tech-kern: Re: CVS commit: src/sys

Subject: Re: CVS commit: src/sys
To: None <kleink@mibh.de, tech-kern@NetBSD.org>
From: None <itojun@iijlab.net>
List: tech-kern
Date: 04/25/2004 02:36:37
>	the original code (with sprintf) is already broken, as sprintf()
>	returns -1 on failure.  we just need to fix all of these
>	cp += sprintf (or snprintf).

	happy now?

itojun


Index: ic/aic79xx.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/aic79xx.c,v
retrieving revision 1.28
diff -u -r1.28 aic79xx.c
--- ic/aic79xx.c	21 Apr 2004 18:03:13 -0000	1.28
+++ ic/aic79xx.c	24 Apr 2004 17:34:37 -0000
@@ -8596,9 +8596,17 @@
 		*cur_column = 0;
 	}
 	printed = snprintf(line, sizeof(line), "%s[0x%x]", name, value);
+#ifdef DIAGNOSTIC
+	if (printed > sizeof(line))
+		panic("buffer too small in " __function__);
+#endif
 	if (table == NULL) {
 		printed += snprintf(&line[printed], (sizeof line) - printed,
 		    " ");
+#ifdef DIAGNOSTIC
+		if (printed > sizeof(line))
+			panic("buffer too small in " __function__);
+#endif
 		printf("%s", line);
 		if (cur_column != NULL)
 			*cur_column += printed;
@@ -8618,6 +8626,10 @@
 			    (sizeof line) - printed, "%s%s", 
 				printed_mask == 0 ? ":(" : "|",
 				table[entry].name);
+#ifdef DIAGNOSTIC
+			if (printed > sizeof(line))
+				panic("buffer too small in " __function__);
+#endif
 			printed_mask |= table[entry].mask;
 			
 			break;
@@ -8625,12 +8637,21 @@
 		if (entry >= num_entries)
 			break;
 	}
-	if (printed_mask != 0)
+	if (printed_mask != 0) {
 		printed += snprintf(&line[printed],
 		    (sizeof line) - printed, ") ");
-	else
+#ifdef DIAGNOSTIC
+		if (printed > sizeof(line))
+			panic("buffer too small in " __function__);
+#endif
+	} else {
 		printed += snprintf(&line[printed],
 		    (sizeof line) - printed, " ");
+#ifdef DIAGNOSTIC
+		if (printed > sizeof(line))
+			panic("buffer too small in " __function__);
+#endif
+	}
 	if (cur_column != NULL)
 		*cur_column += printed;
 	printf("%s", line);
Index: ic/aic7xxx.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/aic7xxx.c,v
retrieving revision 1.110
diff -u -r1.110 aic7xxx.c
--- ic/aic7xxx.c	21 Apr 2004 18:03:13 -0000	1.110
+++ ic/aic7xxx.c	24 Apr 2004 17:34:40 -0000
@@ -6547,9 +6547,17 @@
 		*cur_column = 0;
 	}
 	printed = snprintf(line, sizeof(line), "%s[0x%x]", name, value);
+#ifdef DIAGNOSTIC
+	if (printed > sizeof(line))
+		panic("buffer too small in " __function__);
+#endif
 	if (table == NULL) {
 		printed += snprintf(&line[printed], (sizeof line) - printed,
 		    " ");
+#ifdef DIAGNOSTIC
+		if (printed > sizeof(line))
+			panic("buffer too small in " __function__);
+#endif
 		printf("%s", line);
 		if (cur_column != NULL)
 			*cur_column += printed;
@@ -6569,6 +6577,10 @@
 			    (sizeof line) - printed, "%s%s", 
 				printed_mask == 0 ? ":(" : "|",
 				table[entry].name);
+#ifdef DIAGNOSTIC
+			if (printed > sizeof(line))
+				panic("buffer too small in " __function__);
+#endif
 			printed_mask |= table[entry].mask;
 			
 			break;
@@ -6576,12 +6588,21 @@
 		if (entry >= num_entries)
 			break;
 	}
-	if (printed_mask != 0)
+	if (printed_mask != 0) {
 		printed += snprintf(&line[printed],
 		    (sizeof line) - printed, ") ");
-	else
+#ifdef DIAGNOSTIC
+		if (printed > sizeof(line))
+			panic("buffer too small in " __function__);
+#endif
+	} else {
 		printed += snprintf(&line[printed],
 		    (sizeof line) - printed, " ");
+#ifdef DIAGNOSTIC
+		if (printed > sizeof(line))
+			panic("buffer too small in " __function__);
+#endif
+	}
 	if (cur_column != NULL)
 		*cur_column += printed;
 	printf("%s", line);
Index: ic/mpt_debug.c
===================================================================
RCS file: /cvsroot/src/sys/dev/ic/mpt_debug.c,v
retrieving revision 1.2
diff -u -r1.2 mpt_debug.c
--- ic/mpt_debug.c	14 Jul 2003 15:47:11 -0000	1.2
+++ ic/mpt_debug.c	24 Apr 2004 17:34:40 -0000
@@ -198,11 +198,20 @@
 	char *ptr = buf;
 	char *end = &buf[128];
 	buf[0] = '\0';
-	ptr += snprintf(buf, sizeof buf, "(0x%08x)", code);
+	ptr += snprintf(buf, end - buf, "(0x%08x)", code);
+#ifdef DIAGNOSTIC
+	if (ptr > end)
+		panic("buffer too small in " __function__);
+#endif
 	while (status->Error_Code >= 0) {
-		if ((status->Error_Code & code) != 0)
-			ptr += snprintf(ptr, (size_t)(end-ptr), "%s ",
+		if ((status->Error_Code & code) != 0) {
+			ptr += snprintf(ptr, end - ptr, "%s ",
 				status->Error_String);
+#ifdef DIAGNOSTIC
+			if (ptr > end)
+				panic("buffer too small in " __function__);
+#endif
+		}
 		status++;
 	}
 	return buf;
@@ -242,11 +251,20 @@
 	char *ptr = buf;
 	char *end = &buf[128];
 	buf[0] = '\0';
-	ptr += snprintf(buf, sizeof buf, "(0x%08x)", code);
+	ptr += snprintf(buf, end - buf, "(0x%08x)", code);
+#ifdef DIAGNOSTIC
+	if (ptr > end)
+		panic("buffer too small in " __function__);
+#endif
 	while (status->Error_Code >= 0) {
-		if ((status->Error_Code & code) != 0)
+		if ((status->Error_Code & code) != 0) {
 			ptr += snprintf(ptr, (size_t)(end-ptr), "%s ",
 				status->Error_String);
+#ifdef DIAGNOSTIC
+			if (ptr > end)
+				panic("buffer too small in " __function__);
+#endif
+		}
 		status++;
 	}
 	return buf;
Index: pci/pci_subr.c
===================================================================
RCS file: /cvsroot/src/sys/dev/pci/pci_subr.c,v
retrieving revision 1.58
diff -u -r1.58 pci_subr.c
--- pci/pci_subr.c	23 Apr 2004 21:13:07 -0000	1.58
+++ pci/pci_subr.c	24 Apr 2004 17:34:41 -0000
@@ -388,36 +388,82 @@
 		subclassp++;
 	}
 
-	if (vendor_namep == NULL)
+	if (vendor_namep == NULL) {
 		cp += snprintf(cp, ep - cp, "%svendor 0x%04x product 0x%04x",
 		    unmatched, vendor, product);
-	else if (product_namep != NULL)
+#ifdef DIAGNOSTIC
+		if (cp > ep)
+			panic("buffer too small in " __function__);
+#endif
+	} else if (product_namep != NULL) {
 		cp += snprintf(cp, ep - cp, "%s %s", vendor_namep,
 		    product_namep);
-	else
+#ifdef DIAGNOSTIC
+		if (cp > ep)
+			panic("buffer too small in " __function__);
+#endif
+	} else {
 		cp += snprintf(cp, ep - cp, "%s product 0x%04x",
 		    vendor_namep, product);
+#ifdef DIAGNOSTIC
+		if (cp > ep)
+			panic("buffer too small in " __function__);
+#endif
+	}
 	if (showclass) {
 		cp += snprintf(cp, ep - cp, " (");
-		if (classp->name == NULL)
+#ifdef DIAGNOSTIC
+		if (cp > ep)
+			panic("buffer too small in " __function__);
+#endif
+		if (classp->name == NULL) {
 			cp += snprintf(cp, ep - cp,
 			    "class 0x%02x, subclass 0x%02x", class, subclass);
-		else {
-			if (subclassp == NULL || subclassp->name == NULL)
+#ifdef DIAGNOSTIC
+			if (cp > ep)
+				panic("buffer too small in " __function__);
+#endif
+		} else {
+			if (subclassp == NULL || subclassp->name == NULL) {
 				cp += snprintf(cp, ep - cp,
 				    "%s subclass 0x%02x",
 				    classp->name, subclass);
-			else
+#ifdef DIAGNOSTIC
+				if (cp > ep)
+					panic("buffer too small in "
+					    __function__);
+#endif
+			} else {
 				cp += snprintf(cp, ep - cp, "%s %s",
 				    subclassp->name, classp->name);
+#ifdef DIAGNOSTIC
+				if (cp > ep)
+					panic("buffer too small in "
+					    __function__);
+#endif
+			}
 		}
-		if (interface != 0)
+		if (interface != 0) {
 			cp += snprintf(cp, ep - cp, ", interface 0x%02x",
 			    interface);
-		if (revision != 0)
+#ifdef DIAGNOSTIC
+			if (cp > ep)
+				panic("buffer too small in " __function__);
+#endif
+		}
+		if (revision != 0) {
 			cp += snprintf(cp, ep - cp, ", revision 0x%02x",
 			    revision);
+#ifdef DIAGNOSTIC
+			if (cp > ep)
+				panic("buffer too small in " __function__);
+#endif
+		}
 		cp += snprintf(cp, ep - cp, ")");
+#ifdef DIAGNOSTIC
+		if (cp > ep)
+			panic("buffer too small in " __function__);
+#endif
 	}
 }
 
Index: usb/usb_subr.c
===================================================================
RCS file: /cvsroot/src/sys/dev/usb/usb_subr.c,v
retrieving revision 1.113
diff -u -r1.113 usb_subr.c
--- usb/usb_subr.c	23 Apr 2004 17:25:26 -0000	1.113
+++ usb/usb_subr.c	24 Apr 2004 17:34:41 -0000
@@ -314,16 +314,41 @@
 	usbd_devinfo_vp(dev, vendor, sizeof(vendor), product,
 	    sizeof(product), 1);
 	cp += snprintf(cp, ep - cp, "%s %s", vendor, product);
-	if (showclass)
+#ifdef DIAGNOSTIC
+	if (cp > ep)
+		panic("buffer too small in " __function__);
+#endif
+	if (showclass) {
 		cp += snprintf(cp, ep - cp, ", class %d/%d",
 		    udd->bDeviceClass, udd->bDeviceSubClass);
+#ifdef DIAGNOSTIC
+		if (cp > ep)
+			panic("buffer too small in " __function__);
+#endif
+	}
 	bcdUSB = UGETW(udd->bcdUSB);
 	bcdDevice = UGETW(udd->bcdDevice);
 	cp += snprintf(cp, ep - cp, ", rev ");
+#ifdef DIAGNOSTIC
+	if (cp > ep)
+		panic("buffer too small in " __function__);
+#endif
 	cp += usbd_printBCD(cp, ep - cp, bcdUSB);
+#ifdef DIAGNOSTIC
+	if (cp + 1 > ep)
+		panic("buffer too small in " __function__);
+#endif
 	*cp++ = '/';
 	cp += usbd_printBCD(cp, ep - cp, bcdDevice);
+#ifdef DIAGNOSTIC
+	if (cp > ep)
+		panic("buffer too small in " __function__);
+#endif
 	cp += snprintf(cp, ep - cp, ", addr %d", dev->address);
+#ifdef DIAGNOSTIC
+	if (cp > ep)
+		panic("buffer too small in " __function__);
+#endif
 	*cp = 0;
 }