diff options
author | Jan Vorlicek <janvorli@microsoft.com> | 2016-11-21 16:22:45 +0100 |
---|---|---|
committer | Jan Kotas <jkotas@microsoft.com> | 2016-11-21 07:22:45 -0800 |
commit | 716cb7ea87e40abb4b106df55af7ff4666170296 (patch) | |
tree | 512ecfde277f7257c8f883715ba0b2596e415db5 /src/ToolBox | |
parent | 3c3ab1a269a48b81c2a57e55da76b7e5f0f24eb9 (diff) | |
download | coreclr-716cb7ea87e40abb4b106df55af7ff4666170296.tar.gz coreclr-716cb7ea87e40abb4b106df55af7ff4666170296.tar.bz2 coreclr-716cb7ea87e40abb4b106df55af7ff4666170296.zip |
Remove unsafe banned functions (#8162)
This change removes _snwprintf, _snprintf and _vsnwprintf usage from CoreCLR and
their implementations from PAL.
PAL exposes their secure variants instead and CoreCLR now uses those instead.
I have also removed the StringCchPrintfA/W, StringCchVPrintfA/W, StringCbVPrintfA/W,
StringCbPrintfA/W, StringCbPrintfExA/W, StringCchVPrintfExA/W, StringCbVPrintfExA/W
and StringCchPrintfExA/W replaced their usage by the secure variants of the sprintf
functions, since they were used at only few places and implementing all of the variants
using the secure sprintf variants would be a hassle.
I also needed to fix a missing support for size modifiers for %p formatting character
and for wide characters / strings in the secure sprintf functions that was revealed
by the PAL tests.
I have also removed a bunch of PAL tests that were using %n formatting character which
was not implemented since it is considered unsafe and translated PAL tests that were using
the removed functions to use the safe variants of those.
Diffstat (limited to 'src/ToolBox')
-rw-r--r-- | src/ToolBox/SOS/Strike/stressLogDump.cpp | 2 | ||||
-rw-r--r-- | src/ToolBox/superpmi/superpmi-shared/logging.cpp | 6 | ||||
-rw-r--r-- | src/ToolBox/superpmi/superpmi/neardiffer.cpp | 2 |
3 files changed, 5 insertions, 5 deletions
diff --git a/src/ToolBox/SOS/Strike/stressLogDump.cpp b/src/ToolBox/SOS/Strike/stressLogDump.cpp index f277f92434..9dfbe1ed5e 100644 --- a/src/ToolBox/SOS/Strike/stressLogDump.cpp +++ b/src/ToolBox/SOS/Strike/stressLogDump.cpp @@ -34,7 +34,7 @@ static const WCHAR* getTime(const FILETIME* time, __out_ecount (buffLen) WCHAR* return badTime; #ifdef FEATURE_PAL - int length = _snwprintf(buff, buffLen, W("%02d:%02d:%02d"), systemTime.wHour, systemTime.wMinute, systemTime.wSecond); + int length = _snwprintf_s(buff, buffLen, _TRUNCATE, W("%02d:%02d:%02d"), systemTime.wHour, systemTime.wMinute, systemTime.wSecond); if (length <= 0) return badTime; #else // FEATURE_PAL diff --git a/src/ToolBox/superpmi/superpmi-shared/logging.cpp b/src/ToolBox/superpmi/superpmi-shared/logging.cpp index 5f7aa48a4f..69c321bb39 100644 --- a/src/ToolBox/superpmi/superpmi-shared/logging.cpp +++ b/src/ToolBox/superpmi/superpmi-shared/logging.cpp @@ -262,9 +262,9 @@ void Logger::LogVprintf(const char *function, const char *file, int line, const char *timeStr = ""; #endif // FEATURE_PAL - const char *logEntryFmtStr = "%s - %s [%s:%d] - %s - %s\r\n"; - size_t logEntryBuffSize = _snprintf(nullptr, 0, logEntryFmtStr, - timeStr, function, file, line, logLevelStr, fullMsg) + 1; + const char logEntryFmtStr[] = "%s - %s [%s:%d] - %s - %s\r\n"; + size_t logEntryBuffSize = sizeof(logEntryFmtStr) + strlen(timeStr) + strlen(function) + + strlen(file) + 10 + strlen(logLevelStr) + strlen(fullMsg); char *logEntry = new char[logEntryBuffSize]; sprintf_s(logEntry, logEntryBuffSize, logEntryFmtStr, diff --git a/src/ToolBox/superpmi/superpmi/neardiffer.cpp b/src/ToolBox/superpmi/superpmi/neardiffer.cpp index 5b2e3b1b57..3f2c4db3b8 100644 --- a/src/ToolBox/superpmi/superpmi/neardiffer.cpp +++ b/src/ToolBox/superpmi/superpmi/neardiffer.cpp @@ -154,7 +154,7 @@ void NearDiffer::DumpCodeBlock(unsigned char *block, ULONG blocksize, void *orig const size_t minInstrBytes = 7; size_t instrBytes = max(instrSize, minInstrBytes); - size_t buffSize = _snprintf(nullptr, 0, "%p %s\n", (void*)((size_t)originalAddr+offset), instrMnemonic) + 3 * instrBytes + 1; + size_t buffSize = sizeof("%p %s\n") + 10 + count + 3 * instrBytes + 1; char *buff = new char[buffSize]; int written = 0; written += sprintf_s(buff, buffSize, "%p ", (void*)((size_t)originalAddr+offset)); |