Replace sprintf with snprintftizen

To improve security, this patch replace sprintf with snprintf across this application Change-Id: I4f49dc5776ec81f61ca73c76e370adaffd65ee66 Signed-off-by: Wonki Kim <wonki_.kim@samsung.com>
author: Wonki Kim <wonki_.kim@samsung.com> 2017-04-28 17:17:18 +0900
committer: Youngbok Shin <youngb.shin@samsung.com> 2017-04-28 09:30:23 +0000
commit: 1bad7f515d18619807d7d065788f4cf0249be9bc (patch)
tree: fe99ac1bc0207f7ea3575fe667484b0a5dc2d53e
parent: 808ef4683a172d23ad0b452d293197531e6bee54 (diff)
download: elm-demo-tizen-tv-tizen.tar.gz
elm-demo-tizen-tv-tizen.tar.bz2
elm-demo-tizen-tv-tizen.zip
5 files changed, 28 insertions, 28 deletions
diff --git a/src/entry.c b/src/entry.c
index 0aac63c..c49780a 100644
--- a/src/entry.c
+++ b/src/entry.c
@@ -22,7 +22,7 @@ static void _preedit_cb(void *data, Evas_Object *obj, void *event_info)
    char im_data[30] = "entrylimit=20&entrycharlen=0";
 
    x = eina_unicode_utf8_get_len(elm_object_text_get(obj));
-   sprintf(im_data, "entrylimit=20&entrycharlen=%d",x);
+   snprintf(im_data, 30, "entrylimit=20&entrycharlen=%d",x);
    ecore_imf_context_input_panel_imdata_set(imf_context, im_data, eina_unicode_utf8_get_len(im_data)+1);
 }
 
diff --git a/src/genlist.c b/src/genlist.c
index e7bcd91..b88c01f 100644
--- a/src/genlist.c
+++ b/src/genlist.c
@@ -116,29 +116,29 @@ static char *_item_label_get(void *data, Evas_Object *obj, const char *part)
 
    if (!strcmp(part, "elm.text"))
    {
-       if ((int) data == 0) sprintf(buf, "%s", "Time Warner Cable(Cable)");
-       else if ((int) data == 1) sprintf(buf, "%s", "ComCast (Cable)");
-       else if ((int) data == 2) sprintf(buf, "%s", "Dish (Satellite)");
-       else if ((int) data == 3) sprintf(buf, "%s", "DirecTV (Satellite)");
-       else if ((int) data == 4) sprintf(buf, "%s", "Tata Sky (Satellite)");
-       else if ((int) data == 5) sprintf(buf, "%s", "Nextra Cable(Cable)");
-       else if ((int) data == 6) sprintf(buf, "%s", "DD Plus (Cable)");
-       else if ((int) data == 7) sprintf(buf, "%s", "Tikona Cable(Cable)");
-       else if ((int) data == 8) sprintf(buf, "%s", "True Provider (Cable)");
-       else if ((int) data == 9) sprintf(buf, "%s", "Vodafone (Satellite)");
-       else sprintf(buf, "%s", "Sample Text");
+       if ((int) data == 0) snprintf(buf, BUFFER_SIZE, "%s", "Time Warner Cable(Cable)");
+       else if ((int) data == 1) snprintf(buf, BUFFER_SIZE, "%s", "ComCast (Cable)");
+       else if ((int) data == 2) snprintf(buf, BUFFER_SIZE, "%s", "Dish (Satellite)");
+       else if ((int) data == 3) snprintf(buf, BUFFER_SIZE, "%s", "DirecTV (Satellite)");
+       else if ((int) data == 4) snprintf(buf, BUFFER_SIZE, "%s", "Tata Sky (Satellite)");
+       else if ((int) data == 5) snprintf(buf, BUFFER_SIZE, "%s", "Nextra Cable(Cable)");
+       else if ((int) data == 6) snprintf(buf, BUFFER_SIZE, "%s", "DD Plus (Cable)");
+       else if ((int) data == 7) snprintf(buf, BUFFER_SIZE, "%s", "Tikona Cable(Cable)");
+       else if ((int) data == 8) snprintf(buf, BUFFER_SIZE, "%s", "True Provider (Cable)");
+       else if ((int) data == 9) snprintf(buf, BUFFER_SIZE, "%s", "Vodafone (Satellite)");
+       else snprintf(buf, BUFFER_SIZE, "%s", "Sample Text");
    }
    else if (!strcmp(part, "elm.text2"))
    {
-       sprintf(buf, "sub text (%d)", (int) data);
+       snprintf(buf, BUFFER_SIZE, "sub text (%d)", (int) data);
    }
    else if (!strcmp(part, "elm.text3"))
    {
-       sprintf(buf, "sub text#2 (%d)", (int) data);
+       snprintf(buf, BUFFER_SIZE, "sub text#2 (%d)", (int) data);
    }
    else if (!strcmp(part, "elm.text4"))
    {
-       sprintf(buf, "sub text#3 (%d)", (int) data);
+       snprintf(buf, BUFFER_SIZE, "sub text#3 (%d)", (int) data);
    }
 
    return strdup(buf);
diff --git a/src/main.c b/src/main.c
index 673a83d..79cefac 100644
--- a/src/main.c
+++ b/src/main.c
@@ -70,7 +70,7 @@ static char *_text_get(void *data, Evas_Object *obj, const char *part)
 {
     int i = (int) data;
     char buf[32];
-    sprintf(buf, "%d %s", (i+1), widget_its[i].name);
+    snprintf(buf, 32, "%d %s", (i+1), widget_its[i].name);
 
     return strdup(buf);
 }
diff --git a/src/performance.c b/src/performance.c
index 94b9d0b..d4bb6b4 100644
--- a/src/performance.c
+++ b/src/performance.c
@@ -86,17 +86,17 @@ static char *_item_label_get(void *data, Evas_Object *obj, const char *part)
    int count = (int) data % 10;
    if (!strcmp(part, "elm.text"))
      {
-        if (count == 0) sprintf(buf, "%s", "Time Warner Cable(Cable)");
-        else if ((int) count == 1) sprintf(buf, "%s", "ComCast (Cable)");
-        else if ((int) count == 2) sprintf(buf, "%s", "Dish (Satellite)");
-        else if ((int) count == 3) sprintf(buf, "%s", "DirecTV (Satellite)");
-        else if ((int) count == 4) sprintf(buf, "%s", "Tata Sky (Satellite)");
-        else if ((int) count == 5) sprintf(buf, "%s", "Nextra Cable(Cable)");
-        else if ((int) count == 6) sprintf(buf, "%s", "DD Plus (Cable)");
-        else if ((int) count == 7) sprintf(buf, "%s", "Tikona Cable(Cable)");
-        else if ((int) count == 8) sprintf(buf, "%s", "True Provider (Cable)");
-        else if ((int) count == 9) sprintf(buf, "%s", "Vodafone (Satellite)");
-        else sprintf(buf, "%s", "Sample Text");
+        if (count == 0) snprintf(buf, BUFFER_SIZE, "%s", "Time Warner Cable(Cable)");
+        else if ((int) count == 1) snprintf(buf, BUFFER_SIZE, "%s", "ComCast (Cable)");
+        else if ((int) count == 2) snprintf(buf, BUFFER_SIZE, "%s", "Dish (Satellite)");
+        else if ((int) count == 3) snprintf(buf, BUFFER_SIZE, "%s", "DirecTV (Satellite)");
+        else if ((int) count == 4) snprintf(buf, BUFFER_SIZE, "%s", "Tata Sky (Satellite)");
+        else if ((int) count == 5) snprintf(buf, BUFFER_SIZE, "%s", "Nextra Cable(Cable)");
+        else if ((int) count == 6) snprintf(buf, BUFFER_SIZE, "%s", "DD Plus (Cable)");
+        else if ((int) count == 7) snprintf(buf, BUFFER_SIZE, "%s", "Tikona Cable(Cable)");
+        else if ((int) count == 8) snprintf(buf, BUFFER_SIZE, "%s", "True Provider (Cable)");
+        else if ((int) count == 9) snprintf(buf, BUFFER_SIZE, "%s", "Vodafone (Satellite)");
+        else snprintf(buf, BUFFER_SIZE, "%s", "Sample Text");
      }
 
    return strdup(buf);
diff --git a/src/util.c b/src/util.c
index 784ccc5..3a6f685 100644
--- a/src/util.c
+++ b/src/util.c
@@ -104,7 +104,7 @@ char *get_format(char *format, char *value)
 {
     int len = strlen(format) + strlen(value);
     char *str = (char *)malloc(len+1);
-    sprintf(str, format, value);
+    snprintf(str, len+1, format, value);
 
     return str;
 }
author	Wonki Kim <wonki_.kim@samsung.com>	2017-04-28 17:17:18 +0900
committer	Youngbok Shin <youngb.shin@samsung.com>	2017-04-28 09:30:23 +0000
commit	1bad7f515d18619807d7d065788f4cf0249be9bc (patch)
tree	fe99ac1bc0207f7ea3575fe667484b0a5dc2d53e
parent	808ef4683a172d23ad0b452d293197531e6bee54 (diff)
download	elm-demo-tizen-tv-tizen.tar.gz elm-demo-tizen-tv-tizen.tar.bz2 elm-demo-tizen-tv-tizen.zip