gwj / at91sam9263 · Commits

Commit 363a37d52016e0a16e3599d690f610346fc6898a

Authored by blueswir1
1 parent c93e7817

Fix OpenBSD linker warnings 

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@5044 c046a42c-6fe2-441c-8c8c-71466251a162
Inline Side-by-side
Showing 17 changed files with 170 additions and 137 deletions
audio/audio.c
  View file @363a37d
@@ -211,8 +211,8 @@ static char *audio_alloc_prefix (const char *s) @@ -211,8 +211,8 @@ static char *audio_alloc_prefix (const char *s)
211 size_t i; 211 size_t i;
212 char *u = r + sizeof (qemu_prefix) - 1; 212 char *u = r + sizeof (qemu_prefix) - 1;
213 213
214 - strcpy (r, qemu_prefix);  
215 - strcat (r, s); 214 + pstrcpy (r, len + sizeof (qemu_prefix), qemu_prefix);
  215 + pstrcat (r, len, s);
216 216
217 for (i = 0; i < len; ++i) { 217 for (i = 0; i < len; ++i) {
218 u[i] = toupper (u[i]); 218 u[i] = toupper (u[i]);
@@ -430,7 +430,7 @@ static void audio_process_options (const char *prefix, @@ -430,7 +430,7 @@ static void audio_process_options (const char *prefix,
430 { 430 {
431 char *optname; 431 char *optname;
432 const char qemu_prefix[] = "QEMU_"; 432 const char qemu_prefix[] = "QEMU_";
433 - size_t preflen; 433 + size_t preflen, optlen;
434 434
435 if (audio_bug (AUDIO_FUNC, !prefix)) { 435 if (audio_bug (AUDIO_FUNC, !prefix)) {
436 dolog ("prefix = NULL\n"); 436 dolog ("prefix = NULL\n");
@@ -458,21 +458,25 @@ static void audio_process_options (const char *prefix, @@ -458,21 +458,25 @@ static void audio_process_options (const char *prefix,
458 /* len of opt->name + len of prefix + size of qemu_prefix 458 /* len of opt->name + len of prefix + size of qemu_prefix
459 * (includes trailing zero) + zero + underscore (on behalf of 459 * (includes trailing zero) + zero + underscore (on behalf of
460 * sizeof) */ 460 * sizeof) */
461 - optname = qemu_malloc (len + preflen + sizeof (qemu_prefix) + 1); 461 + optlen = len + preflen + sizeof (qemu_prefix) + 1;
  462 + optname = qemu_malloc (optlen);
462 if (!optname) { 463 if (!optname) {
463 dolog ("Could not allocate memory for option name `%s'\n", 464 dolog ("Could not allocate memory for option name `%s'\n",
464 opt->name); 465 opt->name);
465 continue; 466 continue;
466 } 467 }
467 468
468 - strcpy (optname, qemu_prefix); 469 + pstrcpy (optname, optlen, qemu_prefix);
  470 + optlen -= preflen;
469 471
470 /* copy while upper-casing, including trailing zero */ 472 /* copy while upper-casing, including trailing zero */
471 for (i = 0; i <= preflen; ++i) { 473 for (i = 0; i <= preflen; ++i) {
472 optname[i + sizeof (qemu_prefix) - 1] = toupper (prefix[i]); 474 optname[i + sizeof (qemu_prefix) - 1] = toupper (prefix[i]);
473 } 475 }
474 - strcat (optname, "_");  
475 - strcat (optname, opt->name); 476 + pstrcat (optname, optlen, "_");
  477 + optlen--;
  478 + pstrcat (optname, optlen, opt->name);
  479 + optlen -= len;
476 480
477 def = 1; 481 def = 1;
478 switch (opt->tag) { 482 switch (opt->tag) {
block-vmdk.c
  View file @363a37d
@@ -153,11 +153,11 @@ static int vmdk_write_cid(BlockDriverState *bs, uint32_t cid) @@ -153,11 +153,11 @@ static int vmdk_write_cid(BlockDriverState *bs, uint32_t cid)
153 return -1; 153 return -1;
154 154
155 tmp_str = strstr(desc,"parentCID"); 155 tmp_str = strstr(desc,"parentCID");
156 - strcpy(tmp_desc, tmp_str); 156 + pstrcpy(tmp_desc, sizeof(tmp_desc), tmp_str);
157 if ((p_name = strstr(desc,"CID")) != 0) { 157 if ((p_name = strstr(desc,"CID")) != 0) {
158 p_name += sizeof("CID"); 158 p_name += sizeof("CID");
159 - sprintf(p_name,"%x\n",cid);  
160 - strcat(desc,tmp_desc); 159 + snprintf(p_name, sizeof(desc) - (p_name - desc), "%x\n", cid);
  160 + pstrcat(desc, sizeof(desc), tmp_desc);
161 } 161 }
162 162
163 if (bdrv_pwrite(s->hd, 0x200, desc, DESC_SIZE) != DESC_SIZE) 163 if (bdrv_pwrite(s->hd, 0x200, desc, DESC_SIZE) != DESC_SIZE)
@@ -252,8 +252,8 @@ static int vmdk_snapshot_create(const char *filename, const char *backing_file) @@ -252,8 +252,8 @@ static int vmdk_snapshot_create(const char *filename, const char *backing_file)
252 if ((temp_str = strrchr(real_filename, ':')) != NULL) 252 if ((temp_str = strrchr(real_filename, ':')) != NULL)
253 real_filename = temp_str + 1; 253 real_filename = temp_str + 1;
254 254
255 - sprintf(s_desc, desc_template, p_cid, p_cid, backing_file  
256 - , (uint32_t)header.capacity, real_filename); 255 + snprintf(s_desc, sizeof(s_desc), desc_template, p_cid, p_cid, backing_file,
  256 + (uint32_t)header.capacity, real_filename);
257 257
258 /* write the descriptor */ 258 /* write the descriptor */
259 if (lseek(snp_fd, 0x200, SEEK_SET) == -1) 259 if (lseek(snp_fd, 0x200, SEEK_SET) == -1)
@@ -349,7 +349,8 @@ static int vmdk_parent_open(BlockDriverState *bs, const char * filename) @@ -349,7 +349,8 @@ static int vmdk_parent_open(BlockDriverState *bs, const char * filename)
349 path_combine(parent_img_name, sizeof(parent_img_name), 349 path_combine(parent_img_name, sizeof(parent_img_name),
350 filename, s->hd->backing_file); 350 filename, s->hd->backing_file);
351 } else { 351 } else {
352 - strcpy(parent_img_name, s->hd->backing_file); 352 + pstrcpy(parent_img_name, sizeof(parent_img_name),
  353 + s->hd->backing_file);
353 } 354 }
354 355
355 s->hd->backing_hd = bdrv_new(""); 356 s->hd->backing_hd = bdrv_new("");
@@ -790,8 +791,8 @@ static int vmdk_create(const char *filename, int64_t total_size, @@ -790,8 +791,8 @@ static int vmdk_create(const char *filename, int64_t total_size,
790 real_filename = temp_str + 1; 791 real_filename = temp_str + 1;
791 if ((temp_str = strrchr(real_filename, ':')) != NULL) 792 if ((temp_str = strrchr(real_filename, ':')) != NULL)
792 real_filename = temp_str + 1; 793 real_filename = temp_str + 1;
793 - sprintf(desc, desc_template, time(NULL), (unsigned long)total_size,  
794 - real_filename, (flags & BLOCK_FLAG_COMPAT6 ? 6 : 4), total_size / (63 * 16)); 794 + snprintf(desc, sizeof(desc), desc_template, time(NULL), (unsigned long)total_size,
  795 + real_filename, (flags & BLOCK_FLAG_COMPAT6 ? 6 : 4), total_size / (63 * 16));
795 796
796 /* write the descriptor */ 797 /* write the descriptor */
797 lseek(fd, le64_to_cpu(header.desc_offset) << 9, SEEK_SET); 798 lseek(fd, le64_to_cpu(header.desc_offset) << 9, SEEK_SET);
block-vvfat.c
  View file @363a37d
@@ -1733,7 +1733,7 @@ static int check_directory_consistency(BDRVVVFATState *s, @@ -1733,7 +1733,7 @@ static int check_directory_consistency(BDRVVVFATState *s,
1733 char path2[PATH_MAX]; 1733 char path2[PATH_MAX];
1734 1734
1735 assert(path_len < PATH_MAX); /* len was tested before! */ 1735 assert(path_len < PATH_MAX); /* len was tested before! */
1736 - strcpy(path2, path); 1736 + pstrcpy(path2, sizeof(path2), path);
1737 path2[path_len] = '/'; 1737 path2[path_len] = '/';
1738 path2[path_len + 1] = '\0'; 1738 path2[path_len + 1] = '\0';
1739 1739
@@ -1807,7 +1807,8 @@ DLOG(fprintf(stderr, &quot;check direntry %d: \n&quot;, i); print_direntry(direntries + i) @@ -1807,7 +1807,8 @@ DLOG(fprintf(stderr, &quot;check direntry %d: \n&quot;, i); print_direntry(direntries + i)
1807 fprintf(stderr, "Name too long: %s/%s\n", path, lfn.name); 1807 fprintf(stderr, "Name too long: %s/%s\n", path, lfn.name);
1808 goto fail; 1808 goto fail;
1809 } 1809 }
1810 - strcpy(path2 + path_len + 1, (char*)lfn.name); 1810 + pstrcpy(path2 + path_len + 1, sizeof(path2) - path_len - 1,
  1811 + (char*)lfn.name);
1811 1812
1812 if (is_directory(direntries + i)) { 1813 if (is_directory(direntries + i)) {
1813 if (begin_of_direntry(direntries + i) == 0) { 1814 if (begin_of_direntry(direntries + i) == 0) {
@@ -2372,8 +2373,9 @@ static int handle_renames_and_mkdirs(BDRVVVFATState* s) @@ -2372,8 +2373,9 @@ static int handle_renames_and_mkdirs(BDRVVVFATState* s)
2372 2373
2373 assert(!strncmp(m->path, mapping->path, l2)); 2374 assert(!strncmp(m->path, mapping->path, l2));
2374 2375
2375 - strcpy(new_path, mapping->path);  
2376 - strcpy(new_path + l1, m->path + l2); 2376 + pstrcpy(new_path, l + diff + 1, mapping->path);
  2377 + pstrcpy(new_path + l1, l + diff + 1 - l1,
  2378 + m->path + l2);
2377 2379
2378 schedule_rename(s, m->begin, new_path); 2380 schedule_rename(s, m->begin, new_path);
2379 } 2381 }
dis-asm.h
  View file @363a37d
@@ -20,6 +20,7 @@ typedef uint64_t bfd_vma; @@ -20,6 +20,7 @@ typedef uint64_t bfd_vma;
20 typedef int64_t bfd_signed_vma; 20 typedef int64_t bfd_signed_vma;
21 typedef uint8_t bfd_byte; 21 typedef uint8_t bfd_byte;
22 #define sprintf_vma(s,x) sprintf (s, "%0" PRIx64, x) 22 #define sprintf_vma(s,x) sprintf (s, "%0" PRIx64, x)
  23 +#define snprintf_vma(s,ss,x) snprintf (s, ss, "%0" PRIx64, x)
23 24
24 #define BFD64 25 #define BFD64
25 26
gdbstub.c
  View file @363a37d
@@ -1173,10 +1173,10 @@ static int gdb_handle_packet(GDBState *s, CPUState *env, const char *line_buf) @@ -1173,10 +1173,10 @@ static int gdb_handle_packet(GDBState *s, CPUState *env, const char *line_buf)
1173 /* parse any 'q' packets here */ 1173 /* parse any 'q' packets here */
1174 if (!strcmp(p,"qemu.sstepbits")) { 1174 if (!strcmp(p,"qemu.sstepbits")) {
1175 /* Query Breakpoint bit definitions */ 1175 /* Query Breakpoint bit definitions */
1176 - sprintf(buf,"ENABLE=%x,NOIRQ=%x,NOTIMER=%x",  
1177 - SSTEP_ENABLE,  
1178 - SSTEP_NOIRQ,  
1179 - SSTEP_NOTIMER); 1176 + snprintf(buf, sizeof(buf), "ENABLE=%x,NOIRQ=%x,NOTIMER=%x",
  1177 + SSTEP_ENABLE,
  1178 + SSTEP_NOIRQ,
  1179 + SSTEP_NOTIMER);
1180 put_packet(s, buf); 1180 put_packet(s, buf);
1181 break; 1181 break;
1182 } else if (strncmp(p,"qemu.sstep",10) == 0) { 1182 } else if (strncmp(p,"qemu.sstep",10) == 0) {
@@ -1184,7 +1184,7 @@ static int gdb_handle_packet(GDBState *s, CPUState *env, const char *line_buf) @@ -1184,7 +1184,7 @@ static int gdb_handle_packet(GDBState *s, CPUState *env, const char *line_buf)
1184 p += 10; 1184 p += 10;
1185 if (*p != '=') { 1185 if (*p != '=') {
1186 /* Display current setting */ 1186 /* Display current setting */
1187 - sprintf(buf,"0x%x", sstep_flags); 1187 + snprintf(buf, sizeof(buf), "0x%x", sstep_flags);
1188 put_packet(s, buf); 1188 put_packet(s, buf);
1189 break; 1189 break;
1190 } 1190 }
@@ -1198,12 +1198,12 @@ static int gdb_handle_packet(GDBState *s, CPUState *env, const char *line_buf) @@ -1198,12 +1198,12 @@ static int gdb_handle_packet(GDBState *s, CPUState *env, const char *line_buf)
1198 else if (strncmp(p, "Offsets", 7) == 0) { 1198 else if (strncmp(p, "Offsets", 7) == 0) {
1199 TaskState *ts = env->opaque; 1199 TaskState *ts = env->opaque;
1200 1200
1201 - sprintf(buf,  
1202 - "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx  
1203 - ";Bss=" TARGET_ABI_FMT_lx,  
1204 - ts->info->code_offset,  
1205 - ts->info->data_offset,  
1206 - ts->info->data_offset); 1201 + snprintf(buf, sizeof(buf),
  1202 + "Text=" TARGET_ABI_FMT_lx ";Data=" TARGET_ABI_FMT_lx
  1203 + ";Bss=" TARGET_ABI_FMT_lx,
  1204 + ts->info->code_offset,
  1205 + ts->info->data_offset,
  1206 + ts->info->data_offset);
1207 put_packet(s, buf); 1207 put_packet(s, buf);
1208 break; 1208 break;
1209 } 1209 }
@@ -1286,17 +1286,18 @@ void gdb_do_syscall(gdb_syscall_complete_cb cb, char *fmt, ...) @@ -1286,17 +1286,18 @@ void gdb_do_syscall(gdb_syscall_complete_cb cb, char *fmt, ...)
1286 switch (*fmt++) { 1286 switch (*fmt++) {
1287 case 'x': 1287 case 'x':
1288 addr = va_arg(va, target_ulong); 1288 addr = va_arg(va, target_ulong);
1289 - p += sprintf(p, TARGET_FMT_lx, addr); 1289 + p += snprintf(p, &buf[sizeof(buf)] - p, TARGET_FMT_lx, addr);
1290 break; 1290 break;
1291 case 'l': 1291 case 'l':
1292 if (*(fmt++) != 'x') 1292 if (*(fmt++) != 'x')
1293 goto bad_format; 1293 goto bad_format;
1294 i64 = va_arg(va, uint64_t); 1294 i64 = va_arg(va, uint64_t);
1295 - p += sprintf(p, "%" PRIx64, i64); 1295 + p += snprintf(p, &buf[sizeof(buf)] - p, "%" PRIx64, i64);
1296 break; 1296 break;
1297 case 's': 1297 case 's':
1298 addr = va_arg(va, target_ulong); 1298 addr = va_arg(va, target_ulong);
1299 - p += sprintf(p, TARGET_FMT_lx "/%x", addr, va_arg(va, int)); 1299 + p += snprintf(p, &buf[sizeof(buf)] - p, TARGET_FMT_lx "/%x",
  1300 + addr, va_arg(va, int));
1300 break; 1301 break;
1301 default: 1302 default:
1302 bad_format: 1303 bad_format:
hw/sun4m.c
  View file @363a37d
@@ -159,7 +159,8 @@ static int nvram_boot_set(void *opaque, const char *boot_device) @@ -159,7 +159,8 @@ static int nvram_boot_set(void *opaque, const char *boot_device)
159 for (i = 0; i < sizeof(image); i++) 159 for (i = 0; i < sizeof(image); i++)
160 image[i] = m48t59_read(nvram, i) & 0xff; 160 image[i] = m48t59_read(nvram, i) & 0xff;
161 161
162 - strcpy((char *)header->boot_devices, boot_device); 162 + pstrcpy((char *)header->boot_devices, sizeof(header->boot_devices),
  163 + boot_device);
163 header->nboot_devices = strlen(boot_device) & 0xff; 164 header->nboot_devices = strlen(boot_device) & 0xff;
164 header->crc = cpu_to_be16(OHW_compute_crc(header, 0x00, 0xF8)); 165 header->crc = cpu_to_be16(OHW_compute_crc(header, 0x00, 0xF8));
165 166
@@ -187,17 +188,19 @@ static void nvram_init(m48t59_t *nvram, uint8_t *macaddr, const char *cmdline, @@ -187,17 +188,19 @@ static void nvram_init(m48t59_t *nvram, uint8_t *macaddr, const char *cmdline,
187 memset(image, '\0', sizeof(image)); 188 memset(image, '\0', sizeof(image));
188 189
189 // Try to match PPC NVRAM 190 // Try to match PPC NVRAM
190 - strcpy((char *)header->struct_ident, "QEMU_BIOS"); 191 + pstrcpy((char *)header->struct_ident, sizeof(header->struct_ident),
  192 + "QEMU_BIOS");
191 header->struct_version = cpu_to_be32(3); /* structure v3 */ 193 header->struct_version = cpu_to_be32(3); /* structure v3 */
192 194
193 header->nvram_size = cpu_to_be16(0x2000); 195 header->nvram_size = cpu_to_be16(0x2000);
194 header->nvram_arch_ptr = cpu_to_be16(sizeof(ohwcfg_v3_t)); 196 header->nvram_arch_ptr = cpu_to_be16(sizeof(ohwcfg_v3_t));
195 header->nvram_arch_size = cpu_to_be16(sizeof(struct sparc_arch_cfg)); 197 header->nvram_arch_size = cpu_to_be16(sizeof(struct sparc_arch_cfg));
196 - strcpy((char *)header->arch, arch); 198 + pstrcpy((char *)header->arch, sizeof(header->arch), arch);
197 header->nb_cpus = smp_cpus & 0xff; 199 header->nb_cpus = smp_cpus & 0xff;
198 header->RAM0_base = 0; 200 header->RAM0_base = 0;
199 header->RAM0_size = cpu_to_be64((uint64_t)RAM_size); 201 header->RAM0_size = cpu_to_be64((uint64_t)RAM_size);
200 - strcpy((char *)header->boot_devices, boot_devices); 202 + pstrcpy((char *)header->boot_devices, sizeof(header->boot_devices),
  203 + boot_devices);
201 header->nboot_devices = strlen(boot_devices) & 0xff; 204 header->nboot_devices = strlen(boot_devices) & 0xff;
202 header->kernel_image = cpu_to_be64((uint64_t)KERNEL_LOAD_ADDR); 205 header->kernel_image = cpu_to_be64((uint64_t)KERNEL_LOAD_ADDR);
203 header->kernel_size = cpu_to_be64((uint64_t)kernel_size); 206 header->kernel_size = cpu_to_be64((uint64_t)kernel_size);
@@ -225,7 +228,7 @@ static void nvram_init(m48t59_t *nvram, uint8_t *macaddr, const char *cmdline, @@ -225,7 +228,7 @@ static void nvram_init(m48t59_t *nvram, uint8_t *macaddr, const char *cmdline,
225 // Variable partition 228 // Variable partition
226 part_header = (struct OpenBIOS_nvpart_v1 *)&image[start]; 229 part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
227 part_header->signature = OPENBIOS_PART_SYSTEM; 230 part_header->signature = OPENBIOS_PART_SYSTEM;
228 - strcpy(part_header->name, "system"); 231 + pstrcpy(part_header->name, sizeof(part_header->name), "system");
229 232
230 end = start + sizeof(struct OpenBIOS_nvpart_v1); 233 end = start + sizeof(struct OpenBIOS_nvpart_v1);
231 for (i = 0; i < nb_prom_envs; i++) 234 for (i = 0; i < nb_prom_envs; i++)
@@ -241,7 +244,7 @@ static void nvram_init(m48t59_t *nvram, uint8_t *macaddr, const char *cmdline, @@ -241,7 +244,7 @@ static void nvram_init(m48t59_t *nvram, uint8_t *macaddr, const char *cmdline,
241 start = end; 244 start = end;
242 part_header = (struct OpenBIOS_nvpart_v1 *)&image[start]; 245 part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
243 part_header->signature = OPENBIOS_PART_FREE; 246 part_header->signature = OPENBIOS_PART_FREE;
244 - strcpy(part_header->name, "free"); 247 + pstrcpy(part_header->name, sizeof(part_header->name), "free");
245 248
246 end = 0x1fd0; 249 end = 0x1fd0;
247 OpenBIOS_finish_partition(part_header, end - start); 250 OpenBIOS_finish_partition(part_header, end - start);
hw/sun4u.c
  View file @363a37d
@@ -82,7 +82,8 @@ static int nvram_boot_set(void *opaque, const char *boot_device) @@ -82,7 +82,8 @@ static int nvram_boot_set(void *opaque, const char *boot_device)
82 for (i = 0; i < sizeof(image); i++) 82 for (i = 0; i < sizeof(image); i++)
83 image[i] = m48t59_read(nvram, i) & 0xff; 83 image[i] = m48t59_read(nvram, i) & 0xff;
84 84
85 - strcpy((char *)header->boot_devices, boot_device); 85 + pstrcpy((char *)header->boot_devices, sizeof(header->boot_devices),
  86 + boot_device);
86 header->nboot_devices = strlen(boot_device) & 0xff; 87 header->nboot_devices = strlen(boot_device) & 0xff;
87 header->crc = cpu_to_be16(OHW_compute_crc(header, 0x00, 0xF8)); 88 header->crc = cpu_to_be16(OHW_compute_crc(header, 0x00, 0xF8));
88 89
@@ -115,17 +116,19 @@ static int sun4u_NVRAM_set_params (m48t59_t *nvram, uint16_t NVRAM_size, @@ -115,17 +116,19 @@ static int sun4u_NVRAM_set_params (m48t59_t *nvram, uint16_t NVRAM_size,
115 memset(image, '\0', sizeof(image)); 116 memset(image, '\0', sizeof(image));
116 117
117 // Try to match PPC NVRAM 118 // Try to match PPC NVRAM
118 - strcpy((char *)header->struct_ident, "QEMU_BIOS"); 119 + pstrcpy((char *)header->struct_ident, sizeof(header->struct_ident),
  120 + "QEMU_BIOS");
119 header->struct_version = cpu_to_be32(3); /* structure v3 */ 121 header->struct_version = cpu_to_be32(3); /* structure v3 */
120 122
121 header->nvram_size = cpu_to_be16(NVRAM_size); 123 header->nvram_size = cpu_to_be16(NVRAM_size);
122 header->nvram_arch_ptr = cpu_to_be16(sizeof(ohwcfg_v3_t)); 124 header->nvram_arch_ptr = cpu_to_be16(sizeof(ohwcfg_v3_t));
123 header->nvram_arch_size = cpu_to_be16(sizeof(struct sparc_arch_cfg)); 125 header->nvram_arch_size = cpu_to_be16(sizeof(struct sparc_arch_cfg));
124 - strcpy((char *)header->arch, arch); 126 + pstrcpy((char *)header->arch, sizeof(header->arch), arch);
125 header->nb_cpus = smp_cpus & 0xff; 127 header->nb_cpus = smp_cpus & 0xff;
126 header->RAM0_base = 0; 128 header->RAM0_base = 0;
127 header->RAM0_size = cpu_to_be64((uint64_t)RAM_size); 129 header->RAM0_size = cpu_to_be64((uint64_t)RAM_size);
128 - strcpy((char *)header->boot_devices, boot_devices); 130 + pstrcpy((char *)header->boot_devices, sizeof(header->boot_devices),
  131 + boot_devices);
129 header->nboot_devices = strlen(boot_devices) & 0xff; 132 header->nboot_devices = strlen(boot_devices) & 0xff;
130 header->kernel_image = cpu_to_be64((uint64_t)kernel_image); 133 header->kernel_image = cpu_to_be64((uint64_t)kernel_image);
131 header->kernel_size = cpu_to_be64((uint64_t)kernel_size); 134 header->kernel_size = cpu_to_be64((uint64_t)kernel_size);
@@ -156,7 +159,7 @@ static int sun4u_NVRAM_set_params (m48t59_t *nvram, uint16_t NVRAM_size, @@ -156,7 +159,7 @@ static int sun4u_NVRAM_set_params (m48t59_t *nvram, uint16_t NVRAM_size,
156 // Variable partition 159 // Variable partition
157 part_header = (struct OpenBIOS_nvpart_v1 *)&image[start]; 160 part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
158 part_header->signature = OPENBIOS_PART_SYSTEM; 161 part_header->signature = OPENBIOS_PART_SYSTEM;
159 - strcpy(part_header->name, "system"); 162 + pstrcpy(part_header->name, sizeof(part_header->name), "system");
160 163
161 end = start + sizeof(struct OpenBIOS_nvpart_v1); 164 end = start + sizeof(struct OpenBIOS_nvpart_v1);
162 for (i = 0; i < nb_prom_envs; i++) 165 for (i = 0; i < nb_prom_envs; i++)
@@ -172,7 +175,7 @@ static int sun4u_NVRAM_set_params (m48t59_t *nvram, uint16_t NVRAM_size, @@ -172,7 +175,7 @@ static int sun4u_NVRAM_set_params (m48t59_t *nvram, uint16_t NVRAM_size,
172 start = end; 175 start = end;
173 part_header = (struct OpenBIOS_nvpart_v1 *)&image[start]; 176 part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
174 part_header->signature = OPENBIOS_PART_FREE; 177 part_header->signature = OPENBIOS_PART_FREE;
175 - strcpy(part_header->name, "free"); 178 + pstrcpy(part_header->name, sizeof(part_header->name), "free");
176 179
177 end = 0x1fd0; 180 end = 0x1fd0;
178 OpenBIOS_finish_partition(part_header, end - start); 181 OpenBIOS_finish_partition(part_header, end - start);
hw/usb-net.c
  View file @363a37d
@@ -625,7 +625,8 @@ typedef struct USBNetState { @@ -625,7 +625,8 @@ typedef struct USBNetState {
625 } USBNetState; 625 } USBNetState;
626 626
627 static int ndis_query(USBNetState *s, uint32_t oid, 627 static int ndis_query(USBNetState *s, uint32_t oid,
628 - uint8_t *inbuf, unsigned int inlen, uint8_t *outbuf) 628 + uint8_t *inbuf, unsigned int inlen, uint8_t *outbuf,
  629 + size_t outlen)
629 { 630 {
630 unsigned int i, count; 631 unsigned int i, count;
631 632
@@ -680,7 +681,7 @@ static int ndis_query(USBNetState *s, uint32_t oid, @@ -680,7 +681,7 @@ static int ndis_query(USBNetState *s, uint32_t oid,
680 681
681 /* mandatory */ 682 /* mandatory */
682 case OID_GEN_VENDOR_DESCRIPTION: 683 case OID_GEN_VENDOR_DESCRIPTION:
683 - strcpy(outbuf, "QEMU USB RNDIS Net"); 684 + pstrcpy(outbuf, outlen, "QEMU USB RNDIS Net");
684 return strlen(outbuf) + 1; 685 return strlen(outbuf) + 1;
685 686
686 case OID_GEN_VENDOR_DRIVER_VERSION: 687 case OID_GEN_VENDOR_DRIVER_VERSION:
@@ -882,7 +883,8 @@ static int rndis_query_response(USBNetState *s, @@ -882,7 +883,8 @@ static int rndis_query_response(USBNetState *s,
882 return USB_RET_STALL; 883 return USB_RET_STALL;
883 884
884 infobuflen = ndis_query(s, le32_to_cpu(buf->OID), 885 infobuflen = ndis_query(s, le32_to_cpu(buf->OID),
885 - bufoffs + (uint8_t *) buf, buflen, infobuf); 886 + bufoffs + (uint8_t *) buf, buflen, infobuf,
  887 + sizeof(infobuf));
886 resplen = sizeof(rndis_query_cmplt_type) + 888 resplen = sizeof(rndis_query_cmplt_type) +
887 ((infobuflen < 0) ? 0 : infobuflen); 889 ((infobuflen < 0) ? 0 : infobuflen);
888 resp = rndis_queue_response(s, resplen); 890 resp = rndis_queue_response(s, resplen);
hw/vga.c
  View file @363a37d
@@ -1726,7 +1726,8 @@ static void vga_update_text(void *opaque, console_ch_t *chardata) @@ -1726,7 +1726,8 @@ static void vga_update_text(void *opaque, console_ch_t *chardata)
1726 if (!full_update) 1726 if (!full_update)
1727 return; 1727 return;
1728 1728
1729 - sprintf(msg_buffer, "%i x %i Text mode", width, height); 1729 + snprintf(msg_buffer, sizeof(msg_buffer), "%i x %i Text mode",
  1730 + width, height);
1730 break; 1731 break;
1731 } 1732 }
1732 1733
@@ -1799,14 +1800,15 @@ static void vga_update_text(void *opaque, console_ch_t *chardata) @@ -1799,14 +1800,15 @@ static void vga_update_text(void *opaque, console_ch_t *chardata)
1799 return; 1800 return;
1800 1801
1801 s->get_resolution(s, &width, &height); 1802 s->get_resolution(s, &width, &height);
1802 - sprintf(msg_buffer, "%i x %i Graphic mode", width, height); 1803 + snprintf(msg_buffer, sizeof(msg_buffer), "%i x %i Graphic mode",
  1804 + width, height);
1803 break; 1805 break;
1804 case GMODE_BLANK: 1806 case GMODE_BLANK:
1805 default: 1807 default:
1806 if (!full_update) 1808 if (!full_update)
1807 return; 1809 return;
1808 1810
1809 - sprintf(msg_buffer, "VGA Blank mode"); 1811 + snprintf(msg_buffer, sizeof(msg_buffer), "VGA Blank mode");
1810 break; 1812 break;
1811 } 1813 }
1812 1814
i386-dis.c
  View file @363a37d
@@ -37,6 +37,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ @@ -37,6 +37,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */
37 37
38 #include <stdlib.h> 38 #include <stdlib.h>
39 #include "dis-asm.h" 39 #include "dis-asm.h"
  40 +#include "qemu-common.h"
40 41
41 #define MAXLEN 20 42 #define MAXLEN 20
42 43
@@ -59,7 +60,8 @@ static int putop PARAMS ((const char *, int)); @@ -59,7 +60,8 @@ static int putop PARAMS ((const char *, int));
59 static void oappend PARAMS ((const char *)); 60 static void oappend PARAMS ((const char *));
60 static void append_seg PARAMS ((void)); 61 static void append_seg PARAMS ((void));
61 static void OP_indirE PARAMS ((int, int)); 62 static void OP_indirE PARAMS ((int, int));
62 -static void print_operand_value PARAMS ((char *, int, bfd_vma)); 63 +static void print_operand_value (char *buf, size_t bufsize, int hex,
  64 + bfd_vma disp);
63 static void OP_E PARAMS ((int, int)); 65 static void OP_E PARAMS ((int, int));
64 static void OP_G PARAMS ((int, int)); 66 static void OP_G PARAMS ((int, int));
65 static bfd_vma get64 PARAMS ((void)); 67 static bfd_vma get64 PARAMS ((void));
@@ -2512,7 +2514,7 @@ dofloat (sizeflag) @@ -2512,7 +2514,7 @@ dofloat (sizeflag)
2512 2514
2513 /* Instruction fnstsw is only one with strange arg. */ 2515 /* Instruction fnstsw is only one with strange arg. */
2514 if (floatop == 0xdf && codep[-1] == 0xe0) 2516 if (floatop == 0xdf && codep[-1] == 0xe0)
2515 - strcpy (op1out, names16[0]); 2517 + pstrcpy (op1out, sizeof(op1out), names16[0]);
2516 } 2518 }
2517 else 2519 else
2518 { 2520 {
@@ -2540,7 +2542,7 @@ OP_STi (bytemode, sizeflag) @@ -2540,7 +2542,7 @@ OP_STi (bytemode, sizeflag)
2540 int bytemode; 2542 int bytemode;
2541 int sizeflag; 2543 int sizeflag;
2542 { 2544 {
2543 - sprintf (scratchbuf, "%%st(%d)", rm); 2545 + snprintf (scratchbuf, sizeof(scratchbuf), "%%st(%d)", rm);
2544 oappend (scratchbuf + intel_syntax); 2546 oappend (scratchbuf + intel_syntax);
2545 } 2547 }
2546 2548
@@ -2573,7 +2575,7 @@ putop (template, sizeflag) @@ -2573,7 +2575,7 @@ putop (template, sizeflag)
2573 if (*p == '}') 2575 if (*p == '}')
2574 { 2576 {
2575 /* Alternative not valid. */ 2577 /* Alternative not valid. */
2576 - strcpy (obuf, "(bad)"); 2578 + pstrcpy (obuf, sizeof(obuf), "(bad)");
2577 obufp = obuf + 5; 2579 obufp = obuf + 5;
2578 return 1; 2580 return 1;
2579 } 2581 }
@@ -2824,7 +2826,7 @@ static void @@ -2824,7 +2826,7 @@ static void
2824 oappend (s) 2826 oappend (s)
2825 const char *s; 2827 const char *s;
2826 { 2828 {
2827 - strcpy (obufp, s); 2829 + pstrcpy (obufp, (size_t)(obufp - obuf), s);
2828 obufp += strlen (s); 2830 obufp += strlen (s);
2829 } 2831 }
2830 2832
@@ -2874,10 +2876,7 @@ OP_indirE (bytemode, sizeflag) @@ -2874,10 +2876,7 @@ OP_indirE (bytemode, sizeflag)
2874 } 2876 }
2875 2877
2876 static void 2878 static void
2877 -print_operand_value (buf, hex, disp)  
2878 - char *buf;  
2879 - int hex;  
2880 - bfd_vma disp; 2879 +print_operand_value (char *buf, size_t bufsize, int hex, bfd_vma disp)
2881 { 2880 {
2882 if (mode_64bit) 2881 if (mode_64bit)
2883 { 2882 {
@@ -2887,9 +2886,9 @@ print_operand_value (buf, hex, disp) @@ -2887,9 +2886,9 @@ print_operand_value (buf, hex, disp)
2887 int i; 2886 int i;
2888 buf[0] = '0'; 2887 buf[0] = '0';
2889 buf[1] = 'x'; 2888 buf[1] = 'x';
2890 - sprintf_vma (tmp, disp); 2889 + snprintf_vma (tmp, sizeof(tmp), disp);
2891 for (i = 0; tmp[i] == '0' && tmp[i + 1]; i++); 2890 for (i = 0; tmp[i] == '0' && tmp[i + 1]; i++);
2892 - strcpy (buf + 2, tmp + i); 2891 + pstrcpy (buf + 2, bufsize - 2, tmp + i);
2893 } 2892 }
2894 else 2893 else
2895 { 2894 {
@@ -2903,13 +2902,13 @@ print_operand_value (buf, hex, disp) @@ -2903,13 +2902,13 @@ print_operand_value (buf, hex, disp)
2903 /* Check for possible overflow on 0x8000000000000000. */ 2902 /* Check for possible overflow on 0x8000000000000000. */
2904 if (v < 0) 2903 if (v < 0)
2905 { 2904 {
2906 - strcpy (buf, "9223372036854775808"); 2905 + pstrcpy (buf, bufsize, "9223372036854775808");
2907 return; 2906 return;
2908 } 2907 }
2909 } 2908 }
2910 if (!v) 2909 if (!v)
2911 { 2910 {
2912 - strcpy (buf, "0"); 2911 + pstrcpy (buf, bufsize, "0");
2913 return; 2912 return;
2914 } 2913 }
2915 2914
@@ -2921,15 +2920,15 @@ print_operand_value (buf, hex, disp) @@ -2921,15 +2920,15 @@ print_operand_value (buf, hex, disp)
2921 v /= 10; 2920 v /= 10;
2922 i++; 2921 i++;
2923 } 2922 }
2924 - strcpy (buf, tmp + 29 - i); 2923 + pstrcpy (buf, bufsize, tmp + 29 - i);
2925 } 2924 }
2926 } 2925 }
2927 else 2926 else
2928 { 2927 {
2929 if (hex) 2928 if (hex)
2930 - sprintf (buf, "0x%x", (unsigned int) disp); 2929 + snprintf (buf, bufsize, "0x%x", (unsigned int) disp);
2931 else 2930 else
2932 - sprintf (buf, "%d", (int) disp); 2931 + snprintf (buf, bufsize, "%d", (int) disp);
2933 } 2932 }
2934 } 2933 }
2935 2934
@@ -3054,7 +3053,7 @@ OP_E (bytemode, sizeflag) @@ -3054,7 +3053,7 @@ OP_E (bytemode, sizeflag)
3054 if (!intel_syntax) 3053 if (!intel_syntax)
3055 if (mod != 0 || (base & 7) == 5) 3054 if (mod != 0 || (base & 7) == 5)
3056 { 3055 {
3057 - print_operand_value (scratchbuf, !riprel, disp); 3056 + print_operand_value (scratchbuf, sizeof(scratchbuf), !riprel, disp);
3058 oappend (scratchbuf); 3057 oappend (scratchbuf);
3059 if (riprel) 3058 if (riprel)
3060 { 3059 {
@@ -3115,14 +3114,14 @@ OP_E (bytemode, sizeflag) @@ -3115,14 +3114,14 @@ OP_E (bytemode, sizeflag)
3115 *obufp++ = separator_char; 3114 *obufp++ = separator_char;
3116 *obufp = '\0'; 3115 *obufp = '\0';
3117 } 3116 }
3118 - sprintf (scratchbuf, "%s",  
3119 - mode_64bit && (sizeflag & AFLAG)  
3120 - ? names64[index] : names32[index]); 3117 + snprintf (scratchbuf, sizeof(scratchbuf), "%s",
  3118 + mode_64bit && (sizeflag & AFLAG)
  3119 + ? names64[index] : names32[index]);
3121 } 3120 }
3122 else 3121 else
3123 - sprintf (scratchbuf, ",%s",  
3124 - mode_64bit && (sizeflag & AFLAG)  
3125 - ? names64[index] : names32[index]); 3122 + snprintf (scratchbuf, sizeof(scratchbuf), ",%s",
  3123 + mode_64bit && (sizeflag & AFLAG)
  3124 + ? names64[index] : names32[index]);
3126 oappend (scratchbuf); 3125 oappend (scratchbuf);
3127 } 3126 }
3128 if (!intel_syntax 3127 if (!intel_syntax
@@ -3133,7 +3132,7 @@ OP_E (bytemode, sizeflag) @@ -3133,7 +3132,7 @@ OP_E (bytemode, sizeflag)
3133 { 3132 {
3134 *obufp++ = scale_char; 3133 *obufp++ = scale_char;
3135 *obufp = '\0'; 3134 *obufp = '\0';
3136 - sprintf (scratchbuf, "%d", 1 << scale); 3135 + snprintf (scratchbuf, sizeof(scratchbuf), "%d", 1 << scale);
3137 oappend (scratchbuf); 3136 oappend (scratchbuf);
3138 } 3137 }
3139 } 3138 }
@@ -3149,7 +3148,8 @@ OP_E (bytemode, sizeflag) @@ -3149,7 +3148,8 @@ OP_E (bytemode, sizeflag)
3149 *obufp = '\0'; 3148 *obufp = '\0';
3150 } 3149 }
3151 3150
3152 - print_operand_value (scratchbuf, 0, disp); 3151 + print_operand_value (scratchbuf, sizeof(scratchbuf), 0,
  3152 + disp);
3153 oappend (scratchbuf); 3153 oappend (scratchbuf);
3154 } 3154 }
3155 } 3155 }
@@ -3169,7 +3169,7 @@ OP_E (bytemode, sizeflag) @@ -3169,7 +3169,7 @@ OP_E (bytemode, sizeflag)
3169 oappend (names_seg[ds_reg - es_reg]); 3169 oappend (names_seg[ds_reg - es_reg]);
3170 oappend (":"); 3170 oappend (":");
3171 } 3171 }
3172 - print_operand_value (scratchbuf, 1, disp); 3172 + print_operand_value (scratchbuf, sizeof(scratchbuf), 1, disp);
3173 oappend (scratchbuf); 3173 oappend (scratchbuf);
3174 } 3174 }
3175 } 3175 }
@@ -3202,7 +3202,7 @@ OP_E (bytemode, sizeflag) @@ -3202,7 +3202,7 @@ OP_E (bytemode, sizeflag)
3202 if (!intel_syntax) 3202 if (!intel_syntax)
3203 if (mod != 0 || (rm & 7) == 6) 3203 if (mod != 0 || (rm & 7) == 6)
3204 { 3204 {
3205 - print_operand_value (scratchbuf, 0, disp); 3205 + print_operand_value (scratchbuf, sizeof(scratchbuf), 0, disp);
3206 oappend (scratchbuf); 3206 oappend (scratchbuf);
3207 } 3207 }
3208 3208
@@ -3504,7 +3504,7 @@ OP_I (bytemode, sizeflag) @@ -3504,7 +3504,7 @@ OP_I (bytemode, sizeflag)
3504 3504
3505 op &= mask; 3505 op &= mask;
3506 scratchbuf[0] = '$'; 3506 scratchbuf[0] = '$';
3507 - print_operand_value (scratchbuf + 1, 1, op); 3507 + print_operand_value (scratchbuf + 1, sizeof(scratchbuf) - 1, 1, op);
3508 oappend (scratchbuf + intel_syntax); 3508 oappend (scratchbuf + intel_syntax);
3509 scratchbuf[0] = '\0'; 3509 scratchbuf[0] = '\0';
3510 } 3510 }
@@ -3557,7 +3557,7 @@ OP_I64 (bytemode, sizeflag) @@ -3557,7 +3557,7 @@ OP_I64 (bytemode, sizeflag)
3557 3557
3558 op &= mask; 3558 op &= mask;
3559 scratchbuf[0] = '$'; 3559 scratchbuf[0] = '$';
3560 - print_operand_value (scratchbuf + 1, 1, op); 3560 + print_operand_value (scratchbuf + 1, sizeof(scratchbuf) - 1, 1, op);
3561 oappend (scratchbuf + intel_syntax); 3561 oappend (scratchbuf + intel_syntax);
3562 scratchbuf[0] = '\0'; 3562 scratchbuf[0] = '\0';
3563 } 3563 }
@@ -3609,7 +3609,7 @@ OP_sI (bytemode, sizeflag) @@ -3609,7 +3609,7 @@ OP_sI (bytemode, sizeflag)
3609 } 3609 }
3610 3610
3611 scratchbuf[0] = '$'; 3611 scratchbuf[0] = '$';
3612 - print_operand_value (scratchbuf + 1, 1, op); 3612 + print_operand_value (scratchbuf + 1, sizeof(scratchbuf) - 1, 1, op);
3613 oappend (scratchbuf + intel_syntax); 3613 oappend (scratchbuf + intel_syntax);
3614 } 3614 }
3615 3615
@@ -3647,7 +3647,7 @@ OP_J (bytemode, sizeflag) @@ -3647,7 +3647,7 @@ OP_J (bytemode, sizeflag)
3647 } 3647 }
3648 disp = (start_pc + codep - start_codep + disp) & mask; 3648 disp = (start_pc + codep - start_codep + disp) & mask;
3649 set_op (disp, 0); 3649 set_op (disp, 0);
3650 - print_operand_value (scratchbuf, 1, disp); 3650 + print_operand_value (scratchbuf, sizeof(scratchbuf), 1, disp);
3651 oappend (scratchbuf); 3651 oappend (scratchbuf);
3652 } 3652 }
3653 3653
@@ -3678,9 +3678,9 @@ OP_DIR (dummy, sizeflag) @@ -3678,9 +3678,9 @@ OP_DIR (dummy, sizeflag)
3678 } 3678 }
3679 used_prefixes |= (prefixes & PREFIX_DATA); 3679 used_prefixes |= (prefixes & PREFIX_DATA);
3680 if (intel_syntax) 3680 if (intel_syntax)
3681 - sprintf (scratchbuf, "0x%x,0x%x", seg, offset); 3681 + snprintf (scratchbuf, sizeof(scratchbuf), "0x%x,0x%x", seg, offset);
3682 else 3682 else
3683 - sprintf (scratchbuf, "$0x%x,$0x%x", seg, offset); 3683 + snprintf (scratchbuf, sizeof(scratchbuf), "$0x%x,$0x%x", seg, offset);
3684 oappend (scratchbuf); 3684 oappend (scratchbuf);
3685 } 3685 }
3686 3686
@@ -3707,7 +3707,7 @@ OP_OFF (bytemode, sizeflag) @@ -3707,7 +3707,7 @@ OP_OFF (bytemode, sizeflag)
3707 oappend (":"); 3707 oappend (":");
3708 } 3708 }
3709 } 3709 }
3710 - print_operand_value (scratchbuf, 1, off); 3710 + print_operand_value (scratchbuf, sizeof(scratchbuf), 1, off);
3711 oappend (scratchbuf); 3711 oappend (scratchbuf);
3712 } 3712 }
3713 3713
@@ -3737,7 +3737,7 @@ OP_OFF64 (bytemode, sizeflag) @@ -3737,7 +3737,7 @@ OP_OFF64 (bytemode, sizeflag)
3737 oappend (":"); 3737 oappend (":");
3738 } 3738 }
3739 } 3739 }
3740 - print_operand_value (scratchbuf, 1, off); 3740 + print_operand_value (scratchbuf, sizeof(scratchbuf), 1, off);
3741 oappend (scratchbuf); 3741 oappend (scratchbuf);
3742 } 3742 }
3743 3743
@@ -3806,7 +3806,7 @@ OP_C (dummy, sizeflag) @@ -3806,7 +3806,7 @@ OP_C (dummy, sizeflag)
3806 USED_REX (REX_EXTX); 3806 USED_REX (REX_EXTX);
3807 if (rex & REX_EXTX) 3807 if (rex & REX_EXTX)
3808 add = 8; 3808 add = 8;
3809 - sprintf (scratchbuf, "%%cr%d", reg + add); 3809 + snprintf (scratchbuf, sizeof(scratchbuf), "%%cr%d", reg + add);
3810 oappend (scratchbuf + intel_syntax); 3810 oappend (scratchbuf + intel_syntax);
3811 } 3811 }
3812 3812
@@ -3820,9 +3820,9 @@ OP_D (dummy, sizeflag) @@ -3820,9 +3820,9 @@ OP_D (dummy, sizeflag)
3820 if (rex & REX_EXTX) 3820 if (rex & REX_EXTX)
3821 add = 8; 3821 add = 8;
3822 if (intel_syntax) 3822 if (intel_syntax)
3823 - sprintf (scratchbuf, "db%d", reg + add); 3823 + snprintf (scratchbuf, sizeof(scratchbuf), "db%d", reg + add);
3824 else 3824 else
3825 - sprintf (scratchbuf, "%%db%d", reg + add); 3825 + snprintf (scratchbuf, sizeof(scratchbuf), "%%db%d", reg + add);
3826 oappend (scratchbuf); 3826 oappend (scratchbuf);
3827 } 3827 }
3828 3828
@@ -3831,7 +3831,7 @@ OP_T (dummy, sizeflag) @@ -3831,7 +3831,7 @@ OP_T (dummy, sizeflag)
3831 int dummy; 3831 int dummy;
3832 int sizeflag; 3832 int sizeflag;
3833 { 3833 {
3834 - sprintf (scratchbuf, "%%tr%d", reg); 3834 + snprintf (scratchbuf, sizeof(scratchbuf), "%%tr%d", reg);
3835 oappend (scratchbuf + intel_syntax); 3835 oappend (scratchbuf + intel_syntax);
3836 } 3836 }
3837 3837
@@ -3857,9 +3857,9 @@ OP_MMX (bytemode, sizeflag) @@ -3857,9 +3857,9 @@ OP_MMX (bytemode, sizeflag)
3857 add = 8; 3857 add = 8;
3858 used_prefixes |= (prefixes & PREFIX_DATA); 3858 used_prefixes |= (prefixes & PREFIX_DATA);
3859 if (prefixes & PREFIX_DATA) 3859 if (prefixes & PREFIX_DATA)
3860 - sprintf (scratchbuf, "%%xmm%d", reg + add); 3860 + snprintf (scratchbuf, sizeof(scratchbuf), "%%xmm%d", reg + add);
3861 else 3861 else
3862 - sprintf (scratchbuf, "%%mm%d", reg + add); 3862 + snprintf (scratchbuf, sizeof(scratchbuf), "%%mm%d", reg + add);
3863 oappend (scratchbuf + intel_syntax); 3863 oappend (scratchbuf + intel_syntax);
3864 } 3864 }
3865 3865
@@ -3872,7 +3872,7 @@ OP_XMM (bytemode, sizeflag) @@ -3872,7 +3872,7 @@ OP_XMM (bytemode, sizeflag)
3872 USED_REX (REX_EXTX); 3872 USED_REX (REX_EXTX);
3873 if (rex & REX_EXTX) 3873 if (rex & REX_EXTX)
3874 add = 8; 3874 add = 8;
3875 - sprintf (scratchbuf, "%%xmm%d", reg + add); 3875 + snprintf (scratchbuf, sizeof(scratchbuf), "%%xmm%d", reg + add);
3876 oappend (scratchbuf + intel_syntax); 3876 oappend (scratchbuf + intel_syntax);
3877 } 3877 }
3878 3878
@@ -3896,9 +3896,9 @@ OP_EM (bytemode, sizeflag) @@ -3896,9 +3896,9 @@ OP_EM (bytemode, sizeflag)
3896 codep++; 3896 codep++;
3897 used_prefixes |= (prefixes & PREFIX_DATA); 3897 used_prefixes |= (prefixes & PREFIX_DATA);
3898 if (prefixes & PREFIX_DATA) 3898 if (prefixes & PREFIX_DATA)
3899 - sprintf (scratchbuf, "%%xmm%d", rm + add); 3899 + snprintf (scratchbuf, sizeof(scratchbuf), "%%xmm%d", rm + add);
3900 else 3900 else
3901 - sprintf (scratchbuf, "%%mm%d", rm + add); 3901 + snprintf (scratchbuf, sizeof(scratchbuf), "%%mm%d", rm + add);
3902 oappend (scratchbuf + intel_syntax); 3902 oappend (scratchbuf + intel_syntax);
3903 } 3903 }
3904 3904
@@ -3920,7 +3920,7 @@ OP_EX (bytemode, sizeflag) @@ -3920,7 +3920,7 @@ OP_EX (bytemode, sizeflag)
3920 /* Skip mod/rm byte. */ 3920 /* Skip mod/rm byte. */
3921 MODRM_CHECK; 3921 MODRM_CHECK;
3922 codep++; 3922 codep++;
3923 - sprintf (scratchbuf, "%%xmm%d", rm + add); 3923 + snprintf (scratchbuf, sizeof(scratchbuf), "%%xmm%d", rm + add);
3924 oappend (scratchbuf + intel_syntax); 3924 oappend (scratchbuf + intel_syntax);
3925 } 3925 }
3926 3926
@@ -4079,8 +4079,8 @@ OP_SIMD_Suffix (bytemode, sizeflag) @@ -4079,8 +4079,8 @@ OP_SIMD_Suffix (bytemode, sizeflag)
4079 suffix1 = 's', suffix2 = 'd'; 4079 suffix1 = 's', suffix2 = 'd';
4080 } 4080 }
4081 } 4081 }
4082 - sprintf (scratchbuf, "cmp%s%c%c",  
4083 - simd_cmp_op[cmp_type], suffix1, suffix2); 4082 + snprintf (scratchbuf, sizeof(scratchbuf), "cmp%s%c%c",
  4083 + simd_cmp_op[cmp_type], suffix1, suffix2);
4084 used_prefixes |= (prefixes & PREFIX_REPZ); 4084 used_prefixes |= (prefixes & PREFIX_REPZ);
4085 oappend (scratchbuf); 4085 oappend (scratchbuf);
4086 } 4086 }
monitor.c
  View file @363a37d
@@ -2251,7 +2251,7 @@ static void monitor_handle_command(const char *cmdline) @@ -2251,7 +2251,7 @@ static void monitor_handle_command(const char *cmdline)
2251 goto fail; 2251 goto fail;
2252 } 2252 }
2253 str = qemu_malloc(strlen(buf) + 1); 2253 str = qemu_malloc(strlen(buf) + 1);
2254 - strcpy(str, buf); 2254 + pstrcpy(str, sizeof(buf), buf);
2255 str_allocated[nb_args] = str; 2255 str_allocated[nb_args] = str;
2256 add_str: 2256 add_str:
2257 if (nb_args >= MAX_ARGS) { 2257 if (nb_args >= MAX_ARGS) {
@@ -2518,7 +2518,7 @@ static void file_completion(const char *input) @@ -2518,7 +2518,7 @@ static void file_completion(const char *input)
2518 if (!p) { 2518 if (!p) {
2519 input_path_len = 0; 2519 input_path_len = 0;
2520 pstrcpy(file_prefix, sizeof(file_prefix), input); 2520 pstrcpy(file_prefix, sizeof(file_prefix), input);
2521 - strcpy(path, "."); 2521 + pstrcpy(path, sizeof(path), ".");
2522 } else { 2522 } else {
2523 input_path_len = p - input + 1; 2523 input_path_len = p - input + 1;
2524 memcpy(path, input, input_path_len); 2524 memcpy(path, input, input_path_len);
@@ -2540,13 +2540,15 @@ static void file_completion(const char *input) @@ -2540,13 +2540,15 @@ static void file_completion(const char *input)
2540 break; 2540 break;
2541 if (strstart(d->d_name, file_prefix, NULL)) { 2541 if (strstart(d->d_name, file_prefix, NULL)) {
2542 memcpy(file, input, input_path_len); 2542 memcpy(file, input, input_path_len);
2543 - strcpy(file + input_path_len, d->d_name); 2543 + if (input_path_len < sizeof(file))
  2544 + pstrcpy(file + input_path_len, sizeof(file) - input_path_len,
  2545 + d->d_name);
2544 /* stat the file to find out if it's a directory. 2546 /* stat the file to find out if it's a directory.
2545 * In that case add a slash to speed up typing long paths 2547 * In that case add a slash to speed up typing long paths
2546 */ 2548 */
2547 stat(file, &sb); 2549 stat(file, &sb);
2548 if(S_ISDIR(sb.st_mode)) 2550 if(S_ISDIR(sb.st_mode))
2549 - strcat(file, "/"); 2551 + pstrcat(file, sizeof(file), "/");
2550 add_completion(file); 2552 add_completion(file);
2551 } 2553 }
2552 } 2554 }
qemu-malloc.c
  View file @363a37d
@@ -56,9 +56,10 @@ void *qemu_mallocz(size_t size) @@ -56,9 +56,10 @@ void *qemu_mallocz(size_t size)
56 char *qemu_strdup(const char *str) 56 char *qemu_strdup(const char *str)
57 { 57 {
58 char *ptr; 58 char *ptr;
59 - ptr = qemu_malloc(strlen(str) + 1); 59 + size_t len = strlen(str);
  60 + ptr = qemu_malloc(len + 1);
60 if (!ptr) 61 if (!ptr)
61 return NULL; 62 return NULL;
62 - strcpy(ptr, str); 63 + pstrcpy(ptr, len, str);
63 return ptr; 64 return ptr;
64 } 65 }
slirp/misc.c
  View file @363a37d
@@ -417,8 +417,9 @@ fork_exec(struct socket *so, const char *ex, int do_pty) @@ -417,8 +417,9 @@ fork_exec(struct socket *so, const char *ex, int do_pty)
417 { 417 {
418 char buff[256]; 418 char buff[256];
419 419
420 - sprintf(buff, "Error: execvp of %s failed: %s\n",  
421 - argv[0], strerror(errno)); 420 + snprintf(buff, sizeof(buff),
  421 + "Error: execvp of %s failed: %s\n",
  422 + argv[0], strerror(errno));
422 write(2, buff, strlen(buff)+1); 423 write(2, buff, strlen(buff)+1);
423 } 424 }
424 close(0); close(1); close(2); /* XXX */ 425 close(0); close(1); close(2); /* XXX */
slirp/slirp.c
  View file @363a37d
@@ -84,7 +84,7 @@ static int get_dns_addr(struct in_addr *pdns_addr) @@ -84,7 +84,7 @@ static int get_dns_addr(struct in_addr *pdns_addr)
84 static int get_dns_addr(struct in_addr *pdns_addr) 84 static int get_dns_addr(struct in_addr *pdns_addr)
85 { 85 {
86 char buff[512]; 86 char buff[512];
87 - char buff2[256]; 87 + char buff2[257];
88 FILE *f; 88 FILE *f;
89 int found = 0; 89 int found = 0;
90 struct in_addr tmp_addr; 90 struct in_addr tmp_addr;
slirp/tcp_subr.c
  View file @363a37d
@@ -629,7 +629,7 @@ tcp_emu(so, m) @@ -629,7 +629,7 @@ tcp_emu(so, m)
629 struct mbuf *m; 629 struct mbuf *m;
630 { 630 {
631 u_int n1, n2, n3, n4, n5, n6; 631 u_int n1, n2, n3, n4, n5, n6;
632 - char buff[256]; 632 + char buff[257];
633 u_int32_t laddr; 633 u_int32_t laddr;
634 u_int lport; 634 u_int lport;
635 char *bptr; 635 char *bptr;
@@ -673,7 +673,9 @@ tcp_emu(so, m) @@ -673,7 +673,9 @@ tcp_emu(so, m)
673 } 673 }
674 } 674 }
675 } 675 }
676 - so_rcv->sb_cc = sprintf(so_rcv->sb_data, "%d,%d\r\n", n1, n2); 676 + so_rcv->sb_cc = snprintf(so_rcv->sb_data,
  677 + so_rcv->sb_datalen,
  678 + "%d,%d\r\n", n1, n2);
677 so_rcv->sb_rptr = so_rcv->sb_data; 679 so_rcv->sb_rptr = so_rcv->sb_data;
678 so_rcv->sb_wptr = so_rcv->sb_data + so_rcv->sb_cc; 680 so_rcv->sb_wptr = so_rcv->sb_data + so_rcv->sb_cc;
679 } 681 }
@@ -1007,8 +1009,9 @@ do_prompt: @@ -1007,8 +1009,9 @@ do_prompt:
1007 n4 = (laddr & 0xff); 1009 n4 = (laddr & 0xff);
1008 1010
1009 m->m_len = bptr - m->m_data; /* Adjust length */ 1011 m->m_len = bptr - m->m_data; /* Adjust length */
1010 - m->m_len += sprintf(bptr,"ORT %d,%d,%d,%d,%d,%d\r\n%s",  
1011 - n1, n2, n3, n4, n5, n6, x==7?buff:""); 1012 + m->m_len += snprintf(bptr, m->m_hdr.mh_size - m->m_len,
  1013 + "ORT %d,%d,%d,%d,%d,%d\r\n%s",
  1014 + n1, n2, n3, n4, n5, n6, x==7?buff:"");
1012 return 1; 1015 return 1;
1013 } else if ((bptr = (char *)strstr(m->m_data, "27 Entering")) != NULL) { 1016 } else if ((bptr = (char *)strstr(m->m_data, "27 Entering")) != NULL) {
1014 /* 1017 /*
@@ -1038,8 +1041,9 @@ do_prompt: @@ -1038,8 +1041,9 @@ do_prompt:
1038 n4 = (laddr & 0xff); 1041 n4 = (laddr & 0xff);
1039 1042
1040 m->m_len = bptr - m->m_data; /* Adjust length */ 1043 m->m_len = bptr - m->m_data; /* Adjust length */
1041 - m->m_len += sprintf(bptr,"27 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n%s",  
1042 - n1, n2, n3, n4, n5, n6, x==7?buff:""); 1044 + m->m_len += snprintf(bptr, m->m_hdr.mh_size - m->m_len,
  1045 + "27 Entering Passive Mode (%d,%d,%d,%d,%d,%d)\r\n%s",
  1046 + n1, n2, n3, n4, n5, n6, x==7?buff:"");
1043 1047
1044 return 1; 1048 return 1;
1045 } 1049 }
@@ -1062,7 +1066,8 @@ do_prompt: @@ -1062,7 +1066,8 @@ do_prompt:
1062 } 1066 }
1063 if (m->m_data[m->m_len-1] == '\0' && lport != 0 && 1067 if (m->m_data[m->m_len-1] == '\0' && lport != 0 &&
1064 (so = solisten(0, so->so_laddr.s_addr, htons(lport), SS_FACCEPTONCE)) != NULL) 1068 (so = solisten(0, so->so_laddr.s_addr, htons(lport), SS_FACCEPTONCE)) != NULL)
1065 - m->m_len = sprintf(m->m_data, "%d", ntohs(so->so_fport))+1; 1069 + m->m_len = snprintf(m->m_data, m->m_hdr.mh_size, "%d",
  1070 + ntohs(so->so_fport)) + 1;
1066 return 1; 1071 return 1;
1067 1072
1068 case EMU_IRC: 1073 case EMU_IRC:
@@ -1079,25 +1084,28 @@ do_prompt: @@ -1079,25 +1084,28 @@ do_prompt:
1079 return 1; 1084 return 1;
1080 1085
1081 m->m_len = bptr - m->m_data; /* Adjust length */ 1086 m->m_len = bptr - m->m_data; /* Adjust length */
1082 - m->m_len += sprintf(bptr, "DCC CHAT chat %lu %u%c\n",  
1083 - (unsigned long)ntohl(so->so_faddr.s_addr),  
1084 - ntohs(so->so_fport), 1); 1087 + m->m_len += snprintf(bptr, m->m_hdr.mh_size,
  1088 + "DCC CHAT chat %lu %u%c\n",
  1089 + (unsigned long)ntohl(so->so_faddr.s_addr),
  1090 + ntohs(so->so_fport), 1);
1085 } else if (sscanf(bptr, "DCC SEND %256s %u %u %u", buff, &laddr, &lport, &n1) == 4) { 1091 } else if (sscanf(bptr, "DCC SEND %256s %u %u %u", buff, &laddr, &lport, &n1) == 4) {
1086 if ((so = solisten(0, htonl(laddr), htons(lport), SS_FACCEPTONCE)) == NULL) 1092 if ((so = solisten(0, htonl(laddr), htons(lport), SS_FACCEPTONCE)) == NULL)
1087 return 1; 1093 return 1;
1088 1094
1089 m->m_len = bptr - m->m_data; /* Adjust length */ 1095 m->m_len = bptr - m->m_data; /* Adjust length */
1090 - m->m_len += sprintf(bptr, "DCC SEND %s %lu %u %u%c\n",  
1091 - buff, (unsigned long)ntohl(so->so_faddr.s_addr),  
1092 - ntohs(so->so_fport), n1, 1); 1096 + m->m_len += snprintf(bptr, m->m_hdr.mh_size,
  1097 + "DCC SEND %s %lu %u %u%c\n", buff,
  1098 + (unsigned long)ntohl(so->so_faddr.s_addr),
  1099 + ntohs(so->so_fport), n1, 1);
1093 } else if (sscanf(bptr, "DCC MOVE %256s %u %u %u", buff, &laddr, &lport, &n1) == 4) { 1100 } else if (sscanf(bptr, "DCC MOVE %256s %u %u %u", buff, &laddr, &lport, &n1) == 4) {
1094 if ((so = solisten(0, htonl(laddr), htons(lport), SS_FACCEPTONCE)) == NULL) 1101 if ((so = solisten(0, htonl(laddr), htons(lport), SS_FACCEPTONCE)) == NULL)
1095 return 1; 1102 return 1;
1096 1103
1097 m->m_len = bptr - m->m_data; /* Adjust length */ 1104 m->m_len = bptr - m->m_data; /* Adjust length */
1098 - m->m_len += sprintf(bptr, "DCC MOVE %s %lu %u %u%c\n",  
1099 - buff, (unsigned long)ntohl(so->so_faddr.s_addr),  
1100 - ntohs(so->so_fport), n1, 1); 1105 + m->m_len += snprintf(bptr, m->m_hdr.mh_size,
  1106 + "DCC MOVE %s %lu %u %u%c\n", buff,
  1107 + (unsigned long)ntohl(so->so_faddr.s_addr),
  1108 + ntohs(so->so_fport), n1, 1);
1101 } 1109 }
1102 return 1; 1110 return 1;
1103 1111
@@ -1285,8 +1293,8 @@ tcp_ctl(so) @@ -1285,8 +1293,8 @@ tcp_ctl(so)
1285 1293
1286 /* FALLTHROUGH */ 1294 /* FALLTHROUGH */
1287 case CTL_ALIAS: 1295 case CTL_ALIAS:
1288 - sb->sb_cc = sprintf(sb->sb_wptr,  
1289 - "Error: No application configured.\r\n"); 1296 + sb->sb_cc = snprintf(sb->sb_wptr, sb->sb_datalen - (sb->sb_wptr - sb->sb_data),
  1297 + "Error: No application configured.\r\n");
1290 sb->sb_wptr += sb->sb_cc; 1298 sb->sb_wptr += sb->sb_cc;
1291 return(0); 1299 return(0);
1292 1300
slirp/tftp.c
  View file @363a37d
@@ -23,6 +23,7 @@ @@ -23,6 +23,7 @@
23 */ 23 */
24 24
25 #include <slirp.h> 25 #include <slirp.h>
  26 +#include "qemu-common.h" // for pstrcpy
26 27
27 struct tftp_session { 28 struct tftp_session {
28 int in_use; 29 int in_use;
@@ -148,8 +149,8 @@ static int tftp_send_oack(struct tftp_session *spt, @@ -148,8 +149,8 @@ static int tftp_send_oack(struct tftp_session *spt,
148 m->m_data += sizeof(struct udpiphdr); 149 m->m_data += sizeof(struct udpiphdr);
149 150
150 tp->tp_op = htons(TFTP_OACK); 151 tp->tp_op = htons(TFTP_OACK);
151 - n += sprintf(tp->x.tp_buf + n, "%s", key) + 1;  
152 - n += sprintf(tp->x.tp_buf + n, "%u", value) + 1; 152 + n += snprintf(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%s", key) + 1;
  153 + n += snprintf(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%u", value) + 1;
153 154
154 saddr.sin_addr = recv_tp->ip.ip_dst; 155 saddr.sin_addr = recv_tp->ip.ip_dst;
155 saddr.sin_port = recv_tp->udp.uh_dport; 156 saddr.sin_port = recv_tp->udp.uh_dport;
@@ -189,7 +190,7 @@ static int tftp_send_error(struct tftp_session *spt, @@ -189,7 +190,7 @@ static int tftp_send_error(struct tftp_session *spt,
189 190
190 tp->tp_op = htons(TFTP_ERROR); 191 tp->tp_op = htons(TFTP_ERROR);
191 tp->x.tp_error.tp_error_code = htons(errorcode); 192 tp->x.tp_error.tp_error_code = htons(errorcode);
192 - strcpy(tp->x.tp_error.tp_msg, msg); 193 + pstrcpy(tp->x.tp_error.tp_msg, sizeof(tp->x.tp_error.tp_msg), msg);
193 194
194 saddr.sin_addr = recv_tp->ip.ip_dst; 195 saddr.sin_addr = recv_tp->ip.ip_dst;
195 saddr.sin_port = recv_tp->udp.uh_dport; 196 saddr.sin_port = recv_tp->udp.uh_dport;
@@ -1915,11 +1915,12 @@ static void mux_print_help(CharDriverState *chr) @@ -1915,11 +1915,12 @@ static void mux_print_help(CharDriverState *chr)
1915 char cbuf[50] = "\n\r"; 1915 char cbuf[50] = "\n\r";
1916 1916
1917 if (term_escape_char > 0 && term_escape_char < 26) { 1917 if (term_escape_char > 0 && term_escape_char < 26) {
1918 - sprintf(cbuf,"\n\r");  
1919 - sprintf(ebuf,"C-%c", term_escape_char - 1 + 'a'); 1918 + snprintf(cbuf, sizeof(cbuf), "\n\r");
  1919 + snprintf(ebuf, sizeof(ebuf), "C-%c", term_escape_char - 1 + 'a');
1920 } else { 1920 } else {
1921 - sprintf(cbuf,"\n\rEscape-Char set to Ascii: 0x%02x\n\r\n\r",  
1922 - term_escape_char); 1921 + snprintf(cbuf, sizeof(cbuf),
  1922 + "\n\rEscape-Char set to Ascii: 0x%02x\n\r\n\r",
  1923 + term_escape_char);
1923 } 1924 }
1924 chr->chr_write(chr, (uint8_t *)cbuf, strlen(cbuf)); 1925 chr->chr_write(chr, (uint8_t *)cbuf, strlen(cbuf));
1925 for (i = 0; mux_help[i] != NULL; i++) { 1926 for (i = 0; mux_help[i] != NULL; i++) {
@@ -4385,7 +4386,7 @@ static int tap_open(char *ifname, int ifname_size) @@ -4385,7 +4386,7 @@ static int tap_open(char *ifname, int ifname_size)
4385 * Allocate TAP device, returns opened fd. 4386 * Allocate TAP device, returns opened fd.
4386 * Stores dev name in the first arg(must be large enough). 4387 * Stores dev name in the first arg(must be large enough).
4387 */ 4388 */
4388 -int tap_alloc(char *dev) 4389 +int tap_alloc(char *dev, size_t dev_size)
4389 { 4390 {
4390 int tap_fd, if_fd, ppa = -1; 4391 int tap_fd, if_fd, ppa = -1;
4391 static int ip_fd = 0; 4392 static int ip_fd = 0;
@@ -4498,7 +4499,7 @@ int tap_alloc(char *dev) @@ -4498,7 +4499,7 @@ int tap_alloc(char *dev)
4498 syslog (LOG_ERR, "Can't set multiplexor id"); 4499 syslog (LOG_ERR, "Can't set multiplexor id");
4499 } 4500 }
4500 4501
4501 - sprintf(dev, "tap%d", ppa); 4502 + snprintf(dev, dev_size, "tap%d", ppa);
4502 return tap_fd; 4503 return tap_fd;
4503 } 4504 }
4504 4505
@@ -4506,7 +4507,7 @@ static int tap_open(char *ifname, int ifname_size) @@ -4506,7 +4507,7 @@ static int tap_open(char *ifname, int ifname_size)
4506 { 4507 {
4507 char dev[10]=""; 4508 char dev[10]="";
4508 int fd; 4509 int fd;
4509 - if( (fd = tap_alloc(dev)) < 0 ){ 4510 + if( (fd = tap_alloc(dev, sizeof(dev))) < 0 ){
4510 fprintf(stderr, "Cannot allocate TAP device\n"); 4511 fprintf(stderr, "Cannot allocate TAP device\n");
4511 return -1; 4512 return -1;
4512 } 4513 }
@@ -5461,11 +5462,11 @@ static int drive_init(struct drive_opt *arg, int snapshot, @@ -5461,11 +5462,11 @@ static int drive_init(struct drive_opt *arg, int snapshot,
5461 !strcmp(machine->name, "versatileab")) { 5462 !strcmp(machine->name, "versatileab")) {
5462 type = IF_SCSI; 5463 type = IF_SCSI;
5463 max_devs = MAX_SCSI_DEVS; 5464 max_devs = MAX_SCSI_DEVS;
5464 - strcpy(devname, "scsi"); 5465 + pstrcpy(devname, sizeof(devname), "scsi");
5465 } else { 5466 } else {
5466 type = IF_IDE; 5467 type = IF_IDE;
5467 max_devs = MAX_IDE_DEVS; 5468 max_devs = MAX_IDE_DEVS;
5468 - strcpy(devname, "ide"); 5469 + pstrcpy(devname, sizeof(devname), "ide");
5469 } 5470 }
5470 media = MEDIA_DISK; 5471 media = MEDIA_DISK;
5471 5472