diff --git a/app/src/adb/adb.c b/app/src/adb/adb.c index b248b8ed..54375451 100644 --- a/app/src/adb/adb.c +++ b/app/src/adb/adb.c @@ -218,8 +218,16 @@ sc_adb_forward(struct sc_intr *intr, const char *serial, uint16_t local_port, const char *device_socket_name, unsigned flags) { char local[4 + 5 + 1]; // tcp:PORT char remote[108 + 14 + 1]; // localabstract:NAME - sprintf(local, "tcp:%" PRIu16, local_port); - snprintf(remote, sizeof(remote), "localabstract:%s", device_socket_name); + + int r = snprintf(local, sizeof(local), "tcp:%" PRIu16, local_port); + assert(r >= 0 && (size_t) r < sizeof(local)); + + r = snprintf(remote, sizeof(remote), "localabstract:%s", + device_socket_name); + if (r < 0 || (size_t) r >= sizeof(remote)) { + LOGE("Could not write socket name"); + return false; + } assert(serial); const char *const argv[] = @@ -233,7 +241,9 @@ bool sc_adb_forward_remove(struct sc_intr *intr, const char *serial, uint16_t local_port, unsigned flags) { char local[4 + 5 + 1]; // tcp:PORT - sprintf(local, "tcp:%" PRIu16, local_port); + int r = snprintf(local, sizeof(local), "tcp:%" PRIu16, local_port); + assert(r >= 0 && (size_t) r < sizeof(local)); + (void) r; assert(serial); const char *const argv[] = @@ -249,8 +259,16 @@ sc_adb_reverse(struct sc_intr *intr, const char *serial, unsigned flags) { char local[4 + 5 + 1]; // tcp:PORT char remote[108 + 14 + 1]; // localabstract:NAME - sprintf(local, "tcp:%" PRIu16, local_port); - snprintf(remote, sizeof(remote), "localabstract:%s", device_socket_name); + int r = snprintf(local, sizeof(local), "tcp:%" PRIu16, local_port); + assert(r >= 0 && (size_t) r < sizeof(local)); + + r = snprintf(remote, sizeof(remote), "localabstract:%s", + device_socket_name); + if (r < 0 || (size_t) r >= sizeof(remote)) { + LOGE("Could not write socket name"); + return false; + } + assert(serial); const char *const argv[] = SC_ADB_COMMAND("-s", serial, "reverse", remote, local); @@ -263,7 +281,12 @@ bool sc_adb_reverse_remove(struct sc_intr *intr, const char *serial, const char *device_socket_name, unsigned flags) { char remote[108 + 14 + 1]; // localabstract:NAME - snprintf(remote, sizeof(remote), "localabstract:%s", device_socket_name); + int r = snprintf(remote, sizeof(remote), "localabstract:%s", + device_socket_name); + if (r < 0 || (size_t) r >= sizeof(remote)) { + LOGE("Device socket name too long"); + return false; + } assert(serial); const char *const argv[] = @@ -333,7 +356,9 @@ bool sc_adb_tcpip(struct sc_intr *intr, const char *serial, uint16_t port, unsigned flags) { char port_string[5 + 1]; - sprintf(port_string, "%" PRIu16, port); + int r = snprintf(port_string, sizeof(port_string), "%" PRIu16, port); + assert(r >= 0 && (size_t) r < sizeof(port_string)); + (void) r; assert(serial); const char *const argv[] = diff --git a/app/tests/test_str.c b/app/tests/test_str.c index f719bc98..5d365ef5 100644 --- a/app/tests/test_str.c +++ b/app/tests/test_str.c @@ -269,21 +269,25 @@ static void test_parse_integer_with_suffix(void) { char buf[32]; - sprintf(buf, "%ldk", LONG_MAX / 2000); + int r = snprintf(buf, sizeof(buf), "%ldk", LONG_MAX / 2000); + assert(r >= 0 && (size_t) r < sizeof(buf)); ok = sc_str_parse_integer_with_suffix(buf, &value); assert(ok); assert(value == LONG_MAX / 2000 * 1000); - sprintf(buf, "%ldm", LONG_MAX / 2000); + r = snprintf(buf, sizeof(buf), "%ldm", LONG_MAX / 2000); + assert(r >= 0 && (size_t) r < sizeof(buf)); ok = sc_str_parse_integer_with_suffix(buf, &value); assert(!ok); - sprintf(buf, "%ldk", LONG_MIN / 2000); + r = snprintf(buf, sizeof(buf), "%ldk", LONG_MIN / 2000); + assert(r >= 0 && (size_t) r < sizeof(buf)); ok = sc_str_parse_integer_with_suffix(buf, &value); assert(ok); assert(value == LONG_MIN / 2000 * 1000); - sprintf(buf, "%ldm", LONG_MIN / 2000); + r = snprintf(buf, sizeof(buf), "%ldm", LONG_MIN / 2000); + assert(r >= 0 && (size_t) r < sizeof(buf)); ok = sc_str_parse_integer_with_suffix(buf, &value); assert(!ok); }