From b4bb8d3551ba1c19a4f802758088734c257caaa0 Mon Sep 17 00:00:00 2001
From: Sunmin Lee <sunm.lee@samsung.com>
Date: Mon, 18 Sep 2017 13:27:50 +0900
Subject: Fix vulnerabilities

Change-Id: Ia7d8565ef86cfef9d8b61e2e11020b6f1b49ed1d
Signed-off-by: Sunmin Lee <sunm.lee@samsung.com>
---
 src/crash-stack/crash-stack.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'src/crash-stack')

diff --git a/src/crash-stack/crash-stack.c b/src/crash-stack/crash-stack.c
index 30a432c..bd1f157 100644
--- a/src/crash-stack/crash-stack.c
+++ b/src/crash-stack/crash-stack.c
@@ -645,7 +645,7 @@ static struct addr_node *get_addr_list_from_maps(int fd)
 	/* parsing the maps to get executable code address */
 	while (fgets_fd(linebuf, BUF_SIZE, fd) != NULL) {
 		memset(path, 0, PATH_MAX);
-		result = sscanf(linebuf, "%s %s %*s %*s %*s %s ", addr, perm, path);
+		result = sscanf(linebuf, "%34s %5s %*s %*s %*s %256s ", addr, perm, path);
 		if (result < 0)
 			continue;
 		perm[PERM_LEN - 1] = 0;
@@ -754,7 +754,7 @@ static void __crash_stack_print_meminfo(FILE* outputfile, pid_t pid)
 		fprintf(errfile, "[crash-stack] cannot open /proc/meminfo\n");
 	} else {
 		while (fgets_fd(linebuf, BUF_SIZE, fd) != NULL) {
-			sscanf(linebuf, "%s %s %*s", infoname, memsize);
+			sscanf(linebuf, "%16s %16s %*s", infoname, memsize);
 			if (strcmp("MemTotal:", infoname) == 0) {
 				fprintf(outputfile, "%s %8s KB\n", infoname, memsize);
 			} else if (strcmp("MemFree:", infoname) == 0) {
@@ -774,7 +774,7 @@ static void __crash_stack_print_meminfo(FILE* outputfile, pid_t pid)
 		fprintf(errfile, "[crash-stack] cannot open %s\n", file_path);
 	} else {
 		while (fgets_fd(linebuf, BUF_SIZE, fd) != NULL) {
-			sscanf(linebuf, "%s %s %*s", infoname, memsize);
+			sscanf(linebuf, "%16s %16s %*s", infoname, memsize);
 			if (strcmp("VmPeak:", infoname) == 0) {
 				fprintf(outputfile, "%s	  %8s KB\n", infoname,
 						memsize);
-- 
cgit v1.2.3