6000ACA09 /* AcpiAdditions.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AcpiAdditions.h; sourceTree = ""; }; - AB30EB4F15AD7E77000ACA09 /* portable_efi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = portable_efi.h; sourceTree = ""; }; - AB30EB5815AD8399000ACA09 /* Acpi.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Acpi.h; sourceTree = ""; }; - AB30EB5915AD8399000ACA09 /* Acpi10.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Acpi10.h; sourceTree = ""; }; - AB30EB5A15AD8399000ACA09 /* Acpi20.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Acpi20.h; sourceTree = ""; }; - AB30EB5B15AD8399000ACA09 /* Acpi30.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Acpi30.h; sourceTree = ""; }; - AB30EB5C15AD8399000ACA09 /* Acpi40.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Acpi40.h; sourceTree = ""; }; - AB30EB5D15AD8399000ACA09 /* Acpi50.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Acpi50.h; sourceTree = ""; }; - AB30EB5E15AD8399000ACA09 /* AcpiAml.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AcpiAml.h; sourceTree = ""; }; AB42D02115187F2C0078E84A /* background.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = background.png; sourceTree = ""; }; AB42D02215187F2C0078E84A /* boot.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = boot.png; sourceTree = ""; }; AB42D02315187F2C0078E84A /* device_cdrom.png */ = {isa = PBXFileReference; lastKnownFileType = image.png; path = device_cdrom.png; sourceTree = ""; }; @@ -646,38 +629,6 @@ name = Chameleon; sourceTree = ""; }; - AB30EB4515AD7D3E000ACA09 /* ACPICodecV2 */ = { - isa = PBXGroup; - children = ( - AB30EB5715AD8398000ACA09 /* IndustryStandard */, - AB30EB4E15AD7DC6000ACA09 /* AcpiAdditions.h */, - AB30EB4615AD7D3E000ACA09 /* acpi_codec.c */, - AB30EB4715AD7D3E000ACA09 /* acpi_codec.h */, - AB30EB4815AD7D3E000ACA09 /* acpicode.c */, - AB30EB4915AD7D3E000ACA09 /* acpicode.h */, - AB30EB4A15AD7D3E000ACA09 /* ACPICodec.c */, - AB30EB4B15AD7D3E000ACA09 /* acpidecode.c */, - AB30EB4C15AD7D3E000ACA09 /* acpidecode.h */, - AB30EB4D15AD7D3E000ACA09 /* Makefile */, - AB30EB4F15AD7E77000ACA09 /* portable_efi.h */, - ); - path = ACPICodecV2; - sourceTree = ""; - }; - AB30EB5715AD8398000ACA09 /* IndustryStandard */ = { - isa = PBXGroup; - children = ( - AB30EB5815AD8399000ACA09 /* Acpi.h */, - AB30EB5915AD8399000ACA09 /* Acpi10.h */, - AB30EB5A15AD8399000ACA09 /* Acpi20.h */, - AB30EB5B15AD8399000ACA09 /* Acpi30.h */, - AB30EB5C15AD8399000ACA09 /* Acpi40.h */, - AB30EB5D15AD8399000ACA09 /* Acpi50.h */, - AB30EB5E15AD8399000ACA09 /* AcpiAml.h */, - ); - path = IndustryStandard; - sourceTree = ""; - }; AB42D02015187F2C0078E84A /* embed */ = { isa = PBXGroup; children = ( @@ -1127,7 +1078,6 @@ isa = PBXGroup; children = ( AB43B34914C37E520018D529 /* ACPICodec */, - AB30EB4515AD7D3E000ACA09 /* ACPICodecV2 */, AB43B35214C37E520018D529 /* ACPIPatcher */, AB43B35914C37E520018D529 /* CPUfreq */, ABA02704156CE81A00F8E5F3 /* Ext2fs */, Index: branches/cparm/CHANGES =================================================================== --- branches/cparm/CHANGES (revision 2043) +++ branches/cparm/CHANGES (revision 2044) @@ -1,3 +1,4 @@ +- Security fixes - Added beta support for Xcode 4.4 - Added memory info to the nvidia plist structure, so now one can add several cards to the plist and set a customized name and memory info for each cards Index: branches/cparm/i386/libsaio/xml.c =================================================================== --- branches/cparm/i386/libsaio/xml.c (revision 2043) +++ branches/cparm/i386/libsaio/xml.c (revision 2044) @@ -56,7 +56,7 @@ if (!tmp->string) { return -1; } - sprintf(tmp->string, "%s", string); + snprintf(tmp->string, strlen(string)+1,"%s", string); return 0; } tmp = tmp->next; @@ -71,7 +71,7 @@ free(new_ref); return -1; } - sprintf(new_ref->string, "%s", string); + snprintf(new_ref->string, strlen(string)+1,"%s", string); new_ref->id = id; new_ref->next = ref_strings; ref_strings = new_ref; @@ -258,12 +258,12 @@ char *configBuffer; - - configBuffer = malloc(strlen(buffer)+1); + length = strlen(buffer) + 1; + configBuffer = malloc(length); if (!configBuffer) { return -1; } - strcpy(configBuffer, buffer); + strlcpy(configBuffer, buffer, length); buffer_start = configBuffer; @@ -974,7 +974,7 @@ { long refCount; struct Symbol *next; - char string[]; + char *string; }; typedef struct Symbol Symbol, *SymbolPtr; @@ -997,18 +997,26 @@ // Add the new symbol. if (symbol == 0) { + int len; #if USEMALLOC - symbol = (SymbolPtr)malloc(sizeof(Symbol) + 1 + strlen(string)); + symbol = (SymbolPtr)malloc(sizeof(Symbol) ); #else - symbol = (SymbolPtr)AllocateBootXMemory(sizeof(Symbol) + 1 + strlen(string)); + symbol = (SymbolPtr)AllocateBootXMemory(sizeof(Symbol)); #endif if (symbol == 0) { stop("NULL symbol!"); return 0; } + len = strlen(string) + 1; + symbol->string = (char*)malloc(len); + if (symbol->string == 0) { + free(symbol); + stop("NULL symbol->string!"); + return 0; + } // Set the symbol's data. symbol->refCount = 0; - strcpy(symbol->string, string); + strlcpy(symbol->string, string, len); // Add the symbol to the list. symbol->next = gSymbolsHead; @@ -1046,6 +1054,7 @@ else gSymbolsHead = symbol->next; // Free the symbol's memory. + if (symbol->string) free(symbol->string); free(symbol); } #endif Index: branches/cparm/i386/libsaio/exfat.c =================================================================== --- branches/cparm/i386/libsaio/exfat.c (revision 2043) +++ branches/cparm/i386/libsaio/exfat.c (revision 2044) @@ -212,7 +212,7 @@ * Reads the boot sector, does some checking, generates UUID * (like the one you get on Windows???) */ -long EXFATGetUUID(CICell ih, char *uuidStr) +long EXFATGetUUID(CICell ih, char *uuidStr, long strMaxLen) { struct exfatbootfile *boot; void *buf = malloc(MAX_BLOCK_SIZE); @@ -241,7 +241,7 @@ return -1; // Use UUID like the one you get on Windows - sprintf(uuidStr, "%04X-%04X", (unsigned short)(boot->bf_volsn >> 16) & 0xFFFF, + snprintf(uuidStr, strMaxLen,"%04X-%04X", (unsigned short)(boot->bf_volsn >> 16) & 0xFFFF, (unsigned short)boot->bf_volsn & 0xFFFF); DBG("EXFATGetUUID: %x:%x = %s\n", ih->biosdev, ih->part_no, uuidStr); Index: branches/cparm/i386/libsaio/bootstruct.c =================================================================== --- branches/cparm/i386/libsaio/bootstruct.c (revision 2043) +++ branches/cparm/i386/libsaio/bootstruct.c (revision 2044) @@ -95,7 +95,7 @@ if (node == 0) { stop("Couldn't create root node"); } - getPlatformName(platformName); + getPlatformName(platformName, sizeof(platformName)); { int nameLen; Index: branches/cparm/i386/libsaio/exfat.h =================================================================== --- branches/cparm/i386/libsaio/exfat.h (revision 2043) +++ branches/cparm/i386/libsaio/exfat.h (revision 2044) @@ -27,5 +27,5 @@ extern void EXFATGetDescription(CICell ih, char *str, long strMaxLen); extern bool EXFATProbe (const void *buf); -extern long EXFATGetUUID(CICell ih, char *uuidStr); +extern long EXFATGetUUID(CICell ih, char *uuidStr, long strMaxLen); Index: branches/cparm/i386/libsaio/device_tree.c =================================================================== --- branches/cparm/i386/libsaio/device_tree.c (revision 2043) +++ branches/cparm/i386/libsaio/device_tree.c (revision 2044) @@ -239,7 +239,7 @@ for (count = 0, prop = node->properties; prop != 0; count++, prop = prop->next) { flatProp = (DeviceTreeNodeProperty *)buffer; - strcpy(flatProp->name, prop->name); + strlcpy(flatProp->name, prop->name, kPropNameLength); flatProp->length = prop->length; buffer += sizeof(DeviceTreeNodeProperty); bcopy(prop->value, buffer, prop->length); Index: branches/cparm/i386/libsaio/hfs.c =================================================================== --- branches/cparm/i386/libsaio/hfs.c (revision 2043) +++ branches/cparm/i386/libsaio/hfs.c (revision 2044) @@ -303,7 +303,7 @@ return -1; } - getDeviceDescription(ih, devStr); + getDeviceDescription(ih, devStr, sizeof(devStr)); if (get_env(envHFSLoadVerbose)) { verbose("Read HFS%s file: [%s/%s] %d bytes.\n", @@ -426,12 +426,12 @@ return 0; } -long HFSGetUUID(CICell ih, char *uuidStr) +long HFSGetUUID(CICell ih, char *uuidStr , long strMaxLen) { if (HFSInitPartition(ih) == -1) return -1; if (gVolID == 0LL) return -1; - return CreateUUIDString((uint8_t*)(&gVolID), sizeof(gVolID), uuidStr); + return CreateUUIDString((uint8_t*)(&gVolID), sizeof(gVolID), uuidStr, strMaxLen); } // Private Functions @@ -580,8 +580,15 @@ hfsPlusFile = (HFSPlusCatalogFile *)entry; if ((SWAP_BE32(hfsPlusFile->userInfo.fdType) == kHardLinkFileType) && (SWAP_BE32(hfsPlusFile->userInfo.fdCreator) == kHFSPlusCreator)) { - sprintf(gLinkTemp, "%s/%s%ld", HFSPLUSMETADATAFOLDER, + +#ifdef __i386__ + snprintf(gLinkTemp, 64 ,"%s/%s%ld", HFSPLUSMETADATAFOLDER, HFS_INODE_PREFIX, SWAP_BE32(hfsPlusFile->bsdInfo.special.iNodeNum)); +#else + snprintf(gLinkTemp, sizeof(gLinkTemp),"%s/%s%ld", HFSPLUSMETADATAFOLDER, + HFS_INODE_PREFIX, SWAP_BE32(hfsPlusFile->bsdInfo.special.iNodeNum)); +#endif + result = ResolvePathToCatalogEntry(gLinkTemp, flags, entry, kHFSRootFolderID, &tmpDirIndex); } Index: branches/cparm/i386/libsaio/hfs.h =================================================================== --- branches/cparm/i386/libsaio/hfs.h (revision 2043) +++ branches/cparm/i386/libsaio/hfs.h (revision 2044) @@ -28,6 +28,6 @@ FinderInfo * finderInfo, long * infoValid); extern void HFSGetDescription(CICell ih, char *str, long strMaxLen); extern long HFSGetFileBlock(CICell ih, char *str, unsigned long long *firstBlock); -extern long HFSGetUUID(CICell ih, char *uuidStr); +extern long HFSGetUUID(CICell ih, char *uuidStr, long strMaxLen); extern void HFSFree(CICell ih); extern bool HFSProbe (const void *buf); Index: branches/cparm/i386/libsaio/ufs.c =================================================================== --- branches/cparm/i386/libsaio/ufs.c (revision 2043) +++ branches/cparm/i386/libsaio/ufs.c (revision 2044) @@ -180,14 +180,16 @@ #if !BOOT1 -long UFSGetUUID(CICell ih, char *uuidStr) +long UFSGetUUID(CICell ih, char *uuidStr, long strMaxLen) { + (void)strMaxLen; + long long uuid = gUFSLabel.ul_uuid; if (UFSInitPartition(ih) == -1) return -1; if (uuid == 0LL) return -1; - return CreateUUIDString((uint8_t*)(&uuid), sizeof(uuid), uuidStr); + return CreateUUIDString((uint8_t*)(&uuid), sizeof(uuid), uuidStr, strMaxLen); } #endif /* !BOOT1 */ Index: branches/cparm/i386/libsaio/ufs.h =================================================================== --- branches/cparm/i386/libsaio/ufs.h (revision 2043) +++ branches/cparm/i386/libsaio/ufs.h (revision 2044) @@ -28,6 +28,6 @@ FinderInfo * finderInfo, long * infoValid); extern void UFSGetDescription(CICell ih, char *str, long strMaxLen); extern long UFSGetFileBlock(CICell ih, char *str, unsigned long long *firstBlock); -extern long UFSGetUUID(CICell ih, char *uuidStr); +extern long UFSGetUUID(CICell ih, char *uuidStr, long strMaxLen); extern void UFSFree(CICell ih); Index: branches/cparm/i386/libsaio/modules.c =================================================================== --- branches/cparm/i386/libsaio/modules.c (revision 2043) +++ branches/cparm/i386/libsaio/modules.c (revision 2044) @@ -1488,11 +1488,11 @@ if (BundleSet == true) return 0; - gModulesSpec = malloc( 4096 ); - gDriverSpec = malloc( 4096 ); - gFileSpec = malloc( 4096 ); - gTempSpec = malloc( 4096 ); - gFileName = malloc( 4096 ); + gModulesSpec = malloc( DEFAULT_BUNDLE_SPEC_SIZE ); + gDriverSpec = malloc( DEFAULT_BUNDLE_SPEC_SIZE ); + gFileSpec = malloc( DEFAULT_BUNDLE_SPEC_SIZE ); + gTempSpec = malloc( DEFAULT_BUNDLE_SPEC_SIZE ); + gFileName = malloc( DEFAULT_BUNDLE_SPEC_SIZE ); if ( !gModulesSpec || !gDriverSpec || !gFileSpec || !gTempSpec || !gFileName ) goto error; @@ -1516,8 +1516,8 @@ return 1; - strlcpy(gModulesSpec, dirSpec, 4096); - strlcat(gModulesSpec, "Modules", 4096 - 1); + strlcpy(gModulesSpec, dirSpec, DEFAULT_BUNDLE_SPEC_SIZE); + strlcat(gModulesSpec, "Modules", DEFAULT_BUNDLE_SPEC_SIZE); FileLoadBundles(gModulesSpec, 0); @@ -1555,11 +1555,11 @@ if (strcmp(name + length - 7, ".bundle")) continue; // Save the file name. - strlcpy(gFileName, name, 4096); + strlcpy(gFileName, name, DEFAULT_BUNDLE_SPEC_SIZE); DBG("Load Bundles %s\n",gFileName); // Determine the bundle type. - sprintf(gTempSpec, "%s/%s", dirSpec, gFileName); + snprintf(gTempSpec,DEFAULT_BUNDLE_SPEC_SIZE,"%s/%s", dirSpec, gFileName); ret = GetFileInfo(gTempSpec, "Contents", &flags, &time); if (ret == 0) bundleType = kCFBundleType2; else bundleType = kCFBundleType3; @@ -1567,7 +1567,7 @@ DBG("Bundles type = %d\n",bundleType); if (!plugin) - sprintf(gDriverSpec, "%s/%s/%sPlugIns", dirSpec, gFileName, + snprintf(gDriverSpec, DEFAULT_BUNDLE_SPEC_SIZE,"%s/%s/%sPlugIns", dirSpec, gFileName, (bundleType == kCFBundleType2) ? "Contents/" : ""); ret = LoadBundlePList( dirSpec, gFileName, bundleType); @@ -1623,7 +1623,7 @@ do { // Save the driver path. - sprintf(gFileSpec, "%s/%s/%s", dirSpec, name, + snprintf(gFileSpec,DEFAULT_BUNDLE_SPEC_SIZE,"%s/%s/%s", dirSpec, name, (bundleType == kCFBundleType2) ? "Contents/MacOS/" : ""); executablePathLength = strlen(gFileSpec) + 1; @@ -1632,7 +1632,7 @@ strlcpy(tmpExecutablePath, gFileSpec, executablePathLength); - sprintf(gFileSpec, "%s/%s", dirSpec, name); + snprintf(gFileSpec, DEFAULT_BUNDLE_SPEC_SIZE,"%s/%s", dirSpec, name); bundlePathLength = strlen(gFileSpec) + 1; tmpBundlePath = malloc(bundlePathLength); @@ -1643,7 +1643,7 @@ // Construct the file spec to the plist, then load it. - sprintf(gFileSpec, "%s/%s/%sInfo.plist", dirSpec, name, + snprintf(gFileSpec, DEFAULT_BUNDLE_SPEC_SIZE,"%s/%s/%sInfo.plist", dirSpec, name, (bundleType == kCFBundleType2) ? "Contents/" : ""); DBG("Loading Bundle PList %s\n",gFileSpec); @@ -1713,7 +1713,7 @@ if (prop != 0) \ { \ fileName = prop->string; \ -sprintf(gFileSpec, "%s%s", module->executablePath, fileName); \ +snprintf(gFileSpec, DEFAULT_BUNDLE_SPEC_SIZE,"%s%s", module->executablePath, fileName); \ \ module_start = (void*)load_module((char*)fileName,gFileSpec); \ if(!module_start || (*module_start == (void*)0xFFFFFFFF)) \ Index: branches/cparm/i386/libsaio/modules.h =================================================================== --- branches/cparm/i386/libsaio/modules.h (revision 2043) +++ branches/cparm/i386/libsaio/modules.h (revision 2044) @@ -23,6 +23,9 @@ #include #include "efi.h" +#define DEFAULT_BUNDLE_SPEC_SIZE 4096 + + extern unsigned long long textAddress; extern unsigned long long textSection; Index: branches/cparm/i386/libsaio/device_inject.c =================================================================== --- branches/cparm/i386/libsaio/device_inject.c (revision 2043) +++ branches/cparm/i386/libsaio/device_inject.c (revision 2044) @@ -411,7 +411,8 @@ char *devprop_generate_string(struct DevPropString *string) { - char *buffer = (char*)malloc(string->length * 2); + int len = string->length * 2; + char *buffer = (char*)malloc(len); char *ptr = buffer; if(!buffer) @@ -419,9 +420,10 @@ return NULL; } - sprintf(buffer, "%08x%08x%04x%04x", dp_swap32(string->length), string->WHAT2, + snprintf(buffer, len, "%08x%08x%04x%04x", dp_swap32(string->length), string->WHAT2, dp_swap16(string->numentries), string->WHAT3); buffer += 24; + len -= 24; int i = 0, x = 0; struct DevPropDevice **string_entries_arrey = (struct DevPropDevice **) string->entries; @@ -430,39 +432,55 @@ { if (!(ilength), + if (!len) { + break; + } + snprintf(buffer, len, "%08x%04x%04x", dp_swap32(string_entries_arrey[i]->length), dp_swap16(string_entries_arrey[i]->numentries), string_entries_arrey[i]->WHAT2); buffer += 16; - sprintf(buffer, "%02x%02x%04x%08x%08x", string_entries_arrey[i]->acpi_dev_path.type, + len -= 16; + snprintf(buffer, len,"%02x%02x%04x%08x%08x", string_entries_arrey[i]->acpi_dev_path.type, string_entries_arrey[i]->acpi_dev_path.subtype, dp_swap16(string_entries_arrey[i]->acpi_dev_path.length), string_entries_arrey[i]->acpi_dev_path._HID, dp_swap32(string_entries_arrey[i]->acpi_dev_path._UID)); buffer += 24; + len -= 24; for(x=0;x < string_entries_arrey[i]->num_pci_devpaths; x++) { - sprintf(buffer, "%02x%02x%04x%02x%02x", string_entries_arrey[i]->pci_dev_path[x].type, + if (!len) { + break; + } + snprintf(buffer, len,"%02x%02x%04x%02x%02x", string_entries_arrey[i]->pci_dev_path[x].type, string_entries_arrey[i]->pci_dev_path[x].subtype, dp_swap16(string_entries_arrey[i]->pci_dev_path[x].length), string_entries_arrey[i]->pci_dev_path[x].function, string_entries_arrey[i]->pci_dev_path[x].device); buffer += 12; + len -= 12; } - - sprintf(buffer, "%02x%02x%04x", string_entries_arrey[i]->path_end.type, + if (!len) { + break; + } + snprintf(buffer, len,"%02x%02x%04x", string_entries_arrey[i]->path_end.type, string_entries_arrey[i]->path_end.subtype, dp_swap16(string_entries_arrey[i]->path_end.length)); buffer += 8; + len -= 8; uint8_t *dataptr = string_entries_arrey[i]->data; for(x = 0; (uint32_t)x < (string_entries_arrey[i]->length) - (24 + (6 * string_entries_arrey[i]->num_pci_devpaths)) ; x++) { - sprintf(buffer, "%02x", *dataptr++); + if (!len) { + break; + } + snprintf(buffer, len, "%02x", *dataptr++); buffer += 2; + len -= 2; } i++; } @@ -484,7 +502,7 @@ { if (!(ibf_sysid, NTFS_BBID, NTFS_BBIDLEN) != 0 ) { // If not NTFS, maybe it is EXFAT - return EXFATGetUUID(ih, uuidStr); + return EXFATGetUUID(ih, uuidStr, strMaxLen); } // Check for non-null volume serial number @@ -349,7 +349,7 @@ return -1; // Use UUID like the one you get on Windows - sprintf(uuidStr, "%04X-%04X", (unsigned short)(boot->bf_volsn >> 16) & 0xFFFF, + snprintf(uuidStr,strMaxLen, "%04X-%04X", (unsigned short)(boot->bf_volsn >> 16) & 0xFFFF, (unsigned short)boot->bf_volsn & 0xFFFF); return 0; Index: branches/cparm/i386/libsaio/sys.c =================================================================== --- branches/cparm/i386/libsaio/sys.c (revision 2043) +++ branches/cparm/i386/libsaio/sys.c (revision 2044) @@ -224,11 +224,12 @@ } // filesystem-specific getUUID functions call this shared string generator -long CreateUUIDString(uint8_t uubytes[], int nbytes, char *uuidStr) +long CreateUUIDString(uint8_t uubytes[], int nbytes, char *uuidStr, long strMaxLen) { unsigned fmtbase, fmtidx, i; uint8_t uuidfmt[] = { 4, 2, 2, 2, 6 }; char *p = uuidStr; + char *end = p + strMaxLen; MD5_CTX md5c; uint8_t mdresult[16]; @@ -250,6 +251,15 @@ fmtbase = 0; for(fmtidx = 0; fmtidx < sizeof(uuidfmt); fmtidx++) { for(i=0; i < uuidfmt[fmtidx]; i++) { + if (p > end) + { + break; + } + else if (p == end) + { + break; + *p = '\0'; + } uint8_t byte = mdresult[fmtbase+i]; char nib; @@ -582,7 +592,7 @@ 0, 0); } -long GetFSUUID(char *spec, char *uuidStr) +long GetFSUUID(char *spec, char *uuidStr, long strMaxLen) { BVRef bvr; long rval = -1; @@ -592,7 +602,7 @@ return -1; if(bvr->fs_getuuid) - rval = bvr->fs_getuuid(bvr, uuidStr); + rval = bvr->fs_getuuid(bvr, uuidStr, strMaxLen); return rval; } @@ -1099,7 +1109,7 @@ // getDeviceDescription() - Extracts unit number and partition number // from bvr structure into "dw(u,p)" format. // Returns length of the out string -int getDeviceDescription(BVRef bvr, char *str) +int getDeviceDescription(BVRef bvr, char *str, long strMaxLen) { if(!str) return 0; @@ -1114,7 +1124,7 @@ dp--; if (dp->name) - return sprintf(str, "%s(%d,%d)", dp->name, bvr->biosdev - dp->biosdev, bvr->part_no); + return snprintf(str, strMaxLen, "%s(%d,%d)", dp->name, bvr->biosdev - dp->biosdev, bvr->part_no); } return 0; Index: branches/cparm/i386/libsaio/ntfs.h =================================================================== --- branches/cparm/i386/libsaio/ntfs.h (revision 2043) +++ branches/cparm/i386/libsaio/ntfs.h (revision 2044) @@ -22,4 +22,4 @@ extern void NTFSGetDescription(CICell ih, char *str, long strMaxLen); extern bool NTFSProbe (const void *buf); -extern long NTFSGetUUID(CICell ih, char *uuidStr); +extern long NTFSGetUUID(CICell ih, char *uuidStr, long strMaxLen); Index: branches/cparm/i386/libsaio/nbp.c =================================================================== --- branches/cparm/i386/libsaio/nbp.c (revision 2043) +++ branches/cparm/i386/libsaio/nbp.c (revision 2044) @@ -103,7 +103,7 @@ static void NBPGetDescription(CICell ih, char * str, long strMaxLen) { - sprintf( str, "Ethernet PXE Client" ); + snprintf( str, strMaxLen,"Ethernet PXE Client" ); } //========================================================================== Index: branches/cparm/i386/libsaio/disk.c =================================================================== --- branches/cparm/i386/libsaio/disk.c (revision 2043) +++ branches/cparm/i386/libsaio/disk.c (revision 2044) @@ -1413,7 +1413,7 @@ if(isPartitionUsed(gptMap)) { char stringuuid[100]; - efi_guid_unparse_upper((EFI_GUID*)gptMap->ent_type, stringuuid); + efi_guid_unparse_upper((EFI_GUID*)gptMap->ent_type, stringuuid, sizeof(stringuuid)); verbose("Reading GPT partition %d, type %s\n", gptID, stringuuid); // Getting fdisk like partition type. @@ -1604,7 +1604,7 @@ config_file_t systemVersion; char dirSpec[512]; - sprintf(dirSpec, "hd(%d,%d)/System/Library/CoreServices/SystemVersion.plist", BIOS_DEV_UNIT(bvr), bvr->part_no); + snprintf(dirSpec, sizeof(dirSpec),"hd(%d,%d)/System/Library/CoreServices/SystemVersion.plist", BIOS_DEV_UNIT(bvr), bvr->part_no); if (!loadConfigFile(dirSpec, &systemVersion)) { @@ -1612,7 +1612,7 @@ } else { - sprintf(dirSpec, "hd(%d,%d)/System/Library/CoreServices/ServerVersion.plist", BIOS_DEV_UNIT(bvr), bvr->part_no); + snprintf(dirSpec, sizeof(dirSpec),"hd(%d,%d)/System/Library/CoreServices/ServerVersion.plist", BIOS_DEV_UNIT(bvr), bvr->part_no); if (!loadConfigFile(dirSpec, &systemVersion)) { @@ -1621,11 +1621,11 @@ } else { - sprintf(dirSpec, "hd(%d,%d)/OS X Install Data/index.sproduct", BIOS_DEV_UNIT(bvr), bvr->part_no); // 10.8 + snprintf(dirSpec, sizeof(dirSpec),"hd(%d,%d)/OS X Install Data/index.sproduct", BIOS_DEV_UNIT(bvr), bvr->part_no); // 10.8 if (!getOSInstallVersion(dirSpec, str, &systemVersion)) { - sprintf(dirSpec, "hd(%d,%d)/Mac OS X Install Data/index.sproduct", BIOS_DEV_UNIT(bvr), bvr->part_no); // 10.7 + snprintf(dirSpec, sizeof(dirSpec),"hd(%d,%d)/Mac OS X Install Data/index.sproduct", BIOS_DEV_UNIT(bvr), bvr->part_no); // 10.7 if (!getOSInstallVersion(dirSpec, str, &systemVersion)) return false; @@ -1671,14 +1671,14 @@ bvr->kernelfound = true; - sprintf(dirspec,kdirspec[0],BIOS_DEV_UNIT(bvr), bvr->part_no); + snprintf(dirspec,sizeof(dirspec),kdirspec[0],BIOS_DEV_UNIT(bvr), bvr->part_no); ret = GetFileInfo(NULL, dirspec, &flags, &time); if ((ret != 0) || ((flags & kFileTypeMask) != kFileTypeFlat)) { #if UNUSED - sprintf(dirspec,kdirspec[1],BIOS_DEV_UNIT(bvr), bvr->part_no); + snprintf(dirspec,sizeof(dirspec),kdirspec[1],BIOS_DEV_UNIT(bvr), bvr->part_no); ret = GetFileInfo(NULL, dirspec, &flags, &time); @@ -2041,12 +2041,12 @@ return 0; // Try to match hd(x,y) first. - sprintf(testStr, "hd(%d,%d)", BIOS_DEV_UNIT(bvr), bvr->part_no); + snprintf(testStr, sizeof(testStr),"hd(%d,%d)", BIOS_DEV_UNIT(bvr), bvr->part_no); if ( matchLen ? !strncmp(match, testStr, matchLen) : !strcmp(match, testStr) ) return true; // Try to match volume UUID. - if ( bvr->fs_getuuid && bvr->fs_getuuid(bvr, testStr) == 0) + if ( bvr->fs_getuuid && bvr->fs_getuuid(bvr, testStr, sizeof(testStr)) == 0) { if( matchLen ? !strncmp(match, testStr, matchLen) : !strcmp(match, testStr) ) return true; @@ -2127,11 +2127,11 @@ if (useDeviceDescription) { - int len = getDeviceDescription(bvr, str); + int len = getDeviceDescription(bvr, str, strMaxLen); if(len >= strMaxLen) return; - strcpy(str + len, " "); + strlcpy(str + len, " ", strMaxLen); len++; strMaxLen -= len; p += len; @@ -2158,14 +2158,14 @@ name = bvr->type_name; } if (name == NULL) { - sprintf(p, "TYPE %02x", type); + snprintf(p, strMaxLen, "TYPE %02x", type); } else { strncpy(p, name, strMaxLen); } } // Set the devices label - sprintf(bvr->label, p); + snprintf(bvr->label, sizeof(bvr->label), p); } //========================================================================== Index: branches/cparm/i386/libsaio/pci.c =================================================================== --- branches/cparm/i386/libsaio/pci.c (revision 2043) +++ branches/cparm/i386/libsaio/pci.c (revision 2044) @@ -188,15 +188,15 @@ end = current; if (current->parent == root_pci_dev) { - sprintf(tmp, "PciRoot(0x%x)/Pci(0x%x,0x%x)", uid, + snprintf(tmp, sizeof(tmp),"PciRoot(0x%x)/Pci(0x%x,0x%x)", uid, current->dev.bits.dev, current->dev.bits.func); } else { - sprintf(tmp, "/Pci(0x%x,0x%x)", + snprintf(tmp, sizeof(tmp) ,"/Pci(0x%x,0x%x)", current->dev.bits.dev, current->dev.bits.func); } - sprintf(buffer, "%s%s", buffer, tmp); + snprintf(buffer, sizeof(char) * 256,"%s%s", buffer, tmp); } return buffer; } Index: branches/cparm/i386/libsaio/stringTable.c =================================================================== --- branches/cparm/i386/libsaio/stringTable.c (revision 2043) +++ branches/cparm/i386/libsaio/stringTable.c (revision 2044) @@ -117,7 +117,7 @@ if (!buf) { return false; } - sprintf(buf, "\"%s\"", key); + snprintf(buf, len + 3,"\"%s\"", key); len = strlen(buf); while(*tab) { @@ -603,13 +603,15 @@ TagPtr tag; pos = 0; char *configBuffer; - - configBuffer = malloc(strlen(buffer)+1); + + length = strlen(buffer) + 1; + + configBuffer = malloc(length); if (!configBuffer) { return -1; } - strcpy(configBuffer, buffer); + strlcpy(configBuffer, buffer, length ); while (1) { Index: branches/cparm/i386/libsaio/convert.c =================================================================== --- branches/cparm/i386/libsaio/convert.c (revision 2043) +++ branches/cparm/i386/libsaio/convert.c (revision 2044) @@ -13,7 +13,7 @@ static char msg[UUID_STR_LEN] = ""; if (!eUUID) return ""; const unsigned char * uuid = (unsigned char*) eUUID; - sprintf(msg, "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", + snprintf(msg, sizeof(msg), "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", uuid[0], uuid[1], uuid[2], uuid[3], uuid[4], uuid[5], uuid[6], uuid[7], uuid[8], uuid[9], uuid[10],uuid[11], Index: branches/cparm/i386/libsaio/saio_types.h =================================================================== --- branches/cparm/i386/libsaio/saio_types.h (revision 2043) +++ branches/cparm/i386/libsaio/saio_types.h (revision 2044) @@ -221,7 +221,7 @@ typedef long (*FSGetDirEntry)(CICell ih, char * dirPath, long long * dirIndex, char ** name, long * flags, long * time, FinderInfo * finderInfo, long * infoValid); -typedef long (*FSGetUUID)(CICell ih, char *uuidStr); +typedef long (*FSGetUUID)(CICell ih, char *uuidStr, long strMaxLen); typedef void (*BVGetDescription)(CICell ih, char * str, long strMaxLen); // Can be just pointed to free or a special free function typedef void (*BVFree)(CICell ih); Index: branches/cparm/i386/libsaio/msdos.c =================================================================== --- branches/cparm/i386/libsaio/msdos.c (revision 2043) +++ branches/cparm/i386/libsaio/msdos.c (revision 2044) @@ -835,7 +835,7 @@ toread-=msdosclustersize; } - getDeviceDescription(ih, devStr); + getDeviceDescription(ih, devStr, sizeof(devStr)); verbose("Read FAT%d file: [%s/%s] %d bytes.\n", msdosfatbits, devStr, filePath, (uint32_t)( toread<0 ) ? wastoread : wastoread-toread); free (buf); @@ -999,8 +999,10 @@ } long -MSDOSGetUUID(CICell ih, char *uuidStr) +MSDOSGetUUID(CICell ih, char *uuidStr, long strMaxLen) { + (void)strMaxLen; + char *buf = malloc (512); if (!buf) { return -1; @@ -1012,6 +1014,11 @@ free (buf); return -1; } + if (strMaxLen<16) + { + free (buf); + return -1; + } bzero (uuidStr, 16); Seek(ih, 0); Read(ih, (long)buf, 512); Index: branches/cparm/i386/libsaio/fake_efi.c =================================================================== --- branches/cparm/i386/libsaio/fake_efi.c (revision 2043) +++ branches/cparm/i386/libsaio/fake_efi.c (revision 2044) @@ -85,13 +85,13 @@ if (!string) { #if DEBUG_EFI char string_d[37]; - efi_guid_unparse_upper(pGuid, string_d); + efi_guid_unparse_upper(pGuid, string_d, sizeof(string_d)); printf("Couldn't allocate Guid String for %s\n", string_d); #endif return NULL; } - efi_guid_unparse_upper(pGuid, string); + efi_guid_unparse_upper(pGuid, string, 37); return string; } @@ -290,24 +290,24 @@ Guid = gEfiConfigurationTable64[i].VendorGuid; } - char id[5]; + char id[4+1]; bzero(id,sizeof(id)); if (memcmp(&Guid, &gEfiSmbiosTableGuid, sizeof(EFI_GUID)) == 0) { - sprintf(id, "%s", "_SM_"); + snprintf(id, sizeof(id),"%s", "_SM_"); } else if (memcmp(&Guid, &gEfiAcpiTableGuid, sizeof(EFI_GUID)) == 0) { - sprintf(id, "%s", "RSD1"); + snprintf(id,sizeof(id), "%s", "RSD1"); } else if (memcmp(&Guid, &gEfiAcpi20TableGuid, sizeof(EFI_GUID)) == 0) { - sprintf(id, "%s", "RSD2"); + snprintf(id, sizeof(id),"%s", "RSD2"); } #ifndef NO_SMP_SUPPORT else if (memcmp(&Guid, &gEfiMpsTableGuid, sizeof(EFI_GUID)) == 0) { - sprintf(id, "%s", "_MP_"); + snprintf(id, sizeof(id),"%s", "_MP_"); } #endif @@ -918,17 +918,17 @@ if (getValueForKey("SMBIOS", &override_pathname, &len, DEFAULT_BOOT_CONFIG) && len > 0) { // Specify a path to a file, e.g. SMBIOS=/Extra/macProXY.plist - sprintf(dirSpecSMBIOS, override_pathname); + snprintf(dirSpecSMBIOS, sizeof(dirSpecSMBIOS),override_pathname); err = loadConfigFile(dirSpecSMBIOS, DEFAULT_SMBIOS_CONFIG); } else { // Check selected volume's Extra. - sprintf(dirSpecSMBIOS, "/Extra/%s", filename); + snprintf(dirSpecSMBIOS, sizeof(dirSpecSMBIOS),"/Extra/%s", filename); if ((err = loadConfigFile(dirSpecSMBIOS, DEFAULT_SMBIOS_CONFIG))) { // Check booter volume/rdbt Extra. - sprintf(dirSpecSMBIOS, "bt(0,0)/Extra/%s", filename); + snprintf(dirSpecSMBIOS, sizeof(dirSpecSMBIOS),"bt(0,0)/Extra/%s", filename); err = loadConfigFile(dirSpecSMBIOS, DEFAULT_SMBIOS_CONFIG); } } Index: branches/cparm/i386/libsaio/msdos.h =================================================================== --- branches/cparm/i386/libsaio/msdos.h (revision 2043) +++ branches/cparm/i386/libsaio/msdos.h (revision 2044) @@ -28,6 +28,6 @@ char ** name, long * flags, long * time, FinderInfo * finderInfo, long * infoValid); extern long MSDOSGetFileBlock(CICell ih, char *str, unsigned long long *firstBlock); -extern long MSDOSGetUUID(CICell ih, char *uuidStr); +extern long MSDOSGetUUID(CICell ih, char *uuidStr, long strMaxLen); extern void MSDOSFree(CICell ih); extern int MSDOSProbe (const void *buf); Index: branches/cparm/i386/libsaio/misc.c =================================================================== --- branches/cparm/i386/libsaio/misc.c (revision 2043) +++ branches/cparm/i386/libsaio/misc.c (revision 2044) @@ -125,8 +125,8 @@ // #ifndef BOOT1 void -getPlatformName(char *nameBuf) +getPlatformName(char *nameBuf, int size) { - strcpy(nameBuf, "ACPI"); + strlcpy(nameBuf, "ACPI", size); } #endif \ No newline at end of file Index: branches/cparm/i386/libsaio/saio_internal.h =================================================================== --- branches/cparm/i386/libsaio/saio_internal.h (revision 2043) +++ branches/cparm/i386/libsaio/saio_internal.h (revision 2044) @@ -175,7 +175,7 @@ extern void enableA20(void); extern void turnOffFloppy(void); -extern void getPlatformName(char *nameBuf); +extern void getPlatformName(char *nameBuf, int size); #ifdef NBP_SUPPORT /* nbp.c */ @@ -256,8 +256,8 @@ extern long GetFileInfo(const char *dirSpec, const char *name, long *flags, long *time); extern long GetFileBlock(const char *fileSpec, unsigned long long *firstBlock); -extern long GetFSUUID(char *spec, char *uuidStr); -extern long CreateUUIDString(uint8_t uubytes[], int nbytes, char *uuidStr); +extern long GetFSUUID(char *spec, char *uuidStr, long strMaxLen); +extern long CreateUUIDString(uint8_t uubytes[], int nbytes, char *uuidStr, long strMaxLen); extern int openmem(char *buf, int len); extern int open(const char *path); @@ -288,7 +288,7 @@ extern void getBootVolumeDescription(BVRef bvr, char *str, long strMaxLen, bool verbose); extern void setRootVolume(BVRef volume); extern void setBootGlobals(BVRef chain); -extern int getDeviceDescription(BVRef volume, char *str); +extern int getDeviceDescription(BVRef volume, char *str, long strMaxLen); /* rtc.c */ extern void rtc_read_clock(struct tm *time) ; Index: branches/cparm/i386/boot2/graphics.c =================================================================== --- branches/cparm/i386/boot2/graphics.c (revision 2043) +++ branches/cparm/i386/boot2/graphics.c (revision 2044) @@ -151,7 +151,7 @@ //bzero( &vbeInfo, sizeof(vbeInfo) ); bzero( &vbeInfo, sizeof(VBEInfoBlock) ); - strcpy( (char*)&vbeInfo, "VBE2" ); + strlcpy( (char*)&vbeInfo, "VBE2", sizeof(VBEInfoBlock) ); err = getVBEInfo( &vbeInfo ); if ( err != errSuccess ) { Index: branches/cparm/i386/boot2/boot.c =================================================================== --- branches/cparm/i386/boot2/boot.c (revision 2043) +++ branches/cparm/i386/boot2/boot.c (revision 2044) @@ -690,15 +690,15 @@ #ifdef BOOT_HELPER_SUPPORT // Try to load kernel image from alternate locations on boot helper partitions. - sprintf(bootFileSpec, "com.apple.boot.P/%s", bootFile); + snprintf(bootFileSpec, sizeof(bootFileSpec),"com.apple.boot.P/%s", bootFile); ret = GetFileInfo(NULL, bootFileSpec, &flags, &time); if (ret == -1) { - sprintf(bootFileSpec, "com.apple.boot.R/%s", bootFile); + snprintf(bootFileSpec, sizeof(bootFileSpec), "com.apple.boot.R/%s", bootFile); ret = GetFileInfo(NULL, bootFileSpec, &flags, &time); if (ret == -1) { - sprintf(bootFileSpec, "com.apple.boot.S/%s", bootFile); + snprintf(bootFileSpec, sizeof(bootFileSpec), "com.apple.boot.S/%s", bootFile); ret = GetFileInfo(NULL, bootFileSpec, &flags, &time); if (ret == -1) { @@ -827,7 +827,7 @@ { if(((BVRef)(uint32_t)get_env(envgBootVolume))->OSVersion[3] > '6') { - sprintf(gBootKernelCacheFile, "%s", kDefaultCachePath); + snprintf(gBootKernelCacheFile, sizeof(gBootKernelCacheFile), "%s", kDefaultCachePath); } else if(((BVRef)(uint32_t)get_env(envgBootVolume))->OSVersion[3] <= '6') { @@ -888,18 +888,18 @@ int ret = -1; if (Adler32) { - sprintf(gBootKernelCacheFile, "%s.%08lX", "/System/Library/Caches/com.apple.kernelcaches/kernelcache",Adler32); + snprintf(gBootKernelCacheFile, sizeof(gBootKernelCacheFile), "%s.%08lX", "/System/Library/Caches/com.apple.kernelcaches/kernelcache",Adler32); ret = GetFileInfo(NULL, gBootKernelCacheFile, &flags, &cachetime); } if ((ret != 0) || ((flags & kFileTypeMask) != kFileTypeFlat)) { safe_set_env(envAdler32, 0); - sprintf(gBootKernelCacheFile, "%s", "/System/Library/Caches/com.apple.kernelcaches/kernelcache"); + snprintf(gBootKernelCacheFile, sizeof(gBootKernelCacheFile), "%s", "/System/Library/Caches/com.apple.kernelcaches/kernelcache"); } } else if (Adler32) - sprintf(gBootKernelCacheFile, "%s_%s.%08lX", kDefaultCachePath, (get_env(envarchCpuType) == CPU_TYPE_I386) ? "i386" : "x86_64", Adler32); //Snow Leopard + snprintf(gBootKernelCacheFile, sizeof(gBootKernelCacheFile), "%s_%s.%08lX", kDefaultCachePath, (get_env(envarchCpuType) == CPU_TYPE_I386) ? "i386" : "x86_64", Adler32); //Snow Leopard } } @@ -981,7 +981,7 @@ goto out; } - if (((BVRef)(uint32_t)get_env(envgBootVolume))->fs_getuuid && (((BVRef)(uint32_t)get_env(envgBootVolume))->fs_getuuid (((BVRef)(uint32_t)get_env(envgBootVolume)), bootInfo->uuidStr) == 0)) + if (((BVRef)(uint32_t)get_env(envgBootVolume))->fs_getuuid && (((BVRef)(uint32_t)get_env(envgBootVolume))->fs_getuuid (((BVRef)(uint32_t)get_env(envgBootVolume)), bootInfo->uuidStr, sizeof(bootInfo->uuidStr)) == 0)) { verbose("Setting boot-uuid to: %s\n", bootInfo->uuidStr); //uuidSet = true; @@ -1129,9 +1129,9 @@ // bootFile must start with a / if it not start with a device name if (!bootFileWithDevice && (str)[0] != '/') - sprintf(bootFile, "/%s", str); // append a leading / + snprintf(bootFile, sizeof(bootfile), "/%s", str); // append a leading / else - strlcpy(bootFile, bootInfo->bootFile, sizeof(bootInfo->bootFile)); + strlcpy(bootFile, bootInfo->bootFile, sizeof(bootFile)); return bootfile; } Index: branches/cparm/i386/boot2/drivers.c =================================================================== --- branches/cparm/i386/boot2/drivers.c (revision 2043) +++ branches/cparm/i386/boot2/drivers.c (revision 2044) @@ -94,7 +94,7 @@ long LoadDrivers( char * dirSpec ); long DecodeKernel(void *binary, entry_t *rentry, char **raddr, int *rsize); long InitDriverSupport(void); -long FileLoadDrivers(char *dirSpec, long plugin); +long FileLoadDrivers(char *dirSpec, long size,long plugin); long LoadDriverMKext(char *fileSpec); long LoadDriverPList(char *dirSpec, char *name, long bundleType); long LoadMatchedModules(void); @@ -122,11 +122,11 @@ if (DriverSet == true) return 0; - gExtensionsSpec = malloc( 4096 ); - gDriverSpec = malloc( 4096 ); - gFileSpec = malloc( 4096 ); - gTempSpec = malloc( 4096 ); - gFileName = malloc( 4096 ); + gExtensionsSpec = malloc( DEFAULT_DRIVER_SPEC_SIZE ); + gDriverSpec = malloc( DEFAULT_DRIVER_SPEC_SIZE ); + gFileSpec = malloc( DEFAULT_DRIVER_SPEC_SIZE ); + gTempSpec = malloc( DEFAULT_DRIVER_SPEC_SIZE ); + gFileName = malloc( DEFAULT_DRIVER_SPEC_SIZE ); if ( !gExtensionsSpec || !gDriverSpec || !gFileSpec || !gTempSpec || !gFileName ) stop("InitDriverSupport error"); @@ -178,12 +178,12 @@ // First try a specfic OS version folder ie 10.5 - sprintf(dirSpecExtra, "/Extra/%s/", (char*)((BVRef)(uint32_t)get_env(envgBootVolume))->OSVersion); - if (FileLoadDrivers(dirSpecExtra, 0) != 0) + snprintf(dirSpecExtra, sizeof(dirSpecExtra) ,"/Extra/%s/", (char*)((BVRef)(uint32_t)get_env(envgBootVolume))->OSVersion); + if (FileLoadDrivers(dirSpecExtra, DEFAULT_DRIVER_SPEC_SIZE, 0) != 0) { // Next try to load Extra extensions from the selected root partition. strlcpy(dirSpecExtra, "/Extra/", sizeof(dirSpecExtra)); - if (FileLoadDrivers(dirSpecExtra, 0) != 0) + if (FileLoadDrivers(dirSpecExtra, DEFAULT_DRIVER_SPEC_SIZE, 0) != 0) { // If failed, then try to load Extra extensions from the boot partition // in case we have a separate booter partition or a bt(0,0) aliased ramdisk. @@ -191,12 +191,12 @@ if (!((((BVRef)(uint32_t)get_env(envgBIOSBootVolume))->biosdev == ((BVRef)(uint32_t)get_env(envgBootVolume))->biosdev) && (((BVRef)(uint32_t)get_env(envgBIOSBootVolume))->part_no == ((BVRef)(uint32_t)get_env(envgBootVolume))->part_no))) { // First try a specfic OS version folder ie 10.5 - sprintf(dirSpecExtra, "bt(0,0)/Extra/%s/", (char*)((BVRef)(uint32_t)get_env(envgBootVolume))->OSVersion); - if (FileLoadDrivers(dirSpecExtra, 0) != 0) + snprintf(dirSpecExtra, sizeof(dirSpecExtra),"bt(0,0)/Extra/%s/", (char*)((BVRef)(uint32_t)get_env(envgBootVolume))->OSVersion); + if (FileLoadDrivers(dirSpecExtra, DEFAULT_DRIVER_SPEC_SIZE, 0) != 0) { // Next we'll try the base strlcpy(dirSpecExtra, "bt(0,0)/Extra/", sizeof(dirSpecExtra)); - FileLoadDrivers(dirSpecExtra, 0); + FileLoadDrivers(dirSpecExtra, DEFAULT_DRIVER_SPEC_SIZE, 0); } } @@ -212,13 +212,13 @@ if (((BVRef)(uint32_t)get_env(envgBootVolume))->flags & kBVFlagBooter) { strlcpy(dirSpecExtra, "/com.apple.boot.P/System/Library/", sizeof(dirSpecExtra)); - if (FileLoadDrivers(dirSpecExtra, 0) != 0) + if (FileLoadDrivers(dirSpecExtra, DEFAULT_DRIVER_SPEC_SIZE, 0) != 0) { strlcpy(dirSpecExtra, "/com.apple.boot.R/System/Library/", sizeof(dirSpecExtra)); - if (FileLoadDrivers(dirSpecExtra, 0) != 0) + if (FileLoadDrivers(dirSpecExtra, DEFAULT_DRIVER_SPEC_SIZE, 0) != 0) { strlcpy(dirSpecExtra, "/com.apple.boot.S/System/Library/", sizeof(dirSpecExtra)); - FileLoadDrivers(dirSpecExtra, 0); + FileLoadDrivers(dirSpecExtra, DEFAULT_DRIVER_SPEC_SIZE, 0); } } } @@ -235,9 +235,9 @@ } else { - strlcpy(gExtensionsSpec, dirSpec, 4096); - strcat(gExtensionsSpec, "System/Library/"); - FileLoadDrivers(gExtensionsSpec, 0); + strlcpy(gExtensionsSpec, dirSpec, DEFAULT_DRIVER_SPEC_SIZE); + strlcat(gExtensionsSpec, "System/Library/", DEFAULT_DRIVER_SPEC_SIZE); + FileLoadDrivers(gExtensionsSpec, DEFAULT_DRIVER_SPEC_SIZE, 0); } } else @@ -264,7 +264,7 @@ long ret, flags, time, time2; char altDirSpec[512]; - sprintf (altDirSpec, "%s%s", dirSpec, extDirSpec); + snprintf (altDirSpec, sizeof(altDirSpec),"%s%s", dirSpec, extDirSpec); ret = GetFileInfo(altDirSpec, "Extensions.mkext", &flags, &time); if ((ret == 0) && ((flags & kFileTypeMask) == kFileTypeFlat)) { @@ -272,7 +272,7 @@ if ((ret != 0) || ((flags & kFileTypeMask) != kFileTypeDirectory) || (((get_env(envgBootMode) & kBootModeSafe) == 0) && (time == (time2 + 1)))) { - sprintf(gDriverSpec, "%sExtensions.mkext", altDirSpec); + snprintf(gDriverSpec, DEFAULT_DRIVER_SPEC_SIZE,"%sExtensions.mkext", altDirSpec); verbose("LoadDrivers: Loading from [%s]\n", gDriverSpec); if (LoadDriverMKext(gDriverSpec) == 0) return 0; } @@ -284,7 +284,7 @@ // FileLoadDrivers long -FileLoadDrivers( char * dirSpec, long plugin ) +FileLoadDrivers( char * dirSpec, long size, long plugin ) { long ret, length, flags, time, bundleType; long long index; @@ -301,7 +301,7 @@ else if (FileLoadMKext(dirSpec, "") == 0) return 0; - strcat(dirSpec, "Extensions"); + strlcat(dirSpec, "Extensions", size); // here we are clearely in a situation where we'll have to load all drivers as with the option -f, in my experience, sometime it can help to add it explicitly in the bootargs extern void addBootArg(const char * ); @@ -322,16 +322,16 @@ if (strcmp(name + length - 5, ".kext")) continue; // Save the file name. - strlcpy(gFileName, name, 4096); + strlcpy(gFileName, name, DEFAULT_DRIVER_SPEC_SIZE); // Determine the bundle type. - sprintf(gTempSpec, "%s/%s", dirSpec, gFileName); + snprintf(gTempSpec, DEFAULT_DRIVER_SPEC_SIZE,"%s/%s", dirSpec, gFileName); ret = GetFileInfo(gTempSpec, "Contents", &flags, &time); if (ret == 0) bundleType = kCFBundleType2; else bundleType = kCFBundleType3; if (!plugin) - sprintf(gDriverSpec, "%s/%s/%sPlugIns", dirSpec, gFileName, + snprintf(gDriverSpec, DEFAULT_DRIVER_SPEC_SIZE,"%s/%s/%sPlugIns", dirSpec, gFileName, (bundleType == kCFBundleType2) ? "Contents/" : ""); ret = LoadDriverPList(dirSpec, gFileName, bundleType); @@ -340,7 +340,7 @@ result = ret; if (!plugin) - FileLoadDrivers(gDriverSpec, 1); + FileLoadDrivers(gDriverSpec, 0, 1); } return result; @@ -368,7 +368,7 @@ #endif // INTEL modification - sprintf(gDriverSpec, "%s%s.mkext", dirSpec, bootInfo->bootFile); + snprintf(gDriverSpec, DEFAULT_DRIVER_SPEC_SIZE,"%s%s.mkext", dirSpec, bootInfo->bootFile); verbose("NetLoadDrivers: Loading from [%s]\n", gDriverSpec); @@ -422,7 +422,7 @@ memcpy((void *)driversAddr, (void *)package, driversLength); // Add the MKext to the memory map. - sprintf(segName, "DriversPackage-%lx", driversAddr); + snprintf(segName, sizeof(segName),"DriversPackage-%lx", driversAddr); AllocateMemoryRange(segName, driversAddr, driversLength); @@ -446,7 +446,7 @@ do { // Save the driver path. - sprintf(gFileSpec, "%s/%s/%s", dirSpec, name, + snprintf(gFileSpec, DEFAULT_DRIVER_SPEC_SIZE,"%s/%s/%s", dirSpec, name, (bundleType == kCFBundleType2) ? "Contents/MacOS/" : ""); executablePathLength = strlen(gFileSpec) + 1; @@ -455,7 +455,7 @@ strlcpy(tmpExecutablePath, gFileSpec, executablePathLength); - sprintf(gFileSpec, "%s/%s", dirSpec, name); + snprintf(gFileSpec, DEFAULT_DRIVER_SPEC_SIZE,"%s/%s", dirSpec, name); bundlePathLength = strlen(gFileSpec) + 1; tmpBundlePath = malloc(bundlePathLength); @@ -465,7 +465,7 @@ // Construct the file spec to the plist, then load it. - sprintf(gFileSpec, "%s/%s/%sInfo.plist", dirSpec, name, + snprintf(gFileSpec, DEFAULT_DRIVER_SPEC_SIZE,"%s/%s/%sInfo.plist", dirSpec, name, (bundleType == kCFBundleType2) ? "Contents/" : ""); length = LoadFile(gFileSpec); @@ -568,7 +568,7 @@ if (prop != 0) { fileName = prop->string; - sprintf(gFileSpec, "%s%s", module->executablePath, fileName); + snprintf(gFileSpec, DEFAULT_DRIVER_SPEC_SIZE,"%s%s", module->executablePath, fileName); length = LoadThinFatFile(gFileSpec, &executableAddr); if (length == 0) { @@ -619,7 +619,7 @@ strlcpy(driver->bundlePathAddr, module->bundlePath, module->bundlePathLength); // Add an entry to the memory map. - sprintf(segName, "Driver-%lx", (unsigned long)driver); + snprintf(segName, sizeof(segName),"Driver-%lx", (unsigned long)driver); AllocateMemoryRange(segName, driverAddr, driverLength); Index: branches/cparm/i386/boot2/drivers.h =================================================================== --- branches/cparm/i386/boot2/drivers.h (revision 2043) +++ branches/cparm/i386/boot2/drivers.h (revision 2044) @@ -40,6 +40,8 @@ #include "xml.h" #include "modules.h" +#define DEFAULT_DRIVER_SPEC_SIZE 4096 + struct compressed_kernel_header { u_int32_t signature; u_int32_t compress_type; @@ -53,9 +55,21 @@ }; typedef struct compressed_kernel_header compressed_kernel_header; -extern long LoadDrivers(char * dirSpec); +extern long LoadDrivers( char * dirSpec ); extern long DecodeKernel(void *binary, entry_t *rentry, char **raddr, int *rsize); +extern long InitDriverSupport(void); +extern long FileLoadDrivers(char *dirSpec, long size,long plugin); +extern long LoadDriverMKext(char *fileSpec); +extern long LoadDriverPList(char *dirSpec, char *name, long bundleType); +extern long LoadMatchedModules(void); +extern long MatchLibraries(void); +#if UNUSED +extern long MatchPersonalities(void); +#endif +#ifdef NBP_SUPPORT +extern long NetLoadDrivers(char *dirSpec); +#endif -typedef long (*FileLoadDrivers_t)(char *dirSpec, long plugin); +typedef long (*FileLoadDrivers_t)(char *dirSpec, long size, long plugin); #endif /* _BOOT2_DRIVERS_H */ \ No newline at end of file Index: branches/cparm/i386/boot2/options.c =================================================================== --- branches/cparm/i386/boot2/options.c (revision 2043) +++ branches/cparm/i386/boot2/options.c (revision 2044) @@ -181,7 +181,7 @@ if ( (gBootArgsPtr + strlen(argStr) + 1) < gBootArgsEnd) { *gBootArgsPtr++ = ' '; - strcat(gBootArgs, argStr); + strlcat(gBootArgs, argStr, BOOT_STRING_LEN); gBootArgsPtr += strlen(argStr); } } @@ -536,7 +536,7 @@ if(!buff) return 0; char info[] = "BIOS reported memory ranges:\n"; - sprintf(buff, "%s", info); + snprintf(buff, sizeof(char)*1024 ,"%s", info); int memoryMapCount = (int)get_env(envMemoryMapCnt); for (i=0; i= 0) @@ -221,22 +207,22 @@ if ( get_env(envgBootFileType) == kBlockDeviceType ) { verbose("Loading Recovery Extensions\n"); - strcpy(dirSpecExtra, "/Extra/RecoveryExtensions/"); - FileLoadDrivers(dirSpecExtra, 0); + strlcpy(dirSpecExtra, "/Extra/RecoveryExtensions/", sizeof(dirSpecExtra)); + FileLoadDrivers(dirSpecExtra, sizeof(dirSpecExtra), 0); #ifdef BOOT_HELPER_SUPPORT // TODO: fix this, the order does matter, and it's not correct now. // Also try to load Extensions from boot helper partitions. if (((BVRef)(uint32_t)get_env(envgBootVolume))->flags & kBVFlagBooter) { - strcpy(dirSpecExtra, "/com.apple.boot.P/System/Library/"); - if (FileLoadDrivers(dirSpecExtra, 0) != 0) + strlcpy(dirSpecExtra, "/com.apple.boot.P/System/Library/", sizeof(dirSpecExtra)); + if (FileLoadDrivers(dirSpecExtra, sizeof(dirSpecExtra), 0) != 0) { - strcpy(dirSpecExtra, "/com.apple.boot.R/System/Library/"); - if (FileLoadDrivers(dirSpecExtra, 0) != 0) + strlcpy(dirSpecExtra, "/com.apple.boot.R/System/Library/", sizeof(dirSpecExtra)); + if (FileLoadDrivers(dirSpecExtra, sizeof(dirSpecExtra), 0) != 0) { - strcpy(dirSpecExtra, "/com.apple.boot.S/System/Library/"); - FileLoadDrivers(dirSpecExtra, 0); + strlcpy(dirSpecExtra, "/com.apple.boot.S/System/Library/", sizeof(dirSpecExtra)); + FileLoadDrivers(dirSpecExtra, sizeof(dirSpecExtra), 0); } } } @@ -256,9 +242,9 @@ { char * ExtensionsSpec = (char*)(uint32_t)get_env(envDriverExtSpec); - strcpy(ExtensionsSpec, dirSpec); - strcat(ExtensionsSpec, "System/Library/"); - FileLoadDrivers(ExtensionsSpec, 0); + strlcpy(ExtensionsSpec, dirSpec, DEFAULT_DRIVER_SPEC_SIZE); + strlcat(ExtensionsSpec, "System/Library/", DEFAULT_DRIVER_SPEC_SIZE); + FileLoadDrivers(ExtensionsSpec,DEFAULT_DRIVER_SPEC_SIZE, 0); } } else Index: branches/cparm/i386/modules/RamDiskLoader/ramdisk.h =================================================================== --- branches/cparm/i386/modules/RamDiskLoader/ramdisk.h (revision 2043) +++ branches/cparm/i386/modules/RamDiskLoader/ramdisk.h (revision 2044) @@ -32,8 +32,6 @@ extern BVRef gRAMDiskVolume; extern bool gRAMDiskBTAliased; -extern long FileLoadDrivers(char *dirSpec, long plugin); - extern void setRAMDiskBTHook(bool mode); extern int mountRAMDisk(const char * param); extern void processRAMDiskCommand(char ** argPtr, const char * cmd); Index: branches/cparm/i386/modules/RamDiskLoader/RamDiskLoader.c =================================================================== --- branches/cparm/i386/modules/RamDiskLoader/RamDiskLoader.c (revision 2043) +++ branches/cparm/i386/modules/RamDiskLoader/RamDiskLoader.c (revision 2044) @@ -61,22 +61,22 @@ break; case 1: // First try a specfic OS version folder ie 10.5 - sprintf(dirSpecExtra, "rd(0,0)/Extra/%s/", (char*)((BVRef)(uint32_t)get_env(envgBootVolume))->OSVersion); - if (FileLoadDrivers(dirSpecExtra, 0) != 0) + snprintf(dirSpecExtra, sizeof(dirSpecExtra),"rd(0,0)/Extra/%s/", (char*)((BVRef)(uint32_t)get_env(envgBootVolume))->OSVersion); + if (FileLoadDrivers(dirSpecExtra, sizeof(dirSpecExtra),0) != 0) { // Next we'll try the base - strcpy(dirSpecExtra, "rd(0,0)/Extra/"); - FileLoadDrivers(dirSpecExtra, 0); + strlcpy(dirSpecExtra, "rd(0,0)/Extra/",sizeof(dirSpecExtra)); + FileLoadDrivers(dirSpecExtra,sizeof(dirSpecExtra), 0); } break; case 2: // First try a specfic OS version folder ie 10.5 - sprintf(dirSpecExtra, "bt(0,0)/Extra/%s/", (char*)((BVRef)(uint32_t)get_env(envgBootVolume))->OSVersion); - if (FileLoadDrivers(dirSpecExtra, 0) != 0) + snprintf(dirSpecExtra, sizeof(dirSpecExtra),"bt(0,0)/Extra/%s/", (char*)((BVRef)(uint32_t)get_env(envgBootVolume))->OSVersion); + if (FileLoadDrivers(dirSpecExtra,sizeof(dirSpecExtra), 0) != 0) { // Next we'll try the base - strcpy(dirSpecExtra, "bt(0,0)/Extra/"); - FileLoadDrivers(dirSpecExtra, 0); + strlcpy(dirSpecExtra, "bt(0,0)/Extra/",sizeof(dirSpecExtra)); + FileLoadDrivers(dirSpecExtra,sizeof(dirSpecExtra), 0); } break; default: Index: branches/cparm/i386/modules/RamDiskLoader/ramdisk.c =================================================================== --- branches/cparm/i386/modules/RamDiskLoader/ramdisk.c (revision 2043) +++ branches/cparm/i386/modules/RamDiskLoader/ramdisk.c (revision 2044) @@ -44,22 +44,22 @@ DEFAULT_BOOT_CONFIG)) { // Use user specified md0 file - sprintf(filename, "%s", override_filename); + snprintf(filename, sizeof(filename) ,"%s", override_filename); fh = open(filename); if(fh < 0) { - sprintf(filename, "bt(0,0)/Extra/%s", override_filename); + snprintf(filename, sizeof(filename) ,"bt(0,0)/Extra/%s", override_filename); fh = open(filename); if(fh < 0) { - sprintf(filename, "rd(0,0)/Extra/%s", override_filename); + snprintf(filename, sizeof(filename) ,"rd(0,0)/Extra/%s", override_filename); fh = open(filename); if(fh < 0) { - sprintf(filename, "/Extra/%s", override_filename); + snprintf(filename, sizeof(filename) ,"/Extra/%s", override_filename); fh = open(filename); } } @@ -68,17 +68,17 @@ if(fh < 0) { - sprintf(filename, "bt(0,0)/Extra/Postboot.img"); + snprintf(filename, sizeof(filename) ,"bt(0,0)/Extra/Postboot.img"); fh = open(filename); if(fh < 0) { - sprintf(filename, "rd(0,0)/Extra/Postboot.img"); + snprintf(filename, sizeof(filename) ,"rd(0,0)/Extra/Postboot.img"); fh = open(filename); if(fh < 0) { - sprintf(filename, "/Extra/Postboot.img"); // Check /Extra if not in rd(0,0) + snprintf(filename, sizeof(filename) ,"/Extra/Postboot.img"); // Check /Extra if not in rd(0,0) fh = open(filename); } } @@ -182,7 +182,7 @@ if (error == 0) { // Save filename in gRAMDiskFile to display information. - strcpy(gRAMDiskFile, param); + strlcpy(gRAMDiskFile, param, sizeof(gRAMDiskFile)); // Set gRAMDiskMI as well for the multiboot ramdisk driver hook. gRAMDiskMI = malloc(sizeof(multiboot_info)); @@ -219,7 +219,7 @@ char dirSpec[128]; // Reading ramdisk configuration. - strcpy(dirSpec, RAMDISKCONFIG_FILENAME); + strlcpy(dirSpec, RAMDISKCONFIG_FILENAME, sizeof(dirSpec)); if (loadConfigFile(dirSpec, &ramdiskConfig) == 0) { @@ -406,7 +406,7 @@ } for(; ramdiskChain != NULL; ramdiskChain = ramdiskChain->next) { - sprintf(extensionsSpec, "rd(%d,%d)/Extra/", ramdiskUnit, ramdiskChain->part_no); + snprintf(extensionsSpec, sizeof(extensionsSpec) ,"rd(%d,%d)/Extra/", ramdiskUnit, ramdiskChain->part_no); ret = GetFileInfo(NULL, extensionsSpec, &flags, &cachetime); @@ -414,7 +414,7 @@ if (((flags & kFileTypeMask) != kFileTypeDirectory)) continue; - ret = FileLoadDrivers_p(extensionsSpec, 0 /* this is a kext root dir, not a kext with plugins */); + ret = FileLoadDrivers_p(extensionsSpec, sizeof(extensionsSpec), 0 /* this is a kext root dir, not a kext with plugins */); if(ret != 0) { verbose("FileLoadDrivers failed on a ramdisk\n"); Index: branches/cparm/i386/modules/KextPatcher/kext_patcher.c =================================================================== --- branches/cparm/i386/modules/KextPatcher/kext_patcher.c (revision 2043) +++ branches/cparm/i386/modules/KextPatcher/kext_patcher.c (revision 2044) @@ -478,7 +478,7 @@ char* new_str = malloc(strlen("0xXXXX000&0xFFFE0000")+1); - sprintf(new_str, "0x04030000&0xFFFE0000"); // todo, pass in actual class id + snprintf(new_str, strlen("0xXXXX000&0xFFFE0000")+1,"0x04030000&0xFFFE0000"); // todo, pass in actual class id char* orig_string = "0x04020000&0xFFFE0000"; //XMLCastString(match_class); @@ -633,7 +633,7 @@ char* new_str = malloc(strlen("pci14e4,xxxx")+1); - sprintf(new_str, "pci14e4,%02x", patch_bcm_deviceid); + snprintf(new_str, strlen("pci14e4,xxxx")+1,"pci14e4,%02x", patch_bcm_deviceid); // Check to see if we *really* need to modify the plist, if not, return false // so that *if* this were going ot be the only modified kext, the repacking code @@ -742,7 +742,7 @@ offset = XMLCastStringOffset(XMLGetProperty(personality, (const char*)"IOPCIPrimaryMatch")); char* newstring = malloc(strlen("0x00008086") + 1); - sprintf(newstring, "0x%04x", 0x8086 | (patch_gma_deviceid << 16)); + snprintf(newstring, strlen("0x00008086") + 1,"0x%04x", 0x8086 | (patch_gma_deviceid << 16)); DBG("Replacing %s with %s\n", "0x00008086", newstring); replace_string("0x27A28086", newstring, plistbuffer + offset, 10240); Index: branches/cparm/i386/modules/GUI/Makefile =================================================================== --- branches/cparm/i386/modules/GUI/Makefile (revision 2043) +++ branches/cparm/i386/modules/GUI/Makefile (revision 2044) @@ -25,6 +25,7 @@ OBJROOT=../../../obj/i386/modules/$(DIR) SYMROOT=../../../sym/i386/modules/ DSTROOT=../../../dst/i386/modules/ +BINROOT = ../../../bin UTILDIR = ../../util @@ -34,14 +35,14 @@ INSTALLDIR = $(DSTROOT)/System/Library/Frameworks/System.framework/Versions/B/PrivateHeaders/standalone -OPTIM = -Os -Oz +OPTIM = -O0 # -Os -Oz DEBUG = -DNOTHING CFLAGS = $(RC_CFLAGS) $(OPTIM) $(MORECPP) -arch i386 -g -Wmost -fstack-protector-all \ -D__ARCHITECTURE__=\"i386\" \ $(DEBUG) \ -fno-builtin $(OMIT_FRAME_POINTER_CFLAG) \ -mpreferred-stack-boundary=2 -fno-align-functions \ - -march=pentium4 -msse2 -mfpmath=sse -msoft-float -fno-common #-fstack-protector-all + -march=pentium4 -msse2 -mfpmath=sse -msoft-float -fno-common -ffreestanding DEFINES= CONFIG = hd @@ -127,20 +128,20 @@ @plutil -convert xml1 $(SYMROOT)/$(BUNDLE_NAME).bundle/Contents/Info.plist stack_protector.o: - $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFINES) -c "$(LIBSAIODIR)/stack_protector.c" $(INC) -o "$(OBJROOT)/stack_protector.o" + $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFINES) -c "$(LIBSAIODIR)/stack_protector.c" $(INC) -o "$(OBJROOT)/stack_protector.o" GUI_module.o: - $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFINES) -c "GUI_module.c" $(INC) -o "$(OBJROOT)/GUI_module.o" + $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFINES) -c "GUI_module.c" $(INC) -o "$(OBJROOT)/GUI_module.o" gui.o: - $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFINES) -c "gui.c" $(INC) -o "$(OBJROOT)/gui.o" + $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFINES) -c "gui.c" $(INC) -o "$(OBJROOT)/gui.o" picopng.o: - $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFINES) -c "picopng.c" $(INC) -o "$(OBJROOT)/picopng.o" + $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFINES) -c "picopng.c" $(INC) -o "$(OBJROOT)/picopng.o" graphic_utils.o: - $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFINES) -c "graphic_utils.c" $(INC) -o "$(OBJROOT)/graphic_utils.o" + $(CC) $(CPPFLAGS) $(CFLAGS) $(DEFINES) -c "graphic_utils.c" $(INC) -o "$(OBJROOT)/graphic_utils.o" art.h: @if [ "$(PNGCRUSH)" ]; then \ Index: branches/cparm/i386/modules/GUI/graphic_utils.c =================================================================== --- branches/cparm/i386/modules/GUI/graphic_utils.c (revision 2043) +++ branches/cparm/i386/modules/GUI/graphic_utils.c (revision 2044) @@ -886,7 +886,7 @@ small = (vbeInfo.TotalMemory < 16); - sprintf(buff, "VESA v%d.%d %d%s (%s)\n", + snprintf(buff, sizeof(char)*256,"VESA v%d.%d %d%s (%s)\n", vbeInfo.VESAVersion >> 8, vbeInfo.VESAVersion & 0xf, small ? (vbeInfo.TotalMemory * 64) : (vbeInfo.TotalMemory / 16), Index: branches/cparm/i386/modules/Networking/Networking.c =================================================================== --- branches/cparm/i386/modules/Networking/Networking.c (revision 2043) +++ branches/cparm/i386/modules/Networking/Networking.c (revision 2044) @@ -160,7 +160,7 @@ device = devprop_add_device(string, wlan_dev); if(device) { - sprintf(tmp, "Airport"); + snprintf(tmp, sizeof(tmp),"Airport"); devprop_add_value(device, "AAPL,slot-name", (uint8_t *) tmp, strlen(tmp) + 1); devprop_add_value(device, "device_type", (uint8_t *) tmp, strlen(tmp) + 1); Index: branches/cparm/i386/modules/GraphicsEnabler/nvidia.c =================================================================== --- branches/cparm/i386/modules/GraphicsEnabler/nvidia.c (revision 2043) +++ branches/cparm/i386/modules/GraphicsEnabler/nvidia.c (revision 2044) @@ -1278,7 +1278,7 @@ devices_number = 1; } - sprintf(tmp, "Slot-%x",devices_number); + snprintf(tmp, sizeof(tmp) ,"Slot-%x",devices_number); devprop_add_value(device, "AAPL,slot-name", (uint8_t *) tmp, strlen(tmp)); safe_set_env(envDeviceNumber,devices_number+1); } @@ -1424,7 +1424,7 @@ return false; } - sprintf(nvFilename, "/Extra/%04x_%04x.rom", (uint16_t)nvda_dev->vendor_id, (uint16_t)nvda_dev->device_id); + snprintf(nvFilename, sizeof(nvFilename) ,"/Extra/%04x_%04x.rom", (uint16_t)nvda_dev->vendor_id, (uint16_t)nvda_dev->device_id); if (getBoolForKey(kUseNvidiaROM, &doit, DEFAULT_BOOT_CONFIG) && doit) { verbose("Looking for nvidia video bios file %s\n", nvFilename); nvBiosOveride = load_nvidia_bios_file(nvFilename, rom, NVIDIA_ROM_SIZE); @@ -1563,9 +1563,9 @@ } } - sprintf(biosVersion, "%s", (nvBiosOveride > 0) ? nvFilename : version_str); + snprintf(biosVersion, sizeof(biosVersion) ,"%s", (nvBiosOveride > 0) ? nvFilename : version_str); - sprintf(kNVCAP, "NVCAP_%04x", nvda_dev->device_id); + snprintf(kNVCAP, sizeof(kNVCAP) ,"NVCAP_%04x", nvda_dev->device_id); if (getValueForKey(kNVCAP, &value, &len, DEFAULT_BOOT_CONFIG) && len == NVCAP_LEN * 2) { uint8_t new_NVCAP[NVCAP_LEN]; Index: branches/cparm/i386/modules/GraphicsEnabler/ati.c =================================================================== --- branches/cparm/i386/modules/GraphicsEnabler/ati.c (revision 2043) +++ branches/cparm/i386/modules/GraphicsEnabler/ati.c (revision 2044) @@ -1191,7 +1191,7 @@ if (!do_load) return false; - sprintf(file_name, "/Extra/%04x_%04x_%08x.rom", vendor_id, device_id, subsys_id); + snprintf(file_name, sizeof(file_name),"/Extra/%04x_%04x_%08x.rom", vendor_id, device_id, subsys_id); if ((fd = open_bvdev("bt(0,0)", file_name)) < 0) return false; @@ -1528,12 +1528,12 @@ // card->ports = 2/1 ?; // set a min if 0 ports ? // verbose("Nr of ports set to min: %d\n", card->ports); - sprintf(name, "ATY,%s", card->cfg_name); + snprintf(name, sizeof(name),"ATY,%s", card->cfg_name); aty_name.type = kStr; aty_name.size = strlen(name) + 1; aty_name.data = (uint8_t *)name; - sprintf(name_parent, "ATY,%sParent", card->cfg_name); + snprintf(name_parent, sizeof(name_parent),"ATY,%sParent", card->cfg_name); aty_nameparent.type = kStr; aty_nameparent.size = strlen(name_parent) + 1; aty_nameparent.data = (uint8_t *)name_parent; Index: branches/cparm/i386/modules/SMBiosGetters/mysmbios.c =================================================================== --- branches/cparm/i386/modules/SMBiosGetters/mysmbios.c (revision 2043) +++ branches/cparm/i386/modules/SMBiosGetters/mysmbios.c (revision 2044) @@ -830,7 +830,7 @@ current = structHeader->handle; } - sprintf(key, "%s%d", keyString, idx); + snprintf(key, sizeof(key),"%s%d", keyString, idx); if (value) { Index: branches/cparm/i386/modules/HibernateEnabler/graphic_utils.c =================================================================== --- branches/cparm/i386/modules/HibernateEnabler/graphic_utils.c (revision 2043) +++ branches/cparm/i386/modules/HibernateEnabler/graphic_utils.c (revision 2044) @@ -188,7 +188,7 @@ //bzero( &vbeInfo, sizeof(vbeInfo) ); bzero( &vbeInfo, sizeof(VBEInfoBlock) ); - strcpy( (char*)&vbeInfo, "VBE2" ); + strlcpy( (char*)&vbeInfo, "VBE2", sizeof(VBEInfoBlock) ); err = getVBEInfo( &vbeInfo ); if ( err != errSuccess ) { Index: branches/cparm/i386/modules/Keymapper/Keylayout.c =================================================================== --- branches/cparm/i386/modules/Keymapper/Keylayout.c (revision 2043) +++ branches/cparm/i386/modules/Keymapper/Keylayout.c (revision 2044) @@ -143,7 +143,7 @@ if (getValueForKey("KeyLayout", &val, &len, DEFAULT_BOOT_CONFIG)) { - sprintf(layoutPath, "/Extra/Keymaps/%s", val); + snprintf(layoutPath, sizeof(layoutPath),"/Extra/Keymaps/%s", val); // Add the extension if needed if (len <= 4 || strcmp(val+len-4,".lyt") != 0) strlcat(layoutPath, ".lyt", sizeof(layoutPath)); Index: branches/cparm/i386/modules/SMBiosPatcher/smbios_patcher.c =================================================================== --- branches/cparm/i386/modules/SMBiosPatcher/smbios_patcher.c (revision 2043) +++ branches/cparm/i386/modules/SMBiosPatcher/smbios_patcher.c (revision 2044) @@ -965,7 +965,7 @@ int size; char altname[40]; - sprintf(altname, "%s_%d",smbios_properties[j].name, tablespresent[cur->type] + 1); + snprintf(altname, sizeof(altname),"%s_%d",smbios_properties[j].name, tablespresent[cur->type] + 1); if (smbios_properties[j].table_type == cur->type && smbios_properties[j].value_type == SMSTRING && smbios_properties[j].auto_str && randomSerial && (!strcmp ("SMserial", smbios_properties[j].name))) { @@ -1003,7 +1003,7 @@ int numnec=-1; char buffer[40]; - sprintf(buffer, "SMtable%d", i); + snprintf(buffer, sizeof(buffer),"SMtable%d", i); if (!getIntForKey(buffer, &numnec, DEFAULT_SMBIOS_CONFIG)) { numnec = -1; } @@ -1017,7 +1017,7 @@ int size; char altname[40]; - sprintf(altname, "%s_%d",smbios_properties[j].name, tablespresent[smbios_table_descriptions[i].type] + 1); + snprintf(altname, sizeof(altname), "%s_%d",smbios_properties[j].name, tablespresent[smbios_table_descriptions[i].type] + 1); if (smbios_properties[j].table_type == smbios_table_descriptions[i].type && smbios_properties[j].value_type==SMSTRING && smbios_properties[j].auto_str && randomSerial && (!strcmp ("SMserial", smbios_properties[j].name))) { @@ -1133,7 +1133,7 @@ int num; char altname[40]; - sprintf(altname, "%s_%d", smbios_properties[j].name, tablespresent[newcur->type] + 1); + snprintf(altname, sizeof(altname), smbios_properties[j].name, tablespresent[newcur->type] + 1); if (smbios_properties[j].table_type == newcur->type) { switch (smbios_properties[j].value_type) { case SMSTRING: @@ -1233,7 +1233,7 @@ int numnec = -1; char buffer[40]; - sprintf(buffer, "SMtable%d", i); + snprintf(buffer, sizeof(buffer),"SMtable%d", i); if (!getIntForKey(buffer, &numnec, DEFAULT_SMBIOS_CONFIG)) { numnec = -1; } @@ -1259,7 +1259,7 @@ int num; char altname[40]; - sprintf(altname, "%s_%d", smbios_properties[j].name, tablespresent[newcur->type] + 1); + snprintf(altname, sizeof(altname),"%s_%d", smbios_properties[j].name, tablespresent[newcur->type] + 1); if (smbios_properties[j].table_type == newcur->type) { switch (smbios_properties[j].value_type) { case SMSTRING: Index: branches/cparm/i386/modules/Memory/mem.c =================================================================== --- branches/cparm/i386/modules/Memory/mem.c (revision 2043) +++ branches/cparm/i386/modules/Memory/mem.c (revision 2044) @@ -48,17 +48,17 @@ } if (len%STEP==0) return; - sprintf(buffer,"%02x:", i); + snprintf(buffer, sizeof(buffer),"%02x:", i); for (j=0; j < STEP; j++) { if (j<(len%STEP)) - sprintf(str, " %02x", ad[i+j]); + snprintf(str, sizeof(str)," %02x", ad[i+j]); else - strcpy(str, " " ); + strlcpy(str, " " , sizeof(str)); strlcat(buffer, str, sizeof(buffer)); } strlcat(buffer," ", sizeof(buffer)); for (j=0; j < (len%STEP); j++) { - sprintf(str, "%c", DC(ad[i+j])); + snprintf(str, sizeof(str) ,"%c", DC(ad[i+j])); strlcat(buffer, str, sizeof(buffer)); } printf("%s\n",buffer); @@ -96,7 +96,7 @@ for(dmihdr = FindFirstDmiTableOfType(i, 4); dmihdr; dmihdr = FindNextDmiTableOfType(i, 4)) { - sprintf(title,"Table (type %d) :" , i); + snprintf(title,sizeof(title),"Table (type %d) :" , i); dumpPhysAddr(title, dmihdr, dmihdr->length+32); } } Index: branches/cparm/i386/modules/Memory/spd.c =================================================================== --- branches/cparm/i386/modules/Memory/spd.c (revision 2043) +++ branches/cparm/i386/modules/Memory/spd.c (revision 2044) @@ -221,11 +221,11 @@ if (spd[SPD_MEMORY_TYPE]==SPD_MEMORY_TYPE_SDRAM_DDR3) // DDR3 { - sprintf(asciiSerial, "%X%X%X%X%X%X%X%X", SMST(122) /*& 0x7*/, SLST(122), SMST(123), SLST(123), SMST(124), SLST(124), SMST(125), SLST(125)); + snprintf(asciiSerial, sizeof(asciiSerial),"%X%X%X%X%X%X%X%X", SMST(122) /*& 0x7*/, SLST(122), SMST(123), SLST(123), SMST(124), SLST(124), SMST(125), SLST(125)); } else if (spd[SPD_MEMORY_TYPE]==SPD_MEMORY_TYPE_SDRAM_DDR2) // DDR2 or DDR { - sprintf(asciiSerial, "%X%X%X%X%X%X%X%X", SMST(95) /*& 0x7*/, SLST(95), SMST(96), SLST(96), SMST(97), SLST(97), SMST(98), SLST(98)); + snprintf(asciiSerial, sizeof(asciiSerial),"%X%X%X%X%X%X%X%X", SMST(95) /*& 0x7*/, SLST(95), SMST(96), SLST(96), SMST(97), SLST(97), SMST(98), SLST(98)); } return strdup(asciiSerial); Index: branches/cparm/i386/modules/ACPICodec/acpi_codec.c =================================================================== --- branches/cparm/i386/modules/ACPICodec/acpi_codec.c (revision 2043) +++ branches/cparm/i386/modules/ACPICodec/acpi_codec.c (revision 2044) @@ -565,7 +565,7 @@ DBG("Searching for %s file ...\n", filename); // Check booting partition - sprintf(acpi_file, "%s%s",dirspec, filename); + snprintf(acpi_file, sizeof(acpi_file), "%s%s",dirspec, filename); safe_set_env(envHFSLoadVerbose, 0); fd=open(acpi_file); @@ -1624,7 +1624,7 @@ { U32 dropPSS = 0, Pstatus = 0; - char MatchStat[5]; + char MatchStat[4+1]; #ifdef pstate_power_support U32 TDP = compute_tdp(cpu); #endif @@ -1636,7 +1636,7 @@ if ((pstate_tag_count > 0) && PstateTag) { - sprintf(MatchStat, "%d",i); + snprintf(MatchStat, sizeof(MatchStat),"%d",i); TagPtr match_Status = XMLGetProperty(PstateTag, (const char*)MatchStat); if (match_Status && (XMLTagCount(match_Status) > 0)) @@ -1801,13 +1801,13 @@ { U32 i; - char MatchStat[5]; + char MatchStat[4+1]; for (i = 0; i < 32 ; i++) { char *Lat = NULL, *Pw = NULL, *BWidth= NULL, *BOffset= NULL, *Address= NULL, *AccessSize= NULL, *index= NULL; - sprintf(MatchStat, "C%d",i); + snprintf(MatchStat, sizeof(MatchStat),"C%d",i); TagPtr match_Status = XMLGetProperty(CstateTag, (const char*)MatchStat); if (match_Status) { @@ -4401,7 +4401,7 @@ { bool oem = false; char oemOption[OEMOPT_SIZE]; - sprintf(oemOption, "oem%s",tableSig ); + snprintf(oemOption, sizeof(oemOption), "oem%s",tableSig ); if (getBoolForKey(oemOption, &oem, personality) && oem) // This method don't work for DSDT and FACS { @@ -4580,7 +4580,7 @@ { bool oem = false; char oemOption[OEMOPT_SIZE]; - sprintf(oemOption, "oem%s",tableSig ); + snprintf(oemOption, sizeof(oemOption),"oem%s",tableSig ); if (getBoolForKey(oemOption, &oem, personality) && oem) // This method don't work for DSDT and FACS { DBG(" %s required\n", oemOption); @@ -4754,7 +4754,7 @@ ret = GetFileInfo("rd(0,0)/Extra/", "Acpi", &flags, &time); if ((ret == 0) && ((flags & kFileTypeMask) == kFileTypeDirectory)) { - sprintf(dirspec, "rd(0,0)/Extra/Acpi/"); + snprintf(dirspec, sizeof(dirspec),"rd(0,0)/Extra/Acpi/"); acpidir_found = true; } @@ -4764,7 +4764,7 @@ ret = GetFileInfo("/Extra/", "Acpi", &flags, &time); if ((ret == 0) && ((flags & kFileTypeMask) == kFileTypeDirectory)) { - sprintf(dirspec, "/Extra/Acpi/"); + snprintf(dirspec, sizeof(dirspec), "/Extra/Acpi/"); acpidir_found = true; } @@ -4773,7 +4773,7 @@ ret = GetFileInfo("bt(0,0)/Extra/", "Acpi", &flags, &time); if ((ret == 0) && ((flags & kFileTypeMask) == kFileTypeDirectory)) { - sprintf(dirspec, "bt(0,0)/Extra/Acpi/"); + snprintf(dirspec, sizeof(dirspec),"bt(0,0)/Extra/Acpi/"); acpidir_found = true; } Index: branches/cparm/i386/libsa/efi_tables.h =================================================================== --- branches/cparm/i386/libsa/efi_tables.h (revision 2043) +++ branches/cparm/i386/libsa/efi_tables.h (revision 2044) @@ -9,7 +9,7 @@ uint32_t crc32(uint32_t crc, const void *buf, size_t size); -void efi_guid_unparse_upper(EFI_GUID const *pGuid, char *out); +void efi_guid_unparse_upper(EFI_GUID const *pGuid, char *out, long strMaxlen); bool efi_guid_is_null(EFI_GUID const *pGuid); int efi_guid_compare(EFI_GUID const *pG1, EFI_GUID const *pG2); Index: branches/cparm/i386/libsa/efi_tables.c =================================================================== --- branches/cparm/i386/libsa/efi_tables.c (revision 2043) +++ branches/cparm/i386/libsa/efi_tables.c (revision 2044) @@ -115,9 +115,9 @@ * Utility function to make a device tree string from an EFI_GUID */ -void efi_guid_unparse_upper(EFI_GUID const *pGuid, char *out) +void efi_guid_unparse_upper(EFI_GUID const *pGuid, char *out, long strMaxlen) { - sprintf(out, "%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X", + snprintf(out, strMaxlen, "%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X", pGuid->Data1, /* - */ pGuid->Data2, /* - */ pGuid->Data3, /* - */ Index: branches/cparm/i386/util/md.c =================================================================== --- branches/cparm/i386/util/md.c (revision 2043) +++ branches/cparm/i386/util/md.c (revision 2044) @@ -91,60 +91,60 @@ #define OLDSALUTATION "# DO NOT DELETE THIS LINE" #define OLDSALUTATIONLEN (sizeof OLDSALUTATION - 1) -char file_array[IObuffer]; /* read file and store crunched names */ -char dep_line[LINESIZE]; /* line being processed */ -char dot_o[LINESIZE]; /* : prefix */ -char *path_component[100]; /* stores components for a path while being +static char file_array[IObuffer]; /* read file and store crunched names */ +static char dep_line[LINESIZE]; /* line being processed */ +static char dot_o[LINESIZE]; /* : prefix */ +static char *path_component[100]; /* stores components for a path while being crunched */ -struct dep { /* stores paths that a file depends on */ +static struct dep { /* stores paths that a file depends on */ int len; char *str; } dep_files[1000]; -int dep_file_index; +static int dep_file_index; -int qsort_strcmp(struct dep *a, struct dep *b) +static int qsort_strcmp(struct dep *a, struct dep *b) { extern int strcmp(); return strcmp(a->str, b->str); } -char *outfile = (char *) 0; /* generate dependency file */ -FILE *out; +static char *outfile = (char *) 0; /* generate dependency file */ +static FILE *out; -char *makefile = (char *) 0; /* user supplied makefile name */ -char *real_mak_name; /* actual makefile name (if not supplied) */ -char shadow_mak_name[LINESIZE]; /* changes done here then renamed */ -FILE *mak; /* for reading makefile */ -FILE *makout; /* for writing shadow */ -char makbuf[LINESIZE]; /* one line buffer for makefile */ -struct stat makstat; /* stat of makefile for time comparisons */ -int mak_eof = 0; /* eof seen on makefile */ -FILE *find_mak(), *temp_mak(); +static char *makefile = (char *) 0; /* user supplied makefile name */ +static char *real_mak_name; /* actual makefile name (if not supplied) */ +static char shadow_mak_name[LINESIZE]; /* changes done here then renamed */ +static FILE *mak; /* for reading makefile */ +static FILE *makout; /* for writing shadow */ +static char makbuf[LINESIZE]; /* one line buffer for makefile */ +static struct stat makstat; /* stat of makefile for time comparisons */ +static int mak_eof = 0; /* eof seen on makefile */ -int delete = 0; /* -d delete dependency file */ -int debug = 0; -int D_contents = 0; /* print file contents */ -int D_depend = 0; /* print dependency processing info */ -int D_make = 0; /* print makefile processing info */ -int D_open = 0; /* print after succesful open */ -int D_time = 0; /* print time comparison info */ -int force = 1; /* always update dependency info */ -int update = 0; /* it's ok if the -m file does not exist */ -int verbose = 0; /* tell me something */ -int expunge = 0; /* first flush dependency stuff from makefile */ +static int delete = 0; /* -d delete dependency file */ +static int debug = 0; +static int D_contents = 0; /* print file contents */ +static int D_depend = 0; /* print dependency processing info */ +static int D_make = 0; /* print makefile processing info */ +static int D_open = 0; /* print after succesful open */ +static int D_time = 0; /* print time comparison info */ +static int force = 1; /* always update dependency info */ +static int update = 0; /* it's ok if the -m file does not exist */ +static int verbose = 0; /* tell me something */ +static int expunge = 0; /* first flush dependency stuff from makefile */ -char *name; - -static void scan_mak(FILE *, FILE *, char *); -static void finish_mak(FILE *, FILE *); -static void output_dep(FILE *out); -static void parse_dep(void); -static void save_dot_o(void); +static char *name; static int read_dep(register char *file); -static void skip_mak(register FILE *makin, register FILE *makout); +static void save_dot_o(void); +static void parse_dep(void); +static void output_dep(FILE *out); +static FILE *find_mak(char *file); +static FILE *temp_mak(void); +static void scan_mak(FILE *, FILE *, char *); static void expunge_mak(register FILE *makin, register FILE *makout); +static void skip_mak(register FILE *makin, register FILE *makout); +static void finish_mak(FILE *, FILE *); int main(int argc, register char **argv) { @@ -294,6 +294,7 @@ usage: fprintf(stderr, "usage: md -f -Dcdmot -m makefile -o outputfile -v ... \n"); exit(1); + return 1; } @@ -523,8 +524,7 @@ } /* process makefile */ -FILE * -find_mak(char *file) +static FILE *find_mak(char *file) { FILE *mak; @@ -576,13 +576,12 @@ return mak; } -FILE * -temp_mak() +static FILE *temp_mak(void) { FILE *mak; - strcpy(shadow_mak_name, real_mak_name); - strcat(shadow_mak_name, ".md"); + strlcpy(shadow_mak_name, real_mak_name, sizeof(shadow_mak_name)); + strlcat(shadow_mak_name, ".md", sizeof(shadow_mak_name)); /* * For SGS stuff, in case still linked to master version Index: branches/cparm/i386/util/amlsgn.m =================================================================== --- branches/cparm/i386/util/amlsgn.m (revision 2043) +++ branches/cparm/i386/util/amlsgn.m (revision 2044) @@ -128,7 +128,7 @@ static char msg[UUID_STR_LEN] = ""; if (!eUUID) return ""; const unsigned char * uuid = (unsigned char*) eUUID; - sprintf(msg, "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", + snprintf(msg, sizeof(msg), "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x", uuid[0], uuid[1], uuid[2], uuid[3], uuid[4], uuid[5], uuid[6], uuid[7], uuid[8], uuid[9], uuid[10],uuid[11],