From dc182898c4efd4721f27638e93af2a4a18b5b85f Mon Sep 17 00:00:00 2001 From: Erich Cordoba Date: Tue, 25 Jun 2019 16:17:47 -0500 Subject: [PATCH] Fix format-overflow warning in mtcInvApi There is a format-overflow warning because the batch_str buffer is 10 chars length and the formatted variable can get at most 11 chars. To fix this issue the sprintf was changed to snprintf to avoid the overflow. Also the signature of mtcInvApi_read_inventory was changed to avoid negative values. The impact of this change is minimum as this function only has one caller, where the supplied argument is always the number 5. Change-Id: I3adfd270e603021d6e41bdad08eb06e65686b989 Signed-off-by: Erich Cordoba --- mtce/src/maintenance/mtcInvApi.cpp | 4 ++-- mtce/src/maintenance/mtcInvApi.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mtce/src/maintenance/mtcInvApi.cpp b/mtce/src/maintenance/mtcInvApi.cpp index b9275304..b03e179c 100755 --- a/mtce/src/maintenance/mtcInvApi.cpp +++ b/mtce/src/maintenance/mtcInvApi.cpp @@ -60,7 +60,7 @@ * number of inventory elements. * */ -int mtcInvApi_read_inventory ( int batch ) +int mtcInvApi_read_inventory ( uint batch ) { char batch_str [10] ; int rc = PASS ; @@ -86,7 +86,7 @@ int mtcInvApi_read_inventory ( int batch ) batch = MTC_INV_BATCH_MAX ; /* Add the batch integer to the request label */ - sprintf (&batch_str[0], "%d", batch ); + snprintf (&batch_str[0], sizeof(batch_str), "%d", batch ); obj_ptr->sysinvEvent.token.url = MTC_INV_LABEL ; obj_ptr->sysinvEvent.token.url.append(MTC_INV_BATCH); diff --git a/mtce/src/maintenance/mtcInvApi.h b/mtce/src/maintenance/mtcInvApi.h index 38677d15..dbb9f2e2 100755 --- a/mtce/src/maintenance/mtcInvApi.h +++ b/mtce/src/maintenance/mtcInvApi.h @@ -85,7 +85,7 @@ int mtcInvApi_handler ( libEvent & event ); *- HTTP status codes - any standard HTTP codes * *****************************************************************************/ -int mtcInvApi_read_inventory ( int batch ); +int mtcInvApi_read_inventory ( uint batch ); /** Add a host to the sysinv database *