diff --git a/arch/arm/src/armv7-m/arm_systick.c b/arch/arm/src/armv7-m/arm_systick.c index 25b2a08834a..e45728c0cd6 100644 --- a/arch/arm/src/armv7-m/arm_systick.c +++ b/arch/arm/src/armv7-m/arm_systick.c @@ -302,7 +302,7 @@ struct timer_lowerhalf_s *systick_initialize(bool coreclk, { char devname[32]; - sprintf(devname, "/dev/timer%d", minor); + snprintf(devname, sizeof(devname), "/dev/timer%d", minor); timer_register(devname, (struct timer_lowerhalf_s *)lower); } diff --git a/arch/arm/src/armv8-m/arm_systick.c b/arch/arm/src/armv8-m/arm_systick.c index 87dad907880..d9733aefd78 100644 --- a/arch/arm/src/armv8-m/arm_systick.c +++ b/arch/arm/src/armv8-m/arm_systick.c @@ -302,7 +302,7 @@ struct timer_lowerhalf_s *systick_initialize(bool coreclk, { char devname[32]; - sprintf(devname, "/dev/timer%d", minor); + snprintf(devname, sizeof(devname), "/dev/timer%d", minor); timer_register(devname, (struct timer_lowerhalf_s *)lower); } diff --git a/arch/arm/src/c5471/c5471_watchdog.c b/arch/arm/src/c5471/c5471_watchdog.c index a27f9e45374..ba6014c2c41 100644 --- a/arch/arm/src/c5471/c5471_watchdog.c +++ b/arch/arm/src/c5471/c5471_watchdog.c @@ -250,8 +250,8 @@ static ssize_t wdt_read(struct file *filep, char *buffer, size_t buflen) wdinfo("buflen=%d\n", buflen); if (buflen >= 18) { - sprintf(buffer, "%08" PRIx32 " %08" PRIx32 "\n", - c5471_wdt_cntl, c5471_wdt_count); + snprintf(buffer, buflen, "%08" PRIx32 " %08" PRIx32 "\n", + c5471_wdt_cntl, c5471_wdt_count); return 18; } diff --git a/arch/arm/src/phy62xx/uart.h b/arch/arm/src/phy62xx/uart.h index 518575c3384..4cc1823a3df 100644 --- a/arch/arm/src/phy62xx/uart.h +++ b/arch/arm/src/phy62xx/uart.h @@ -165,7 +165,15 @@ int hal_uart_set_tx_buf(UART_INDEX_e uart_index, uint8_t *buf, uint16_t size); int hal_uart_get_tx_ready(UART_INDEX_e uart_index); int hal_uart_send_buff(UART_INDEX_e uart_index, uint8_t *buff, uint16_t len); -#define logx(...) {char tmp_str[128]; sprintf(tmp_str, __VA_ARGS__); hal_uart_send_buff(0, &tmp_str, strlen(tmp_str) + 1);} +#define logx(...) \ + do \ + { \ + char tmp_str[128]; \ + snprintf(tmp_str, sizeof(tmp_str), __VA_ARGS__); \ + hal_uart_send_buff(0, &tmp_str, strlen(tmp_str) + 1); \ + } \ + while (0) + int hal_uart_send_byte(UART_INDEX_e uart_index, unsigned char data); void __attribute__((weak)) hal_UART0_IRQHandler(void); void __attribute__((weak)) hal_UART1_IRQHandler(void); diff --git a/arch/arm/src/tlsr82/tlsr82_flash_mtd.c b/arch/arm/src/tlsr82/tlsr82_flash_mtd.c index 90bb9b91f58..ade712de504 100644 --- a/arch/arm/src/tlsr82/tlsr82_flash_mtd.c +++ b/arch/arm/src/tlsr82/tlsr82_flash_mtd.c @@ -292,13 +292,16 @@ static void tlsr82_flash_print(const char *msg, const uint8_t *buf, { if (i % 16 == 0) { - off += sprintf(&print_buf[off], "0x%08x:", i); + snprintf(&print_buf[off], + sizeof(print_buf) - off, "0x%08x:", i); + off += strlen(&print_buf[off]); } - off += sprintf(&print_buf[off], "0x%02x ", buf[i]); - i++; + snprintf(&print_buf[off], + sizeof(print_buf) - off, "0x%02x ", buf[i]); + off += strlen(&print_buf[off]); - if (i % 16 == 0) + if (++i % 16 == 0) { ferr("%s\n", print_buf); off = 0; @@ -320,7 +323,7 @@ static void tlsr82_flash_print(const char *msg, const uint8_t *buf, static int tlsr82_flash_test(struct tlsr82_flash_dev_s *priv) { struct mtd_geometry_s geo; - int ret = OK; + int ret = 0; int npages = 0; int i = 0; int j = 0; @@ -329,13 +332,16 @@ static int tlsr82_flash_test(struct tlsr82_flash_dev_s *priv) /* 1. print the manufacture id and unique id */ - ret = 0; ferr("Flash information print:\n"); ferr(" Flash MID: 0x%08lx\n", g_flash_mid); - ret += sprintf(&print_buf[ret], " Flash UID: "); + snprintf(&print_buf[ret], + sizeof(print_buf) - ret, " Flash UID: "); + ret += strlen(&print_buf[ret]); for (i = 1; i < 16; i++) { - ret += sprintf(&print_buf[ret], "0x%x ", g_flash_uid[i]); + snprintf(&print_buf[ret], + sizeof(print_buf) - ret, "0x%x ", g_flash_uid[i]); + ret += strlen(&print_buf[ret]); } ferr("%s\n", print_buf); diff --git a/arch/risc-v/src/esp32c3/esp32c3_partition.c b/arch/risc-v/src/esp32c3/esp32c3_partition.c index c83dfc5efdc..55b315ea2fa 100644 --- a/arch/risc-v/src/esp32c3/esp32c3_partition.c +++ b/arch/risc-v/src/esp32c3/esp32c3_partition.c @@ -607,7 +607,7 @@ int esp32c3_partition_init(void) } strlcpy(label, (char *)info->label, sizeof(label)); - sprintf(path, "%s%s", path_base, label); + snprintf(path, sizeof(path), "%s%s", path_base, label); finfo("INFO: [label]: %s\n", label); finfo("INFO: [type]: %d\n", info->type); diff --git a/boards/arm/stm32/cloudctrl/src/stm32_chipid.c b/boards/arm/stm32/cloudctrl/src/stm32_chipid.c index fcb8dc53ccf..d7245c037ce 100644 --- a/boards/arm/stm32/cloudctrl/src/stm32_chipid.c +++ b/boards/arm/stm32/cloudctrl/src/stm32_chipid.c @@ -63,7 +63,8 @@ const char *stm32_getchipid_string(void) for (i = 0, c = 0; i < 12; i++) { - sprintf(&cpuid[c], "%02X", getreg8(0x1ffff7e8 + 11 - i)); + snprintf(&cpuid[c], sizeof(cpuid) - c, + "%02X", getreg8(0x1ffff7e8 + 11 - i)); c += 2; if (i % 4 == 3) { diff --git a/boards/arm/stm32/shenzhou/src/stm32_chipid.c b/boards/arm/stm32/shenzhou/src/stm32_chipid.c index 3aee32a6484..e1842cc5f6d 100644 --- a/boards/arm/stm32/shenzhou/src/stm32_chipid.c +++ b/boards/arm/stm32/shenzhou/src/stm32_chipid.c @@ -63,7 +63,8 @@ const char *stm32_getchipid_string(void) for (i = 0, c = 0; i < 12; i++) { - sprintf(&cpuid[c], "%02X", getreg8(0x1ffff7e8 + 11 - i)); + snprintf(&cpuid[c], sizeof(cpuid) - c, + "%02X", getreg8(0x1ffff7e8 + 11 - i)); c += 2; if (i % 4 == 3) { diff --git a/boards/arm/stm32f7/nucleo-144/src/stm32_bringup.c b/boards/arm/stm32f7/nucleo-144/src/stm32_bringup.c index aeecb273106..e51b91bf632 100644 --- a/boards/arm/stm32f7/nucleo-144/src/stm32_bringup.c +++ b/boards/arm/stm32f7/nucleo-144/src/stm32_bringup.c @@ -174,7 +174,7 @@ int stm32_bringup(void) char buf[9]; #ifdef CONFIG_STM32F7_TIM1_QE - sprintf(buf, "/dev/qe0"); + snprintf(buf, sizeof(buf), "/dev/qe0"); ret = stm32_qencoder_initialize(buf, 1); if (ret < 0) { @@ -186,7 +186,7 @@ int stm32_bringup(void) #endif #ifdef CONFIG_STM32F7_TIM3_QE - sprintf(buf, "/dev/qe2"); + snprintf(buf, sizeof(buf), "/dev/qe2"); ret = stm32_qencoder_initialize(buf, 3); if (ret < 0) { @@ -198,7 +198,7 @@ int stm32_bringup(void) #endif #ifdef CONFIG_STM32F7_TIM4_QE - sprintf(buf, "/dev/qe3"); + snprintf(buf, sizeof(buf), "/dev/qe3"); ret = stm32_qencoder_initialize(buf, 4); if (ret < 0) { diff --git a/boards/arm/stm32l4/nucleo-l432kc/src/stm32_appinit.c b/boards/arm/stm32l4/nucleo-l432kc/src/stm32_appinit.c index 2aa082926b4..528fdb93323 100644 --- a/boards/arm/stm32l4/nucleo-l432kc/src/stm32_appinit.c +++ b/boards/arm/stm32l4/nucleo-l432kc/src/stm32_appinit.c @@ -316,7 +316,7 @@ int board_app_initialize(uintptr_t arg) index = 0; #ifdef CONFIG_STM32L4_TIM1_QE - sprintf(buf, "/dev/qe%d", index++); + snprintf(buf, sizeof(buf), "/dev/qe%d", index++); ret = stm32l4_qencoder_initialize(buf, 1); if (ret != OK) { @@ -327,7 +327,7 @@ int board_app_initialize(uintptr_t arg) #endif #ifdef CONFIG_STM32L4_TIM2_QE - sprintf(buf, "/dev/qe%d", index++); + snprintf(buf, sizeof(buf), "/dev/qe%d", index++); ret = stm32l4_qencoder_initialize(buf, 2); if (ret != OK) { @@ -338,7 +338,7 @@ int board_app_initialize(uintptr_t arg) #endif #ifdef CONFIG_STM32L4_TIM3_QE - sprintf(buf, "/dev/qe%d", index++); + snprintf(buf, sizeof(buf), "/dev/qe%d", index++); ret = stm32l4_qencoder_initialize(buf, 3); if (ret != OK) { @@ -349,7 +349,7 @@ int board_app_initialize(uintptr_t arg) #endif #ifdef CONFIG_STM32L4_TIM4_QE - sprintf(buf, "/dev/qe%d", index++); + snprintf(buf, sizeof(buf), "/dev/qe%d", index++); ret = stm32l4_qencoder_initialize(buf, 4); if (ret != OK) { @@ -360,7 +360,7 @@ int board_app_initialize(uintptr_t arg) #endif #ifdef CONFIG_STM32L4_TIM5_QE - sprintf(buf, "/dev/qe%d", index++); + snprintf(buf, sizeof(buf), "/dev/qe%d", index++); ret = stm32l4_qencoder_initialize(buf, 5); if (ret != OK) { @@ -371,7 +371,7 @@ int board_app_initialize(uintptr_t arg) #endif #ifdef CONFIG_STM32L4_TIM8_QE - sprintf(buf, "/dev/qe%d", index++); + snprintf(buf, sizeof(buf), "/dev/qe%d", index++); ret = stm32l4_qencoder_initialize(buf, 8); if (ret != OK) { diff --git a/boards/arm/stm32l4/nucleo-l476rg/src/stm32_appinit.c b/boards/arm/stm32l4/nucleo-l476rg/src/stm32_appinit.c index e6ed2b423da..a6080453321 100644 --- a/boards/arm/stm32l4/nucleo-l476rg/src/stm32_appinit.c +++ b/boards/arm/stm32l4/nucleo-l476rg/src/stm32_appinit.c @@ -318,7 +318,7 @@ int board_app_initialize(uintptr_t arg) index = 0; #ifdef CONFIG_STM32L4_TIM1_QE - sprintf(buf, "/dev/qe%d", index++); + snprintf(buf, sizeof(buf), "/dev/qe%d", index++); ret = stm32l4_qencoder_initialize(buf, 1); if (ret < 0) { @@ -329,7 +329,7 @@ int board_app_initialize(uintptr_t arg) #endif #ifdef CONFIG_STM32L4_TIM2_QE - sprintf(buf, "/dev/qe%d", index++); + snprintf(buf, sizeof(buf), "/dev/qe%d", index++); ret = stm32l4_qencoder_initialize(buf, 2); if (ret < 0) { @@ -340,7 +340,7 @@ int board_app_initialize(uintptr_t arg) #endif #ifdef CONFIG_STM32L4_TIM3_QE - sprintf(buf, "/dev/qe%d", index++); + snprintf(buf, sizeof(buf), "/dev/qe%d", index++); ret = stm32l4_qencoder_initialize(buf, 3); if (ret < 0) { @@ -351,7 +351,7 @@ int board_app_initialize(uintptr_t arg) #endif #ifdef CONFIG_STM32L4_TIM4_QE - sprintf(buf, "/dev/qe%d", index++); + snprintf(buf, sizeof(buf), "/dev/qe%d", index++); ret = stm32l4_qencoder_initialize(buf, 4); if (ret < 0) { @@ -362,7 +362,7 @@ int board_app_initialize(uintptr_t arg) #endif #ifdef CONFIG_STM32L4_TIM5_QE - sprintf(buf, "/dev/qe%d", index++); + snprintf(buf, sizeof(buf), "/dev/qe%d", index++); ret = stm32l4_qencoder_initialize(buf, 5); if (ret < 0) { @@ -373,7 +373,7 @@ int board_app_initialize(uintptr_t arg) #endif #ifdef CONFIG_STM32L4_TIM8_QE - sprintf(buf, "/dev/qe%d", index++); + snprintf(buf, sizeof(buf), "/dev/qe%d", index++); ret = stm32l4_qencoder_initialize(buf, 8); if (ret < 0) { diff --git a/boards/sim/sim/sim/src/sim_foc.c b/boards/sim/sim/sim/src/sim_foc.c index bc3c8203211..7d3c675179c 100644 --- a/boards/sim/sim/sim/src/sim_foc.c +++ b/boards/sim/sim/sim/src/sim_foc.c @@ -86,7 +86,7 @@ int sim_foc_setup(void) /* Get devpath for FOC */ - sprintf(devpath, "/dev/foc%d", i); + snprintf(devpath, sizeof(devpath), "/dev/foc%d", i); /* Register FOC device */ diff --git a/drivers/contactless/mfrc522.c b/drivers/contactless/mfrc522.c index 378aec028a3..9b49dcd8f26 100644 --- a/drivers/contactless/mfrc522.c +++ b/drivers/contactless/mfrc522.c @@ -1391,7 +1391,7 @@ int mfrc522_selftest(FAR struct mfrc522_dev_s *dev) { for (j = 0, k = 0; j < 8; j++, k += 3) { - sprintf(&outbuf[k], " %02x", result[i + j]); + snprintf(&outbuf[k], sizeof(outbuf) - k, " %02x", result[i + j]); } ctlsinfo(" %02x:%s\n", i, outbuf); diff --git a/drivers/mtd/smart.c b/drivers/mtd/smart.c index bc6c16c6e15..496e4f06f7d 100644 --- a/drivers/mtd/smart.c +++ b/drivers/mtd/smart.c @@ -3900,7 +3900,9 @@ retry: { for (j = 0, k = 0; j < 8 && j < remaining ; j++) { - k += sprintf(&buffer[k], "%12d", dev->freecount[i + j]); + snprintf(&buffer[k], sizeof(buffer) - k, + "%12d", dev->freecount[i + j]); + k += strlen(&buffer[k]); } ferr("%04x:%s\n", i, buffer); diff --git a/drivers/net/rpmsgdrv.c b/drivers/net/rpmsgdrv.c index 28dc87b6cf4..c519ee8463a 100644 --- a/drivers/net/rpmsgdrv.c +++ b/drivers/net/rpmsgdrv.c @@ -373,8 +373,8 @@ static int net_rpmsg_drv_sockioctl_handler(FAR struct rpmsg_endpoint *ept, /* Save pointers into argv */ - sprintf(arg1, "%p", ept); - sprintf(arg2, "%p", data); + snprintf(arg1, sizeof(arg1), "%p", ept); + snprintf(arg2, sizeof(arg2), "%p", data); argv[0] = arg1; argv[1] = arg2; @@ -565,7 +565,8 @@ static void net_rpmsg_drv_device_created(FAR struct rpmsg_device *rdev, if (!strcmp(priv->cpuname, rpmsg_get_cpuname(rdev))) { priv->ept.priv = dev; - sprintf(eptname, NET_RPMSG_EPT_NAME, priv->devname); + snprintf(eptname, sizeof(eptname), + NET_RPMSG_EPT_NAME, priv->devname); rpmsg_create_ept(&priv->ept, rdev, eptname, RPMSG_ADDR_ANY, RPMSG_ADDR_ANY, diff --git a/drivers/segger/stream_rtt.c b/drivers/segger/stream_rtt.c index 1f3d97651c7..5caef0ff87d 100644 --- a/drivers/segger/stream_rtt.c +++ b/drivers/segger/stream_rtt.c @@ -121,7 +121,7 @@ void lib_rttoutstream_open(FAR struct lib_rttoutstream_s *stream, bufsize = bufsize ? bufsize : BUFFER_SIZE_UP; stream->buffer = (FAR char *)kmm_malloc(bufsize); DEBUGASSERT(stream->buffer); - sprintf(stream->name, "rtt%d", channel); + snprintf(stream->name, sizeof(stream->name), "rtt%d", channel); SEGGER_RTT_ConfigUpBuffer(channel, stream->name, stream->buffer, bufsize, SEGGER_RTT_MODE_DEFAULT); } @@ -169,7 +169,7 @@ void lib_rttinstream_open(FAR struct lib_rttinstream_s *stream, bufsize = bufsize ? bufsize : BUFFER_SIZE_DOWN; stream->buffer = (FAR char *)kmm_malloc(bufsize); DEBUGASSERT(stream->buffer); - sprintf(stream->name, "rtt%d", channel); + snprintf(stream->name, sizeof(stream->name), "rtt%d", channel); SEGGER_RTT_ConfigDownBuffer(channel, stream->name, stream->buffer, bufsize, SEGGER_RTT_MODE_DEFAULT); } diff --git a/drivers/serial/uart_rpmsg.c b/drivers/serial/uart_rpmsg.c index 15dc547da7b..7cc1587db76 100644 --- a/drivers/serial/uart_rpmsg.c +++ b/drivers/serial/uart_rpmsg.c @@ -323,7 +323,8 @@ static void uart_rpmsg_device_created(FAR struct rpmsg_device *rdev, if (strcmp(priv->cpuname, rpmsg_get_cpuname(rdev)) == 0) { priv->ept.priv = dev; - sprintf(eptname, "%s%s", UART_RPMSG_EPT_PREFIX, priv->devname); + snprintf(eptname, sizeof(eptname), "%s%s", + UART_RPMSG_EPT_PREFIX, priv->devname); rpmsg_create_ept(&priv->ept, rdev, eptname, RPMSG_ADDR_ANY, RPMSG_ADDR_ANY, uart_rpmsg_ept_cb, NULL); @@ -451,7 +452,8 @@ int uart_rpmsg_init(FAR const char *cpuname, FAR const char *devname, } nxmutex_init(&priv->lock); - sprintf(dev_name, "%s%s", UART_RPMSG_DEV_PREFIX, devname); + snprintf(dev_name, sizeof(dev_name), "%s%s", + UART_RPMSG_DEV_PREFIX, devname); uart_register(dev_name, dev); if (dev->isconsole) diff --git a/drivers/usbdev/pl2303.c b/drivers/usbdev/pl2303.c index 9248acd76fb..42e1ec64f48 100644 --- a/drivers/usbdev/pl2303.c +++ b/drivers/usbdev/pl2303.c @@ -2408,7 +2408,7 @@ int usbdev_serialinitialize(int minor) /* Register the single port supported by this implementation */ - sprintf(devname, "/dev/ttyUSB%d", minor); + snprintf(devname, sizeof(devname), "/dev/ttyUSB%d", minor); ret = uart_register(devname, &priv->serdev); if (ret) { diff --git a/drivers/wireless/cc1101.c b/drivers/wireless/cc1101.c index 91d0e434b7b..6ea9e2145e1 100644 --- a/drivers/wireless/cc1101.c +++ b/drivers/wireless/cc1101.c @@ -862,7 +862,7 @@ void cc1101_dumpregs(struct cc1101_dev_s *dev, uint8_t addr, uint8_t length) for (i = 0, j = 0; i < readsize; i++, j += 3) { - sprintf(&outbuf[j], " %02x", regbuf[i]); + snprintf(&outbuf[j], sizeof(outbuf) - j, " %02x", regbuf[i]); } /* Dump the formatted data to the syslog output */ diff --git a/drivers/wireless/ieee80211/bcm43xxx/bcmf_utils.c b/drivers/wireless/ieee80211/bcm43xxx/bcmf_utils.c index fd967c0d8cd..dd39f819b9a 100644 --- a/drivers/wireless/ieee80211/bcm43xxx/bcmf_utils.c +++ b/drivers/wireless/ieee80211/bcm43xxx/bcmf_utils.c @@ -62,9 +62,10 @@ void bcmf_hexdump(FAR uint8_t *data, unsigned int len, unsigned long offset) char_count = 0; } - sprintf(hex_line + 3 * char_count, "%02x ", data[i]); - sprintf(char_line + char_count, "%c", - data[i] < 0x20 || data[i] >= 0x7f? '.': data[i]); + snprintf(hex_line + 3 * char_count, sizeof(hex_line) - 3 * char_count, + "%02x ", data[i]); + snprintf(char_line + char_count, sizeof(char_line) - char_count, + "%c", data[i] < 0x20 || data[i] >= 0x7f? '.' : data[i]); char_count++; } diff --git a/drivers/wireless/ieee802154/at86rf23x/at86rf23x.c b/drivers/wireless/ieee802154/at86rf23x/at86rf23x.c index 75002cff582..c22566b7615 100644 --- a/drivers/wireless/ieee802154/at86rf23x/at86rf23x.c +++ b/drivers/wireless/ieee802154/at86rf23x/at86rf23x.c @@ -1302,12 +1302,15 @@ static int at86rf23x_regdump(FAR struct at86rf23x_dev_s *dev) if ((i & 0x0f) == 0) { - len = sprintf(buf, "%02x: ", i & 0xff); + snprintf(buf, sizeof(buf), "%02x: ", i & 0xff); + len = strlen(buf); } /* Print the register value */ - len += sprintf(buf + len, "%02x ", at86rf23x_getreg(dev->spi, i)); + snprintf(buf + len, sizeof(buf) - len, + "%02x ", at86rf23x_getreg(dev->spi, i)); + len += strlen(buf + len); /* At the end of each 15 regs or end of rf233s regs and actually print * debug message. @@ -1315,7 +1318,7 @@ static int at86rf23x_regdump(FAR struct at86rf23x_dev_s *dev) if ((i & 15) == 15 || i == 0x2f) { - sprintf(buf + len, "\n"); + snprintf(buf + len, sizeof(buf) - len, "\n"); wlinfo("%s", buf); } } diff --git a/drivers/wireless/ieee802154/mrf24j40/mrf24j40_regops.c b/drivers/wireless/ieee802154/mrf24j40/mrf24j40_regops.c index d1efa19d621..2bd30d74694 100644 --- a/drivers/wireless/ieee802154/mrf24j40/mrf24j40_regops.c +++ b/drivers/wireless/ieee802154/mrf24j40/mrf24j40_regops.c @@ -142,13 +142,16 @@ int mrf24j40_regdump(FAR struct mrf24j40_radio_s *dev) { if ((i & 15) == 0) { - len = sprintf(buf, "%02" PRIx32 ": ", i & 0xff); + snprintf(buf, sizeof(buf), "%02" PRIx32 ": ", i & 0xff); + len = strlen(buf); } - len += sprintf(buf + len, "%02x ", mrf24j40_getreg(dev->spi, i)); + snprintf(buf + len, sizeof(buf) - len, + "%02x ", mrf24j40_getreg(dev->spi, i)); + len += strlen(buf + len); if ((i & 15) == 15) { - sprintf(buf + len, "\n"); + snprintf(buf + len, sizeof(buf) - len, "\n"); wlinfo("%s", buf); } } @@ -159,13 +162,16 @@ int mrf24j40_regdump(FAR struct mrf24j40_radio_s *dev) { if ((i & 15) == 0) { - len = sprintf(buf, "%02" PRIx32 ": ", i & 0xff); + snprintf(buf, sizeof(buf), "%02" PRIx32 ": ", i & 0xff); + len = strlen(buf); } - len += sprintf(buf + len, "%02x ", mrf24j40_getreg(dev->spi, i)); + snprintf(buf + len, sizeof(buf) - len, + "%02x ", mrf24j40_getreg(dev->spi, i)); + len += strlen(buf + len); if ((i & 15) == 15) { - sprintf(buf + len, "\n"); + snprintf(buf + len, sizeof(buf) - len, "\n"); wlinfo("%s", buf); } } diff --git a/drivers/wireless/nrf24l01.c b/drivers/wireless/nrf24l01.c index dd80db384f1..f72d69d3b3a 100644 --- a/drivers/wireless/nrf24l01.c +++ b/drivers/wireless/nrf24l01.c @@ -210,8 +210,8 @@ static void nrf24l01_worker(FAR void *arg); #endif #ifdef CONFIG_DEBUG_WIRELESS -static void binarycvt(FAR char *deststr, FAR const uint8_t *srcbin, - size_t srclen); +static void binarycvt(FAR char *deststr, size_t destlen, + FAR const uint8_t *srcbin, size_t srclen); #endif /* POSIX API */ @@ -912,13 +912,13 @@ out: ****************************************************************************/ #ifdef CONFIG_DEBUG_WIRELESS -static void binarycvt(FAR char *deststr, FAR const uint8_t *srcbin, - size_t srclen) +static void binarycvt(FAR char *deststr, size_t destlen, + FAR const uint8_t *srcbin, size_t srclen) { int i = 0; - while (i < srclen) + while (i < srclen && 2 * (i + 1) < destlen) { - sprintf(deststr + i * 2, "%02x", srcbin[i]); + snprintf(deststr + i * 2, destlen - i * 2, "%02x", srcbin[i]); ++i; } @@ -2084,7 +2084,7 @@ void nrf24l01_dumpregs(FAR struct nrf24l01_dev_s *dev) nrf24l01_readregbyte(dev, NRF24L01_OBSERVE_TX)); nrf24l01_readreg(dev, NRF24L01_TX_ADDR, addr, dev->addrlen); - binarycvt(addrstr, addr, dev->addrlen); + binarycvt(addrstr, sizeof(addrstr), addr, dev->addrlen); syslog(LOG_INFO, "TX_ADDR: %s\n", addrstr); syslog(LOG_INFO, "CD: %02x\n", diff --git a/drivers/wireless/spirit/lib/spirit_spi.c b/drivers/wireless/spirit/lib/spirit_spi.c index a9c5a9ee4bc..2c7302d381e 100644 --- a/drivers/wireless/spirit/lib/spirit_spi.c +++ b/drivers/wireless/spirit/lib/spirit_spi.c @@ -87,7 +87,7 @@ static void spirit_dump_buffer(FAR const uint8_t *buffer, unsigned int buflen) *ptr++ = ' '; } - sprintf(ptr, "%02x ", *buffer++); + snprintf(ptr, sizeof(outbuf) - (ptr - outbuf), "%02x ", *buffer++); ptr += 3; } diff --git a/fs/inode/fs_foreachinode.c b/fs/inode/fs_foreachinode.c index 8dc1666dbba..7bab3fc8a14 100644 --- a/fs/inode/fs_foreachinode.c +++ b/fs/inode/fs_foreachinode.c @@ -55,7 +55,7 @@ struct inode_path_s { foreach_inode_t handler; FAR void *arg; - char path[CONFIG_PATH_MAX]; + char path[PATH_MAX]; }; /**************************************************************************** @@ -110,7 +110,7 @@ static int foreach_inodelevel(FAR struct inode *node, /* Make sure that this would not exceed the maximum path length */ - if (pathlen + namlen > PATH_MAX) + if (pathlen + namlen >= PATH_MAX) { ret = -ENAMETOOLONG; break; @@ -118,7 +118,8 @@ static int foreach_inodelevel(FAR struct inode *node, /* Append the path segment to this inode and recurse */ - sprintf(&info->path[pathlen], "/%s", node->i_name); + snprintf(&info->path[pathlen], sizeof(info->path) - pathlen, + "/%s", node->i_name); ret = foreach_inodelevel(node->i_child, info); /* Truncate the path name back to the correct length */ diff --git a/fs/mount/fs_automount.c b/fs/mount/fs_automount.c index da19108e9d1..628a37d9f71 100644 --- a/fs/mount/fs_automount.c +++ b/fs/mount/fs_automount.c @@ -857,7 +857,8 @@ FAR void *automount_initialize(FAR const struct automount_lower_s *lower) /* Register driver */ - sprintf(devpath, CONFIG_FS_AUTOMOUNTER_VFS_PATH "%s", lower->mountpoint); + snprintf(devpath, sizeof(devpath), + CONFIG_FS_AUTOMOUNTER_VFS_PATH "%s", lower->mountpoint); ret = register_driver(devpath, &g_automount_fops, 0444, priv); if (ret < 0) @@ -918,8 +919,8 @@ void automount_uninitialize(FAR void *handle) { char devpath[PATH_MAX]; - sprintf(devpath, CONFIG_FS_AUTOMOUNTER_VFS_PATH "%s", - lower->mountpoint); + snprintf(devpath, sizeof(devpath), + CONFIG_FS_AUTOMOUNTER_VFS_PATH "%s", lower->mountpoint); unregister_driver(devpath); } diff --git a/fs/mount/fs_foreachmountpoint.c b/fs/mount/fs_foreachmountpoint.c index 5880407cf68..2508d498eaa 100644 --- a/fs/mount/fs_foreachmountpoint.c +++ b/fs/mount/fs_foreachmountpoint.c @@ -96,7 +96,7 @@ static int mountpoint_filter(FAR struct inode *node, /* Append the inode name to the directory path */ - sprintf(&dirpath[pathlen], "/%s", node->i_name); + snprintf(&dirpath[pathlen], PATH_MAX - pathlen, "/%s", node->i_name); /* Get the status of the file system */ diff --git a/graphics/nxmu/nxmu_server.c b/graphics/nxmu/nxmu_server.c index 984a4b04ed1..9e6f59bd935 100644 --- a/graphics/nxmu/nxmu_server.c +++ b/graphics/nxmu/nxmu_server.c @@ -80,7 +80,7 @@ static inline void nxmu_connect(FAR struct nxmu_conn_s *conn) /* Create the client MQ name */ - sprintf(mqname, NX_CLIENT_MQNAMEFMT, conn->cid); + snprintf(mqname, sizeof(mqname), NX_CLIENT_MQNAMEFMT, conn->cid); /* Open the client MQ -- this should have already been created by the * client diff --git a/include/nuttx/wireless/bluetooth/bt_core.h b/include/nuttx/wireless/bluetooth/bt_core.h index 5e71dc8a030..e13ef300fc9 100644 --- a/include/nuttx/wireless/bluetooth/bt_core.h +++ b/include/nuttx/wireless/bluetooth/bt_core.h @@ -204,7 +204,7 @@ static inline int bt_addr_le_to_str(FAR const bt_addr_le_t *addr, char *str, break; default: - sprintf(type, "0x%02x", addr->type); + snprintf(type, sizeof(type), "0x%02x", addr->type); break; } diff --git a/libs/libc/misc/lib_envpath.c b/libs/libc/misc/lib_envpath.c index 0c4b3e7d81a..73a4ed13aeb 100644 --- a/libs/libc/misc/lib_envpath.c +++ b/libs/libc/misc/lib_envpath.c @@ -220,7 +220,7 @@ FAR char *envpath_next(ENVPATH_HANDLE handle, FAR const char *relpath) /* Construct the full path */ - sprintf(fullpath, "%s/%s", path, relpath); + snprintf(fullpath, pathlen, "%s/%s", path, relpath); /* Verify that a regular file exists at this path */ diff --git a/libs/libnx/nxmu/nx_connect.c b/libs/libnx/nxmu/nx_connect.c index 08762685e30..55c421b8d66 100644 --- a/libs/libnx/nxmu/nx_connect.c +++ b/libs/libnx/nxmu/nx_connect.c @@ -116,7 +116,7 @@ NXHANDLE nx_connectinstance(FAR const char *svrmqname) conn->cid = g_nxcid++; nxmutex_unlock(&g_nxliblock); - sprintf(climqname, NX_CLIENT_MQNAMEFMT, conn->cid); + snprintf(climqname, sizeof(climqname), NX_CLIENT_MQNAMEFMT, conn->cid); /* Open the client MQ for reading */ diff --git a/mm/mempool/mempool.c b/mm/mempool/mempool.c index c0dc04e7d68..7374dbb131f 100644 --- a/mm/mempool/mempool.c +++ b/mm/mempool/mempool.c @@ -503,8 +503,9 @@ void mempool_memdump(FAR struct mempool_s *pool, pid_t pid) # if CONFIG_MM_BACKTRACE > 0 for (i = 0; i < CONFIG_MM_BACKTRACE && buf->backtrace[i]; i++) { - sprintf(bt + i * MM_PTR_FMT_WIDTH, format, - MM_PTR_FMT_WIDTH - 1, buf->backtrace[i]); + snprintf(bt + i * MM_PTR_FMT_WIDTH, + sizeof(bt) - i * MM_PTR_FMT_WIDTH, + format, MM_PTR_FMT_WIDTH - 1, buf->backtrace[i]); } # endif diff --git a/mm/mm_heap/mm_memdump.c b/mm/mm_heap/mm_memdump.c index 6abf0b3b526..feb87b5b929 100644 --- a/mm/mm_heap/mm_memdump.c +++ b/mm/mm_heap/mm_memdump.c @@ -80,8 +80,9 @@ static void memdump_handler(FAR struct mm_allocnode_s *node, FAR void *arg) # if CONFIG_MM_BACKTRACE > 0 for (i = 0; i < CONFIG_MM_BACKTRACE && node->backtrace[i]; i++) { - sprintf(buf + i * MM_PTR_FMT_WIDTH, format, - MM_PTR_FMT_WIDTH - 1, node->backtrace[i]); + snprintf(buf + i * MM_PTR_FMT_WIDTH, + sizeof(buf) - i * MM_PTR_FMT_WIDTH, + format, MM_PTR_FMT_WIDTH - 1, node->backtrace[i]); } # endif diff --git a/mm/tlsf/mm_tlsf.c b/mm/tlsf/mm_tlsf.c index ea63c7afd44..36059c17f36 100644 --- a/mm/tlsf/mm_tlsf.c +++ b/mm/tlsf/mm_tlsf.c @@ -422,8 +422,9 @@ static void memdump_handler(FAR void *ptr, size_t size, int used, # if CONFIG_MM_BACKTRACE > 0 for (i = 0; i < CONFIG_MM_BACKTRACE && dump->backtrace[i]; i++) { - sprintf(buf + i * MM_PTR_FMT_WIDTH, format, - MM_PTR_FMT_WIDTH - 1, dump->backtrace[i]); + snprintf(buf + i * MM_PTR_FMT_WIDTH, + sizeof(buf) - i * MM_PTR_FMT_WIDTH, + format, MM_PTR_FMT_WIDTH - 1, dump->backtrace[i]); } # endif diff --git a/net/neighbor/neighbor_dumpentry.c b/net/neighbor/neighbor_dumpentry.c index 25eeb8a7e2b..495afa7767f 100644 --- a/net/neighbor/neighbor_dumpentry.c +++ b/net/neighbor/neighbor_dumpentry.c @@ -67,11 +67,11 @@ static void neighbor_dump_address(FAR const void *buf, unsigned int buflen) { if (i == 0) { - sprintf(outbuf, " at: "); + snprintf(outbuf, sizeof(outbuf), " at: "); } else { - sprintf(outbuf, " "); + snprintf(outbuf, sizeof(outbuf), " "); } maxj = 16; @@ -89,7 +89,7 @@ static void neighbor_dump_address(FAR const void *buf, unsigned int buflen) *ptr++ = ' '; } - sprintf(ptr, "%02x ", *buffer++); + snprintf(ptr, sizeof(outbuf) - (ptr - outbuf), "%02x ", *buffer++); ptr += 3; } diff --git a/sched/environ/env_setenv.c b/sched/environ/env_setenv.c index e4a0b12c8ea..bc5850dd0c9 100644 --- a/sched/environ/env_setenv.c +++ b/sched/environ/env_setenv.c @@ -184,7 +184,7 @@ int setenv(FAR const char *name, FAR const char *value, int overwrite) /* Now, put the new name=value string into the environment buffer */ - sprintf(pvar, "%s=%s", name, value); + snprintf(pvar, varlen, "%s=%s", name, value); sched_unlock(); return OK;