diff --git a/canutils/slcan/slcan.c b/canutils/slcan/slcan.c
index 650b0406c..1944002ae 100644
--- a/canutils/slcan/slcan.c
+++ b/canutils/slcan/slcan.c
@@ -270,22 +270,23 @@ int main(int argc, char *argv[])
/* 29 bit address */
frame.can_id = frame.can_id & ~CAN_EFF_FLAG;
- sprintf(sbuf, "T%08" PRIx32 "%d",
- frame.can_id, frame.len);
+ snprintf(sbuf, sizeof(sbuf), "T%08" PRIx32 "%d",
+ frame.can_id, frame.len);
sbp = &sbuf[10];
}
else
{
/* 11 bit address */
- sprintf(sbuf, "t%03" PRIx32 "%d",
- frame.can_id, frame.len);
+ snprintf(sbuf, sizeof(sbuf), "t%03" PRIx32 "%d",
+ frame.can_id, frame.len);
sbp = &sbuf[5];
}
for (i = 0; i < frame.len; i++)
{
- sprintf(sbp, "%02X", frame.data[i]);
+ snprintf(sbp, sizeof(sbuf) - (sbp - sbuf),
+ "%02X", frame.data[i]);
sbp += 2;
}
diff --git a/examples/embedlog/embedlog_main.c b/examples/embedlog/embedlog_main.c
index d23773e2a..97dbde77b 100644
--- a/examples/embedlog/embedlog_main.c
+++ b/examples/embedlog/embedlog_main.c
@@ -219,7 +219,7 @@ static void el_print_file(const char *workdir)
/* Create full path to log file embedlog will use */
- sprintf(log_path, "%s/log-rotate", workdir);
+ snprintf(log_path, sizeof(log_path), "%s/log-rotate", workdir);
/* Enable file rotation, maximum 5 files will be created, none of the log
* files size shall exceed 512 bytes. Rotate size is low to present how
diff --git a/examples/flash_test/flash_test.c b/examples/flash_test/flash_test.c
index 6d9df98c3..eeda05fbe 100644
--- a/examples/flash_test/flash_test.c
+++ b/examples/flash_test/flash_test.c
@@ -156,13 +156,14 @@ int main(int argc, FAR char *argv[])
/* Save the sector in our array */
- sectors[x] = (uint16_t) logsector;
+ sectors[x] = (uint16_t)logsector;
seqs[x] = seq++;
/* Now write some data to the sector */
- sprintf(buffer, "Logical sector %d sequence %d\n",
- sectors[x], seqs[x]);
+ snprintf(buffer, fmt.availbytes,
+ "Logical sector %d sequence %d\n",
+ sectors[x], seqs[x]);
readwrite.logsector = sectors[x];
readwrite.offset = 0;
@@ -202,8 +203,9 @@ int main(int argc, FAR char *argv[])
printf("\r%d ", sectors[x]);
- sprintf(&buffer[100], "Logical sector %d sequence %d\n",
- sectors[x], seqs[x]);
+ snprintf(&buffer[100], fmt.availbytes - 100,
+ "Logical sector %d sequence %d\n",
+ sectors[x], seqs[x]);
if (strcmp(buffer, &buffer[100]) != 0)
{
@@ -224,8 +226,9 @@ int main(int argc, FAR char *argv[])
/* Now write over the sector data with new data, causing a relocation.
*/
- sprintf(buffer, "Logical sector %d sequence %d\n",
- sectors[x], seqs[x]);
+ snprintf(buffer, fmt.availbytes,
+ "Logical sector %d sequence %d\n",
+ sectors[x], seqs[x]);
readwrite.logsector = sectors[x];
readwrite.offset = 0;
readwrite.count = strlen(buffer) + 1;
@@ -252,7 +255,8 @@ int main(int argc, FAR char *argv[])
* causing a relocation.
*/
- sprintf(buffer, "Appended data in sector %d\n", sectors[x]);
+ snprintf(buffer, fmt.availbytes,
+ "Appended data in sector %d\n", sectors[x]);
readwrite.logsector = sectors[x];
readwrite.offset = 64;
readwrite.count = strlen(buffer) + 1;
diff --git a/examples/foc/foc_device.c b/examples/foc/foc_device.c
index 2609cf93a..91ee1dbe9 100644
--- a/examples/foc/foc_device.c
+++ b/examples/foc/foc_device.c
@@ -50,7 +50,8 @@ int foc_device_init(FAR struct foc_device_s *dev, int id)
/* Get FOC devpath */
- sprintf(devpath, "%s%d", CONFIG_EXAMPLES_FOC_DEVPATH, id);
+ snprintf(devpath, sizeof(devpath), "%s%d",
+ CONFIG_EXAMPLES_FOC_DEVPATH, id);
/* Open FOC device */
diff --git a/examples/foc/foc_motor_b16.c b/examples/foc/foc_motor_b16.c
index 5c030b48c..6b3112a07 100644
--- a/examples/foc/foc_motor_b16.c
+++ b/examples/foc/foc_motor_b16.c
@@ -887,10 +887,10 @@ int foc_motor_init(FAR struct foc_motor_b16_s *motor,
/* Get qenco devpath */
- sprintf(motor->qedpath,
- "%s%d",
- CONFIG_EXAMPLES_FOC_QENCO_DEVPATH,
- motor->envp->id);
+ snprintf(motor->qedpath, sizeof(motor->qedpath),
+ "%s%d",
+ CONFIG_EXAMPLES_FOC_QENCO_DEVPATH,
+ motor->envp->id);
/* Configure qenco angle handler */
@@ -918,10 +918,10 @@ int foc_motor_init(FAR struct foc_motor_b16_s *motor,
/* Get hall devpath */
- sprintf(motor->hldpath,
- "%s%d",
- CONFIG_EXAMPLES_FOC_HALL_DEVPATH,
- motor->envp->id);
+ snprintf(motor->hldpath, sizeof(motor->hldpath),
+ "%s%d",
+ CONFIG_EXAMPLES_FOC_HALL_DEVPATH,
+ motor->envp->id);
/* Configure hall angle handler */
diff --git a/examples/foc/foc_motor_f32.c b/examples/foc/foc_motor_f32.c
index b1ccc6153..134a0a326 100644
--- a/examples/foc/foc_motor_f32.c
+++ b/examples/foc/foc_motor_f32.c
@@ -871,10 +871,10 @@ int foc_motor_init(FAR struct foc_motor_f32_s *motor,
/* Get qenco devpath */
- sprintf(motor->qedpath,
- "%s%d",
- CONFIG_EXAMPLES_FOC_QENCO_DEVPATH,
- motor->envp->id);
+ snprintf(motor->qedpath, sizeof(motor->qedpath),
+ "%s%d",
+ CONFIG_EXAMPLES_FOC_QENCO_DEVPATH,
+ motor->envp->id);
/* Configure qenco angle handler */
@@ -902,10 +902,10 @@ int foc_motor_init(FAR struct foc_motor_f32_s *motor,
/* Get hall devpath */
- sprintf(motor->hldpath,
- "%s%d",
- CONFIG_EXAMPLES_FOC_HALL_DEVPATH,
- motor->envp->id);
+ snprintf(motor->hldpath, sizeof(motor->hldpath),
+ "%s%d",
+ CONFIG_EXAMPLES_FOC_HALL_DEVPATH,
+ motor->envp->id);
/* Configure hall angle handler */
diff --git a/examples/foc/foc_thr.c b/examples/foc/foc_thr.c
index debec1529..f7f18bf1b 100644
--- a/examples/foc/foc_thr.c
+++ b/examples/foc/foc_thr.c
@@ -107,7 +107,7 @@ static FAR void *foc_control_thr(FAR void *arg)
/* Get queue name */
- sprintf(mqname, "%s%d", CONTROL_MQ_MQNAME, envp->id);
+ snprintf(mqname, sizeof(mqname), "%s%d", CONTROL_MQ_MQNAME, envp->id);
/* Open queue */
@@ -299,7 +299,7 @@ int foc_ctrlthr_init(FAR struct foc_ctrl_env_s *foc, int i, FAR mqd_t *mqd,
/* Get queue name */
- sprintf(mqname, "%s%d", CONTROL_MQ_MQNAME, foc->id);
+ snprintf(mqname, sizeof(mqname), "%s%d", CONTROL_MQ_MQNAME, foc->id);
/* Initialize thread recv queue */
diff --git a/examples/json/README.md b/examples/json/README.md
index 0d9fcf5d4..047b6c150 100644
--- a/examples/json/README.md
+++ b/examples/json/README.md
@@ -192,8 +192,9 @@ void parse_and_callback(cJSON *item, const char *prefix)
{
while (item)
{
- char *newprefix = malloc(strlen(prefix) + strlen(item->name) + 2);
- sprintf(newprefix, "%s/%s", prefix, item->name);
+ size_t len = strlen(prefix) + strlen(item->name) + 2;
+ char *newprefix = malloc(len);
+ snprintf(newprefix, len, "%s/%s", prefix, item->name);
int dorecurse = callback(newprefix, item->type, item);
if (item->child && dorecurse) parse_and_callback(item->child, newprefix);
item = item->next;
diff --git a/examples/mcuboot/update_agent/mcuboot_agent_main.c b/examples/mcuboot/update_agent/mcuboot_agent_main.c
index f37ab8c60..935dca501 100644
--- a/examples/mcuboot/update_agent/mcuboot_agent_main.c
+++ b/examples/mcuboot/update_agent/mcuboot_agent_main.c
@@ -207,7 +207,8 @@ static int download_firmware_image(FAR const char *url)
for (i = 0; i < MD5_DIGEST_LENGTH; i++)
{
- sprintf(&hash[i * 2], "%02x", digest[i]);
+ snprintf(&hash[i * 2], sizeof(hash) - i * 2,
+ "%02x", digest[i]);
}
hash[MD5_HASH_LENGTH] = '\0';
diff --git a/examples/mount/mount_main.c b/examples/mount/mount_main.c
index f31dc181b..30051d9b9 100644
--- a/examples/mount/mount_main.c
+++ b/examples/mount/mount_main.c
@@ -212,7 +212,8 @@ static void show_directories(const char *path, int indent)
{
char *subdir;
printf("%s/\n", direntry->d_name);
- sprintf(g_namebuffer, "%s/%s", path, direntry->d_name);
+ snprintf(g_namebuffer, sizeof(g_namebuffer),
+ "%s/%s", path, direntry->d_name);
subdir = strdup(g_namebuffer);
show_directories(subdir, indent + 1);
free(subdir);
diff --git a/examples/netloop/lo_main.c b/examples/netloop/lo_main.c
index 12dede13b..2775c0da9 100644
--- a/examples/netloop/lo_main.c
+++ b/examples/netloop/lo_main.c
@@ -152,7 +152,7 @@ static int lo_client(void)
for (i = 0; ; i++)
{
- sprintf(outbuf, "Loopback message %d", i);
+ snprintf(outbuf, sizeof(outbuf), "Loopback message %d", i);
len = strlen(outbuf);
printf("lo_client: Sending '%s' (%d bytes)\n", outbuf, len);
diff --git a/examples/pdcurses/tui.c b/examples/pdcurses/tui.c
index c927aed7e..ae08eabf7 100644
--- a/examples/pdcurses/tui.c
+++ b/examples/pdcurses/tui.c
@@ -92,8 +92,9 @@ static char *padstr(char *s, int length)
static char buf[MAXSTRLEN];
char fmt[10];
- sprintf(fmt, (int)strlen(s) > length ? "%%.%ds" : "%%-%ds", length);
- sprintf(buf, fmt, s);
+ snprintf(fmt, sizeof(fmt),
+ (int)strlen(s) > length ? "%%.%ds" : "%%-%ds", length);
+ snprintf(buf, sizeof(buf), fmt, s);
return buf;
}
@@ -206,7 +207,7 @@ static void idle(void)
}
tp = localtime(&t);
- sprintf(buf, " %.2d-%.2d-%.4d %.2d:%.2d:%.2d",
+ snprintf(buf, sizeof(buf), " %.2d-%.2d-%.4d %.2d:%.2d:%.2d",
tp->tm_mday, tp->tm_mon + 1, tp->tm_year + 1900,
tp->tm_hour, tp->tm_min, tp->tm_sec);
diff --git a/examples/pdcurses/tui_main.c b/examples/pdcurses/tui_main.c
index 128955ef7..c9a8c1b2f 100644
--- a/examples/pdcurses/tui_main.c
+++ b/examples/pdcurses/tui_main.c
@@ -204,7 +204,7 @@ static void showfile(char *fname)
}
else
{
- sprintf(buf, "ERROR: file '%s' not found", fname);
+ snprintf(buf, sizeof(buf), "ERROR: file '%s' not found", fname);
errormsg(buf);
}
}
diff --git a/examples/poll/host.c b/examples/poll/host.c
index 868fca718..e3dbbc2ed 100644
--- a/examples/poll/host.c
+++ b/examples/poll/host.c
@@ -98,7 +98,7 @@ int main(int argc, char **argv, char **envp)
for (i = 0; ; i++)
{
- sprintf(outbuf, "Remote message %d", i);
+ snprintf(outbuf, sizeof(outbuf), "Remote message %d", i);
len = strlen(outbuf);
printf("client: Sending '%s' (%d bytes)\n", outbuf, len);
diff --git a/examples/poll/poll_main.c b/examples/poll/poll_main.c
index 5e801b856..39d2d318d 100644
--- a/examples/poll/poll_main.c
+++ b/examples/poll/poll_main.c
@@ -163,7 +163,7 @@ int main(int argc, FAR char *argv[])
* from the poll.
*/
- sprintf(buffer, "Message %d", count);
+ snprintf(buffer, sizeof(buffer), "Message %d", count);
nbytes = write(fd1, buffer, strlen(buffer));
if (nbytes < 0)
{
diff --git a/examples/rgbled/rgbled.c b/examples/rgbled/rgbled.c
index 405e54beb..5521383e5 100644
--- a/examples/rgbled/rgbled.c
+++ b/examples/rgbled/rgbled.c
@@ -92,7 +92,7 @@ int main(int argc, FAR char *argv[])
sgreen = 1;
}
- sprintf(buffer, "#%02X%02X%02X", red, green, blue);
+ snprintf(buffer, sizeof(buffer), "#%02X%02X%02X", red, green, blue);
write(fd, buffer, 8);
usleep(5000);
}
diff --git a/examples/romfs/romfs_main.c b/examples/romfs/romfs_main.c
index 2f55f82c0..4ffdefe33 100644
--- a/examples/romfs/romfs_main.c
+++ b/examples/romfs/romfs_main.c
@@ -389,7 +389,8 @@ static void readdirectories(const char *path, struct node_s *entry)
/* Get the full path to the entry */
- sprintf(g_scratchbuffer, "%s/%s", path, direntry->d_name);
+ snprintf(g_scratchbuffer, sizeof(g_scratchbuffer),
+ "%s/%s", path, direntry->d_name);
fullpath = strdup(g_scratchbuffer);
if (DIRENT_ISDIRECTORY(direntry->d_type))
diff --git a/examples/wgetjson/wgetjson_main.c b/examples/wgetjson/wgetjson_main.c
index 6f7715341..55a95a94d 100644
--- a/examples/wgetjson/wgetjson_main.c
+++ b/examples/wgetjson/wgetjson_main.c
@@ -249,8 +249,9 @@ static void wgetjson_json_item_scan(cJSON *item, const char *prefix)
while (item)
{
const char *string = item->string ? item->string : "(null)";
- newprefix = malloc(strlen(prefix) + strlen(string) + 2);
- sprintf(newprefix, "%s/%s", prefix, string);
+ size_t len = strlen(prefix) + strlen(string) + 2;
+ newprefix = malloc(len);
+ snprintf(newprefix, len, "%s/%s", prefix, string);
dorecurse = wgetjson_json_item_callback(newprefix, item->type, item);
if (item->child && dorecurse)
diff --git a/graphics/pdcurs34/pdcurses/pdc_initscr.c b/graphics/pdcurs34/pdcurses/pdc_initscr.c
index 5ec34460d..52a685250 100644
--- a/graphics/pdcurs34/pdcurses/pdc_initscr.c
+++ b/graphics/pdcurs34/pdcurses/pdc_initscr.c
@@ -262,7 +262,8 @@ WINDOW *Xinitscr(int argc, char *argv[])
def_shell_mode();
- sprintf(ttytype, "pdcurses|PDCurses for %s", PDC_sysname());
+ snprintf(ttytype, sizeof(ttytype),
+ "pdcurses|PDCurses for %s", PDC_sysname());
return stdscr;
}
diff --git a/graphics/pdcurs34/pdcurses/pdc_panel.c b/graphics/pdcurs34/pdcurses/pdc_panel.c
index 03edaf490..62f0e9322 100644
--- a/graphics/pdcurs34/pdcurses/pdc_panel.c
+++ b/graphics/pdcurs34/pdcurses/pdc_panel.c
@@ -184,7 +184,7 @@ static void dstack(char *fmt, int num, PANEL *pan)
{
char s80[80];
- sprintf(s80, fmt, num, pan);
+ snprintf(s80, sizeof(s80), fmt, num, pan);
PDC_LOG(("%s b=%s t=%s", s80, _bottom_panel ? _bottom_panel->user : "--",
_top_panel ? _top_panel->user : "--"));
@@ -220,7 +220,7 @@ static void dtouchline(PANEL *pan, int start, int count)
{
char s80[80];
- sprintf(s80, "dtouchline s=%d c=%d", start, count);
+ snprintf(s80, sizeof(s80), "dtouchline s=%d c=%d", start, count);
dpanel(s80, pan);
touchline(pan->win, start, count);
}
diff --git a/interpreters/bas/bas_global.c b/interpreters/bas/bas_global.c
index 764150fc0..32e3a008b 100644
--- a/interpreters/bas/bas_global.c
+++ b/interpreters/bas/bas_global.c
@@ -179,7 +179,7 @@ static struct Value *hex(struct Value *v, long int value, long int digits)
{
char buf[sizeof(long int) * 2 + 1];
- sprintf(buf, "%0*lx", (int)digits, value);
+ snprintf(buf, sizeof(buf), "%0*lx", (int)digits, value);
Value_new_STRING(v);
String_appendChars(&v->u.string, buf);
return v;
@@ -686,8 +686,9 @@ static struct Value *fn_date(struct Value *v, struct Auto *stack)
String_size(&v->u.string, 10);
time(&t);
now = localtime(&t);
- sprintf(v->u.string.character, "%02d-%02d-%04d", now->tm_mon + 1,
- now->tm_mday, now->tm_year + 1900);
+ snprintf(v->u.string.character, v->u.string.length + 1,
+ "%02d-%02d-%04d", now->tm_mon + 1,
+ now->tm_mday, now->tm_year + 1900);
return v;
}
@@ -964,7 +965,7 @@ static struct Value *fn_hexi(struct Value *v, struct Auto *stack)
{
char buf[sizeof(long int) * 2 + 1];
- sprintf(buf, "%lx", intValue(stack, 0));
+ snprintf(buf, sizeof(buf), "%lx", intValue(stack, 0));
Value_new_STRING(v);
String_appendChars(&v->u.string, buf);
return v;
@@ -982,7 +983,7 @@ static struct Value *fn_hexd(struct Value *v, struct Auto *stack)
return Value_new_ERROR(v, OUTOFRANGE, _("number"));
}
- sprintf(buf, "%lx", n);
+ snprintf(buf, sizeof(buf), "%lx", n);
Value_new_STRING(v);
String_appendChars(&v->u.string, buf);
return v;
@@ -1639,7 +1640,7 @@ static struct Value *fn_oct(struct Value *v, struct Auto *stack)
{
char buf[sizeof(long int) * 3 + 1];
- sprintf(buf, "%lo", intValue(stack, 0));
+ snprintf(buf, sizeof(buf), "%lo", intValue(stack, 0));
Value_new_STRING(v);
String_appendChars(&v->u.string, buf);
return v;
@@ -1910,8 +1911,9 @@ static struct Value *fn_times(struct Value *v, struct Auto *stack)
String_size(&v->u.string, 8);
time(&t);
now = localtime(&t);
- sprintf(v->u.string.character, "%02d:%02d:%02d", now->tm_hour, now->tm_min,
- now->tm_sec);
+ snprintf(v->u.string.character, v->u.string.length + 1,
+ "%02d:%02d:%02d", now->tm_hour, now->tm_min,
+ now->tm_sec);
return v;
}
diff --git a/interpreters/bas/bas_program.c b/interpreters/bas/bas_program.c
index 358d560cf..0cda5089d 100644
--- a/interpreters/bas/bas_program.c
+++ b/interpreters/bas/bas_program.c
@@ -162,7 +162,8 @@ static void Xref_print(struct Xref *root,
FS_putChars(chn, "\n ");
}
- sprintf(buf, " %ld", Program_lineNumber(p, &cur->line));
+ snprintf(buf, sizeof(buf), " %ld",
+ Program_lineNumber(p, &cur->line));
FS_putChars(chn, buf);
}
while (cur != tail);
@@ -184,7 +185,8 @@ static void printLine(const void *k, struct Program *p, int chn)
{
char buf[80];
- sprintf(buf, "%8ld", Program_lineNumber(p, (const struct Pc *)k));
+ snprintf(buf, sizeof(buf), "%8ld",
+ Program_lineNumber(p, (const struct Pc *)k));
FS_putChars(chn, buf);
}
@@ -603,7 +605,8 @@ void Program_trace(struct Program *this, struct Pc *pc, int dev, int tr)
{
char buf[40];
- sprintf(buf, "<%ld>\n", this->code[pc->line]->u.integer);
+ snprintf(buf, sizeof(buf), "<%ld>\n",
+ this->code[pc->line]->u.integer);
FS_putChars(dev, buf);
}
}
diff --git a/interpreters/minibasic/basic.c b/interpreters/minibasic/basic.c
index 304b73b7f..2a5d4e74e 100644
--- a/interpreters/minibasic/basic.c
+++ b/interpreters/minibasic/basic.c
@@ -2746,7 +2746,7 @@ static FAR char *strstring(void)
x = expr();
match(CPAREN);
- sprintf(g_iobuffer, "%g", x);
+ snprintf(g_iobuffer, sizeof(g_iobuffer), "%g", x);
answer = mystrdup(g_iobuffer);
if (!answer)
{
diff --git a/netutils/chat/chat.c b/netutils/chat/chat.c
index 3954498de..cbc2326a5 100644
--- a/netutils/chat/chat.c
+++ b/netutils/chat/chat.c
@@ -332,7 +332,7 @@ static int chat_internalise(FAR struct chat *priv,
if (rhs)
{
- len = strlen(tok->string);
+ len = strlen(tok->string) + 1;
if (!tok->no_termin)
{
/* Add space for the line terminator */
@@ -340,13 +340,13 @@ static int chat_internalise(FAR struct chat *priv,
len += 2;
}
- line->rhs = malloc(len + 1);
+ line->rhs = malloc(len);
if (line->rhs)
{
/* Copy the token and add the line terminator as appropriate */
- sprintf(line->rhs, tok->no_termin ? "%s" : "%s\r\n",
- tok->string);
+ snprintf(line->rhs, len,
+ tok->no_termin ? "%s" : "%s\r\n", tok->string);
}
else
{
diff --git a/netutils/codecs/md5.c b/netutils/codecs/md5.c
index 83e6dc0aa..a319ec14b 100644
--- a/netutils/codecs/md5.c
+++ b/netutils/codecs/md5.c
@@ -399,7 +399,7 @@ char *md5_hash(const uint8_t * addr, const size_t len)
md5_sum(addr, len, digest);
for (i = 0; i < 16; i++)
{
- sprintf(&hash[i * 2], "%02x", digest[i]);
+ snprintf(&hash[i * 2], 33 - i * 2, "%02x", digest[i]);
}
hash[32] = 0;
diff --git a/netutils/ftpd/ftpd.c b/netutils/ftpd/ftpd.c
index 80255baa4..f9d94347e 100644
--- a/netutils/ftpd/ftpd.c
+++ b/netutils/ftpd/ftpd.c
@@ -1383,8 +1383,9 @@ static FAR char *ftpd_node2path(FAR struct ftpd_pathnode_s *node,
FAR struct ftpd_pathnode_s *node1;
FAR struct ftpd_pathnode_s *node2;
FAR char *path;
- FAR size_t allocsize;
- FAR size_t namelen;
+ size_t allocsize;
+ size_t namelen;
+ size_t next;
if (node == NULL)
{
@@ -1424,7 +1425,7 @@ static FAR char *ftpd_node2path(FAR struct ftpd_pathnode_s *node,
}
else
{
- allocsize += namelen +1;
+ allocsize += namelen + 1;
}
}
else
@@ -1441,7 +1442,7 @@ static FAR char *ftpd_node2path(FAR struct ftpd_pathnode_s *node,
return NULL;
}
- allocsize = 0;
+ next = 0;
node1 = node;
while (node1 != NULL)
{
@@ -1471,19 +1472,20 @@ static FAR char *ftpd_node2path(FAR struct ftpd_pathnode_s *node,
{
if (namelen <= 0)
{
- allocsize += sprintf(&path[allocsize], "/");
+ snprintf(&path[next], allocsize - next, "/");
}
else
{
- allocsize += sprintf(&path[allocsize], "%s", node1->name);
+ snprintf(&path[next], allocsize - next, "%s", node1->name);
}
}
else
{
- allocsize += sprintf(&path[allocsize], "%s%s", node1->name, "/");
+ snprintf(&path[next], allocsize - next, "%s%s", node1->name, "/");
}
node1 = node1->flink;
+ next += strlen(&path[next]);
}
return path;
diff --git a/netutils/tftpc/tftpc_get.c b/netutils/tftpc/tftpc_get.c
index e3c53c365..4432e1e96 100644
--- a/netutils/tftpc/tftpc_get.c
+++ b/netutils/tftpc/tftpc_get.c
@@ -153,8 +153,8 @@ int tftpget_cb(FAR const char *remote, in_addr_t addr, bool binary,
if (blockno == 1)
{
- len = tftp_mkreqpacket(packet, TFTP_RRQ, remote,
- binary);
+ len = tftp_mkreqpacket(packet, TFTP_IOBUFSIZE,
+ TFTP_RRQ, remote, binary);
server.sin_port = HTONS(CONFIG_NETUTILS_TFTP_PORT);
ret = tftp_sendto(sd, packet, len, &server);
if (ret != len)
diff --git a/netutils/tftpc/tftpc_internal.h b/netutils/tftpc/tftpc_internal.h
index 6174b82cd..bc6e81120 100644
--- a/netutils/tftpc/tftpc_internal.h
+++ b/netutils/tftpc/tftpc_internal.h
@@ -158,7 +158,7 @@
/* Defined in tftp_packet.c *************************************************/
extern int tftp_sockinit(struct sockaddr_in *server, in_addr_t addr);
-extern int tftp_mkreqpacket(uint8_t *buffer, int opcode,
+extern int tftp_mkreqpacket(uint8_t *buffer, size_t len, int opcode,
const char *path, bool binary);
extern int tftp_mkackpacket(uint8_t *buffer, uint16_t blockno);
extern int tftp_mkerrpacket(uint8_t *buffer, uint16_t errorcode,
diff --git a/netutils/tftpc/tftpc_packets.c b/netutils/tftpc/tftpc_packets.c
index dae95f81a..4c981a43e 100644
--- a/netutils/tftpc/tftpc_packets.c
+++ b/netutils/tftpc/tftpc_packets.c
@@ -122,13 +122,16 @@ int tftp_sockinit(struct sockaddr_in *server, in_addr_t addr)
*
****************************************************************************/
-int tftp_mkreqpacket(uint8_t *buffer, int opcode, const char *path,
- bool binary)
+int tftp_mkreqpacket(uint8_t *buffer, size_t len, int opcode,
+ const char *path, bool binary)
{
+ int ret;
+
buffer[0] = opcode >> 8;
buffer[1] = opcode & 0xff;
- return sprintf((char *)&buffer[2], "%s%c%s", path, 0,
+ ret = snprintf((char *)&buffer[2], len - 2, "%s%c%s", path, 0,
tftp_mode(binary)) + 3;
+ return ret < len ? ret : len;
}
/****************************************************************************
diff --git a/netutils/tftpc/tftpc_put.c b/netutils/tftpc/tftpc_put.c
index 216979564..a30e35798 100644
--- a/netutils/tftpc/tftpc_put.c
+++ b/netutils/tftpc/tftpc_put.c
@@ -302,7 +302,8 @@ int tftpput_cb(FAR const char *remote, in_addr_t addr, bool binary,
retry = 0;
for (; ; )
{
- packetlen = tftp_mkreqpacket(packet, TFTP_WRQ, remote, binary);
+ packetlen = tftp_mkreqpacket(packet, TFTP_IOBUFSIZE,
+ TFTP_WRQ, remote, binary);
ret = tftp_sendto(sd, packet, packetlen, &server);
if (ret != packetlen)
{
diff --git a/netutils/thttpd/cgi-src/redirect.c b/netutils/thttpd/cgi-src/redirect.c
index afe21f0df..87811af24 100644
--- a/netutils/thttpd/cgi-src/redirect.c
+++ b/netutils/thttpd/cgi-src/redirect.c
@@ -179,14 +179,15 @@ int main(int argc, char *argv[])
path_info = getenv("PATH_INFO");
if (path_info)
{
- cp = (char *)malloc(strlen(script_name) + strlen(path_info) + 1);
+ size_t len = strlen(script_name) + strlen(path_info) + 1;
+ cp = (char *)malloc(len);
if (!cp)
{
internal_error("Out of memory.");
return 2;
}
- sprintf(cp, "%s%s", script_name, path_info);
+ snprintf(cp, len, "%s%s", script_name, path_info);
script_name = cp;
}
diff --git a/netutils/thttpd/cgi-src/ssi.c b/netutils/thttpd/cgi-src/ssi.c
index 521ee040b..08ae08043 100644
--- a/netutils/thttpd/cgi-src/ssi.c
+++ b/netutils/thttpd/cgi-src/ssi.c
@@ -324,7 +324,8 @@ static int check_filename(char *filename)
*cp = '\0';
}
- authname = malloc(strlen(dirname) + 1 + sizeof(CONFIG_AUTH_FILE));
+ fnl = strlen(dirname) + 1 + sizeof(CONFIG_AUTH_FILE);
+ authname = malloc(fnl);
if (!authname)
{
/* out of memory */
@@ -333,7 +334,7 @@ static int check_filename(char *filename)
return 0;
}
- sprintf(authname, "%s/%s", dirname, CONFIG_AUTH_FILE);
+ snprintf(authname, fnl, "%s/%s", dirname, CONFIG_AUTH_FILE);
r = stat(authname, &sb);
free(dirname);
@@ -907,6 +908,7 @@ int main(int argc, char *argv[])
char *script_name;
char *path_info;
char *path_translated;
+ size_t len;
int errcode = 0;
/* Default formats. */
@@ -935,14 +937,15 @@ int main(int argc, char *argv[])
path_info = "";
}
- g_url = (char *)malloc(strlen(script_name) + strlen(path_info) + 1);
+ len = strlen(script_name) + strlen(path_info) + 1;
+ g_url = (char *)malloc(len);
if (!g_url)
{
internal_error("Out of memory.");
return 2;
}
- sprintf(g_url, "%s%s", script_name, path_info);
+ snprintf(g_url, len, "%s%s", script_name, path_info);
/* Get the name of the file to parse. */
diff --git a/netutils/thttpd/thttpd_strings.c b/netutils/thttpd/thttpd_strings.c
index 5e0e79687..d541b7dcd 100644
--- a/netutils/thttpd/thttpd_strings.c
+++ b/netutils/thttpd/thttpd_strings.c
@@ -178,7 +178,7 @@ void httpd_strencode(char *to, int tosize, char *from)
}
else
{
- sprintf(to, "%%%02x", (int)*from & 0xff);
+ snprintf(to, tosize - tolen, "%%%02x", (int)*from & 0xff);
to += 3;
tolen += 3;
}
diff --git a/netutils/webclient/webclient.c b/netutils/webclient/webclient.c
index 89654a3b8..09ea2a366 100644
--- a/netutils/webclient/webclient.c
+++ b/netutils/webclient/webclient.c
@@ -1770,7 +1770,7 @@ int webclient_perform(FAR struct webclient_context *ctx)
char post_size[sizeof("18446744073709551615")];
dest = append(dest, ep, g_httpcontsize);
- sprintf(post_size, "%zu", ctx->bodylen);
+ snprintf(post_size, sizeof(post_size), "%zu", ctx->bodylen);
dest = append(dest, ep, post_size);
dest = append(dest, ep, g_httpcrnl);
}
diff --git a/netutils/xmlrpc/response.c b/netutils/xmlrpc/response.c
index bfc99daa2..54577be74 100644
--- a/netutils/xmlrpc/response.c
+++ b/netutils/xmlrpc/response.c
@@ -164,6 +164,7 @@ int xmlrpc_getstring(struct xmlrpc_s *xmlcall, char *arg)
int xmlrpc_buildresponse(struct xmlrpc_s *xmlcall, char *args, ...)
{
va_list argp;
+ int next = 0;
int index = 0;
int close = 0;
int isstruct = 0;
@@ -195,6 +196,7 @@ int xmlrpc_buildresponse(struct xmlrpc_s *xmlcall, char *args, ...)
sizeof(xmlcall->response));
}
+ next = strlen(xmlcall->response);
va_start(argp, args);
while (args[index])
@@ -203,10 +205,15 @@ int xmlrpc_buildresponse(struct xmlrpc_s *xmlcall, char *args, ...)
{
if ((args[index] != '{') && (args[index] != '}'))
{
- sprintf(&xmlcall->response[strlen(xmlcall->response)],
- " \n");
- sprintf(&xmlcall->response[strlen(xmlcall->response)],
- " %s\n", va_arg(argp, char *));
+ snprintf(&xmlcall->response[next],
+ sizeof(xmlcall->response) - next,
+ " \n");
+ next += strlen(&xmlcall->response[next]);
+ snprintf(&xmlcall->response[next],
+ sizeof(xmlcall->response) - next,
+ " %s\n",
+ va_arg(argp, char *));
+ next += strlen(&xmlcall->response[next]);
close = 1;
}
}
@@ -214,39 +221,45 @@ int xmlrpc_buildresponse(struct xmlrpc_s *xmlcall, char *args, ...)
switch (args[index])
{
case '{':
- sprintf(&xmlcall->response[strlen(xmlcall->response)],
- " \n");
+ snprintf(&xmlcall->response[next],
+ sizeof(xmlcall->response) - next,
+ " \n");
isstruct = 1;
break;
case '}':
- sprintf(&xmlcall->response[strlen(xmlcall->response)],
- " \n");
+ snprintf(&xmlcall->response[next],
+ sizeof(xmlcall->response) - next,
+ " \n");
isstruct = 0;
break;
case 'i':
i = va_arg(argp, int);
- sprintf(&xmlcall->response[strlen(xmlcall->response)],
- " %d\r\n", i);
+ snprintf(&xmlcall->response[next],
+ sizeof(xmlcall->response) - next,
+ " %d\r\n", i);
break;
case 'b':
i = va_arg(argp, int);
- sprintf(&xmlcall->response[strlen(xmlcall->response)],
+ snprintf(&xmlcall->response[next],
+ sizeof(xmlcall->response) - next,
" %d\r\n", i);
break;
case 'd':
d = va_arg(argp, double);
- sprintf(&xmlcall->response[strlen(xmlcall->response)],
- " %f\r\n", d);
+ snprintf(&xmlcall->response[next],
+ sizeof(xmlcall->response) - next,
+ " %f\r\n", d);
break;
case 's':
s = va_arg(argp, char *);
- sprintf(&xmlcall->response[strlen(xmlcall->response)],
- " %s\r\n", s);
+ snprintf(&xmlcall->response[next],
+ sizeof(xmlcall->response) - next,
+ " %s\r\n", s);
break;
default:
@@ -254,10 +267,13 @@ int xmlrpc_buildresponse(struct xmlrpc_s *xmlcall, char *args, ...)
break;
}
+ next += strlen(&xmlcall->response[next]);
if (close)
{
- sprintf(&xmlcall->response[strlen(xmlcall->response)],
- " \n");
+ snprintf(&xmlcall->response[next],
+ sizeof(xmlcall->response) - next,
+ " \n");
+ next += strlen(&xmlcall->response[next]);
close = 0;
}
diff --git a/nshlib/nsh_dbgcmds.c b/nshlib/nsh_dbgcmds.c
index fc2b587a7..df6709a88 100644
--- a/nshlib/nsh_dbgcmds.c
+++ b/nshlib/nsh_dbgcmds.c
@@ -297,19 +297,22 @@ void nsh_dumpbuffer(FAR struct nsh_vtbl_s *vtbl, FAR const char *msg,
nsh_output(vtbl, "%s:\n", msg);
for (i = 0; i < nbytes; i += 16)
{
- sprintf(line, "%04x: ", i);
+ snprintf(line, sizeof(line), "%04x: ", i);
+ size = strlen(line);
for (j = 0; j < 16; j++)
{
- size = strlen(line);
if (i + j < nbytes)
{
- sprintf(&line[size], "%02x ", buffer[i + j]);
+ snprintf(&line[size], sizeof(line) - size,
+ "%02x ", buffer[i + j]);
}
else
{
strlcpy(&line[size], " ", sizeof(line) - size);
}
+
+ size += strlen(&line[size]);
}
for (j = 0; j < 16; j++)
@@ -317,8 +320,9 @@ void nsh_dumpbuffer(FAR struct nsh_vtbl_s *vtbl, FAR const char *msg,
if (i + j < nbytes)
{
ch = buffer[i + j];
- sprintf(&line[strlen(line)], "%c",
- ch >= 0x20 && ch <= 0x7e ? ch : '.');
+ snprintf(&line[size], sizeof(line) - size,
+ "%c", ch >= 0x20 && ch <= 0x7e ? ch : '.');
+ size += strlen(&line[size]);
}
}
diff --git a/nshlib/nsh_vars.c b/nshlib/nsh_vars.c
index 04f31a518..f6620942c 100644
--- a/nshlib/nsh_vars.c
+++ b/nshlib/nsh_vars.c
@@ -283,7 +283,7 @@ int nsh_setvar(FAR struct nsh_vtbl_s *vtbl, FAR const char *name,
/* Now, put the new name=value string into the NSH variable buffer */
- sprintf(pair, "%s=%s", name, value);
+ snprintf(pair, varlen, "%s=%s", name, value);
return OK;
}
#endif
diff --git a/system/cfgdata/cfgdata_main.c b/system/cfgdata/cfgdata_main.c
index a4278cc4f..326c621e7 100644
--- a/system/cfgdata/cfgdata_main.c
+++ b/system/cfgdata/cfgdata_main.c
@@ -562,9 +562,11 @@ static void cfgdatacmd_show_all_config_items(void)
/* Print header */
#ifdef CONFIG_MTD_CONFIG_NAMED
- sprintf(fmtstr, "%%-%ds%%-6sData\n", CONFIG_MTD_CONFIG_NAME_LEN);
+ snprintf(fmtstr, sizeof(fmtstr),
+ "%%-%ds%%-6sData\n", CONFIG_MTD_CONFIG_NAME_LEN);
printf(fmtstr, "Name", "Len");
- sprintf(fmtstr, "%%-%ds%%-6d", CONFIG_MTD_CONFIG_NAME_LEN);
+ snprintf(fmtstr, sizeof(fmtstr),
+ "%%-%ds%%-6d", CONFIG_MTD_CONFIG_NAME_LEN);
#else
strlcpy(fmtstr, "%-6s%-6s%-6sData\n", sizeof(fmtstr));
printf(fmtstr, "ID", "Inst", "Len");
@@ -618,7 +620,8 @@ static void cfgdatacmd_show_all_config_items(void)
char fmtstr2[10];
#ifdef CONFIG_MTD_CONFIG_NAMED
- sprintf(fmtstr2, "\n%ds", CONFIG_MTD_CONFIG_NAME_LEN + 6);
+ snprintf(fmtstr2, sizeof(fmtstr2),
+ "\n%ds", CONFIG_MTD_CONFIG_NAME_LEN + 6);
#else
strlcpy(fmtstr2, "\n%18s", sizeof(fmtstr2));
#endif
diff --git a/system/ntpc/ntpcstatus_main.c b/system/ntpc/ntpcstatus_main.c
index 89969e0c3..376525b41 100644
--- a/system/ntpc/ntpcstatus_main.c
+++ b/system/ntpc/ntpcstatus_main.c
@@ -45,7 +45,7 @@
#define NTP_TIME_STR_MAX_LEN (1 + 21 + 1 + 9 + 1)
static void
-format_ntptimestamp(int64_t ts, FAR char *buf)
+format_ntptimestamp(int64_t ts, FAR char *buf, size_t len)
{
FAR const char *sign;
uint64_t absts;
@@ -61,9 +61,9 @@ format_ntptimestamp(int64_t ts, FAR char *buf)
absts = ts;
}
- sprintf(buf, "%s%" PRIu64 ".%09" PRIu64,
- sign, absts >> 32,
- ((absts & 0xffffffff) * NSEC_PER_SEC) >> 32);
+ snprintf(buf, len, "%s%" PRIu64 ".%09" PRIu64,
+ sign, absts >> 32,
+ ((absts & 0xffffffff) * NSEC_PER_SEC) >> 32);
}
/****************************************************************************
@@ -115,8 +115,10 @@ int main(int argc, FAR char *argv[])
}
#endif
- format_ntptimestamp(status.samples[i].offset, offset_buf);
- format_ntptimestamp(status.samples[i].delay, delay_buf);
+ format_ntptimestamp(status.samples[i].offset,
+ offset_buf, sizeof(offset_buf));
+ format_ntptimestamp(status.samples[i].delay,
+ delay_buf, sizeof(delay_buf));
printf("[%u] srv %s offset %s delay %s\n",
i, name, offset_buf, delay_buf);
}
diff --git a/system/sched_note/note_main.c b/system/sched_note/note_main.c
index fb47a2a3d..05d081b6f 100644
--- a/system/sched_note/note_main.c
+++ b/system/sched_note/note_main.c
@@ -729,7 +729,9 @@ static void dump_notes(size_t nread)
for (i = 0; i < count; i++)
{
- ret += sprintf(&out[ret], " 0x%x", note_binary->nbi_data[i]);
+ snprintf(&out[ret], sizeof(out) - ret,
+ " 0x%x", note_binary->nbi_data[i]);
+ ret += strlen(&out[ret]);
}
trace_dump_unflatten(&ip, note_binary->nbi_ip,
diff --git a/system/termcurses/tcurses_vt100.c b/system/termcurses/tcurses_vt100.c
index 62791527c..f08e8ab48 100644
--- a/system/termcurses/tcurses_vt100.c
+++ b/system/termcurses/tcurses_vt100.c
@@ -917,9 +917,9 @@ static int tcurses_vt100_setcolors(FAR struct termcurses_s *dev,
if ((colors->color_mask & TCURS_COLOR_FG) != 0)
{
- sprintf(str, g_setfgcolor,
- tcurses_vt100_getcolorindex(colors->fg_red, colors->fg_green,
- colors->fg_blue));
+ snprintf(str, sizeof(str), g_setfgcolor,
+ tcurses_vt100_getcolorindex(colors->fg_red, colors->fg_green,
+ colors->fg_blue));
ret = write(fd, str, strlen(str));
}
@@ -932,9 +932,9 @@ static int tcurses_vt100_setcolors(FAR struct termcurses_s *dev,
colors->bg_red = 0;
}
- sprintf(str, g_setbgcolor,
- tcurses_vt100_getcolorindex(colors->bg_red, colors->bg_green,
- colors->bg_blue));
+ snprintf(str, sizeof(str), g_setbgcolor,
+ tcurses_vt100_getcolorindex(colors->bg_red, colors->bg_green,
+ colors->bg_blue));
ret = write(fd, str, strlen(str));
}
diff --git a/system/uniqueid/uniqueid_main.c b/system/uniqueid/uniqueid_main.c
index 631deb071..ab7e1c8e1 100644
--- a/system/uniqueid/uniqueid_main.c
+++ b/system/uniqueid/uniqueid_main.c
@@ -228,6 +228,7 @@ int main(int argc, FAR char *argv[])
{
uint8_t uniqueid[CONFIG_BOARDCTL_UNIQUEID_SIZE];
FAR char *formatter;
+ size_t len;
int i;
struct cfg_s cfg =
@@ -258,8 +259,9 @@ int main(int argc, FAR char *argv[])
return -1;
}
- formatter = malloc(strlen(cfg.format) + 2);
- sprintf(formatter, "%%%s", cfg.format);
+ len = strlen(cfg.format) + 2;
+ formatter = malloc(len);
+ snprintf(formatter, len, "%%%s", cfg.format);
if (cfg.prefix != NULL)
{
diff --git a/system/uorb/test/unit_test.c b/system/uorb/test/unit_test.c
index 9b1eeb167..902acde3d 100644
--- a/system/uorb/test/unit_test.c
+++ b/system/uorb/test/unit_test.c
@@ -128,8 +128,8 @@ static int pubsubtest_thread_entry(int argc, FAR char *argv[])
char fname[32];
FAR FILE *f;
- sprintf(fname, CONFIG_UORB_SRORAGE_DIR"/uorb_timings%u.txt",
- timingsgroup);
+ snprintf(fname, sizeof(fname),
+ CONFIG_UORB_SRORAGE_DIR"/uorb_timings%u.txt", timingsgroup);
f = fopen(fname, "w");
if (f == NULL)
diff --git a/system/vi/vi.c b/system/vi/vi.c
index f51d06168..3013c053f 100644
--- a/system/vi/vi.c
+++ b/system/vi/vi.c
@@ -24,6 +24,7 @@
#include
+#include
#include
#include
@@ -758,7 +759,7 @@ static void vi_setcursor(FAR struct vi_s *vi, uint16_t row, uint16_t column)
/* Send the VT100 CURSORPOS command */
- vi_write(vi, buffer, len);
+ vi_write(vi, buffer, MIN(len, sizeof(buffer)));
}
/****************************************************************************
@@ -858,10 +859,13 @@ static void vi_printf(FAR struct vi_s *vi, FAR const char *prefix,
/* Expand the prefix message in the scratch buffer */
- len = prefix ? snprintf(vi->scratch, SCRATCH_BUFSIZE, "%s", prefix) : 0;
+ len = prefix ? snprintf(vi->scratch,
+ sizeof(vi->scratch), "%s", prefix) : 0;
+ len = MIN(len, sizeof(vi->scratch));
va_start(ap, fmt);
- len += vsnprintf(vi->scratch + len, SCRATCH_BUFSIZE - len, fmt, ap);
+ len += vsnprintf(vi->scratch + len, sizeof(vi->scratch) - len, fmt, ap);
+ len = MIN(len, sizeof(vi->scratch));
vvidbg(fmt, ap);
va_end(ap);
@@ -1299,8 +1303,8 @@ static bool vi_savetext(FAR struct vi_s *vi, FAR const char *filename,
fclose(stream);
- len = sprintf(vi->scratch, "%dC written", nwritten);
- vi_write(vi, vi->scratch, len);
+ len = snprintf(vi->scratch, sizeof(vi->scratch), "%dC written", nwritten);
+ vi_write(vi, vi->scratch, MIN(len, sizeof(vi->scratch)));
return true;
}
@@ -1955,10 +1959,10 @@ static void vi_showlinecol(FAR struct vi_s *vi)
vi_cursoroff(vi);
vi_setcursor(vi, vi->display.row - 1, vi->display.column - 15);
- len = snprintf(vi->scratch, SCRATCH_BUFSIZE, "%jd,%d",
+ len = snprintf(vi->scratch, sizeof(vi->scratch), "%jd,%d",
(uintmax_t)(vi->cursor.row + vi->vscroll + 1),
vi->cursor.column + vi->hscroll + 1);
- vi_write(vi, vi->scratch, len);
+ vi_write(vi, vi->scratch, MIN(len, sizeof(vi->scratch)));
vi_clrtoeol(vi);
vi_cursoron(vi);
diff --git a/system/zmodem/zm_send.c b/system/zmodem/zm_send.c
index 2ab58bd18..507df0083 100644
--- a/system/zmodem/zm_send.c
+++ b/system/zmodem/zm_send.c
@@ -705,7 +705,7 @@ static int zms_sendzsinit(FAR struct zm_state_s *pzm)
static int zms_sendfilename(FAR struct zm_state_s *pzm)
{
FAR struct zms_state_s *pzms = (FAR struct zms_state_s *)pzm;
- FAR uint8_t *ptr = pzm->scratch;
+ FAR char *ptr = (FAR char *)pzm->scratch;
int len;
int ret;
@@ -768,19 +768,19 @@ static int zms_sendfilename(FAR struct zm_state_s *pzm)
*/
#ifdef CONFIG_SYSTEM_ZMODEM_TIMESTAMPS
- sprintf((FAR char *)ptr, "%ld %lo 0 %d 1 %ld 0",
- (unsigned long)pzms->filesize, (unsigned long)pzms->timestamp,
- CONFIG_SYSTEM_ZMODEM_SERIALNO, (unsigned long)pzms->filesize);
+ snprintf(ptr, sizeof(pzm->scratch), "%ld %lo 0 %d 1 %ld 0",
+ (unsigned long)pzms->filesize, (unsigned long)pzms->timestamp,
+ CONFIG_SYSTEM_ZMODEM_SERIALNO, (unsigned long)pzms->filesize);
#else
- sprintf((FAR char *)ptr, "%ld 0 0 %d 1 %ld 0",
- (unsigned long)pzms->filesize, CONFIG_SYSTEM_ZMODEM_SERIALNO,
- (unsigned long)pzms->filesize);
+ snprintf(ptr, sizeof(pzm->scratch), "%ld 0 0 %d 1 %ld 0",
+ (unsigned long)pzms->filesize, CONFIG_SYSTEM_ZMODEM_SERIALNO,
+ (unsigned long)pzms->filesize);
#endif
- ptr += strlen((FAR char *)ptr);
+ ptr += strlen(ptr);
*ptr++ = '\0';
- len = ptr - pzm->scratch;
+ len = ptr - (FAR char *)pzm->scratch;
DEBUGASSERT(len < CONFIG_SYSTEM_ZMODEM_SNDBUFSIZE);
return zm_senddata(pzm, pzm->scratch, len);
}
diff --git a/testing/mtd_config_fs/mtd_config_fs_test_main.c b/testing/mtd_config_fs/mtd_config_fs_test_main.c
index a424b8e47..ed5f701ef 100644
--- a/testing/mtd_config_fs/mtd_config_fs_test_main.c
+++ b/testing/mtd_config_fs/mtd_config_fs_test_main.c
@@ -859,7 +859,7 @@ static void test_nvs_gc(struct mtdnvs_ctx_s *ctx)
/* 4 byte key */
- sprintf(data.name, "k%02d", id);
+ snprintf(data.name, sizeof(data.name), "k%02d", id);
data.configdata = buf;
data.len = sizeof(buf);
@@ -876,7 +876,7 @@ static void test_nvs_gc(struct mtdnvs_ctx_s *ctx)
{
/* 4 byte key */
- sprintf(data.name, "k%02d", id);
+ snprintf(data.name, sizeof(data.name), "k%02d", id);
data.configdata = rd_buf;
data.len = sizeof(rd_buf);
@@ -929,7 +929,7 @@ static void test_nvs_gc(struct mtdnvs_ctx_s *ctx)
{
/* 4 byte key */
- sprintf(data.name, "k%02d", id);
+ snprintf(data.name, sizeof(data.name), "k%02d", id);
data.configdata = rd_buf;
data.len = sizeof(rd_buf);
@@ -1006,7 +1006,7 @@ static int write_content(uint16_t max_id, uint16_t begin, uint16_t end)
/* 4 byte key */
- sprintf(data.name, "k%02d", id);
+ snprintf(data.name, sizeof(data.name), "k%02d", id);
data.configdata = buf;
data.len = sizeof(buf);
@@ -1054,7 +1054,7 @@ static int check_content(uint16_t max_id)
{
/* 4 byte key */
- sprintf(data.name, "k%02d", id);
+ snprintf(data.name, sizeof(data.name), "k%02d", id);
data.configdata = rd_buf;
data.len = sizeof(rd_buf);
@@ -1512,7 +1512,7 @@ static void test_nvs_full_sector(struct mtdnvs_ctx_s *ctx)
while (1)
{
- sprintf(data.name, "k%04x", filling_id);
+ snprintf(data.name, sizeof(data.name), "k%04x", filling_id);
data.configdata = (FAR uint8_t *)&filling_id;
data.len = sizeof(filling_id);
@@ -1533,7 +1533,7 @@ static void test_nvs_full_sector(struct mtdnvs_ctx_s *ctx)
/* check whether can delete whatever from full storage */
- sprintf(data.name, "k%04x", 1);
+ snprintf(data.name, sizeof(data.name), "k%04x", 1);
data.configdata = NULL;
data.len = 0;
@@ -1565,7 +1565,7 @@ static void test_nvs_full_sector(struct mtdnvs_ctx_s *ctx)
goto test_fail;
}
- sprintf(data.name, "k%04x", filling_id);
+ snprintf(data.name, sizeof(data.name), "k%04x", filling_id);
data.configdata = (FAR uint8_t *)&filling_id;
data.len = sizeof(filling_id);
@@ -1581,7 +1581,7 @@ static void test_nvs_full_sector(struct mtdnvs_ctx_s *ctx)
for (i = 0; i <= filling_id; i++)
{
- sprintf(data.name, "k%04x", i);
+ snprintf(data.name, sizeof(data.name), "k%04x", i);
data.configdata = (FAR uint8_t *)&data_read;
data.len = sizeof(data_read);
@@ -1997,7 +1997,7 @@ static void test_nvs_gc_touched_deleted_ate(struct mtdnvs_ctx_s *ctx)
while (1)
{
- sprintf(data.name, "k%04x", filling_id);
+ snprintf(data.name, sizeof(data.name), "k%04x", filling_id);
data.configdata = (FAR uint8_t *)&filling_id;
data.len = sizeof(filling_id);
@@ -2032,7 +2032,7 @@ static void test_nvs_gc_touched_deleted_ate(struct mtdnvs_ctx_s *ctx)
* B(deleted) A gc
*/
- sprintf(data.name, "k%04x", filling_id - 1);
+ snprintf(data.name, sizeof(data.name), "k%04x", filling_id - 1);
data.configdata = NULL;
data.len = 0;
ret = ioctl(fd, CFGDIOC_DELCONFIG, &data);
@@ -2049,7 +2049,7 @@ static void test_nvs_gc_touched_deleted_ate(struct mtdnvs_ctx_s *ctx)
*/
filling_id -= 1;
- sprintf(data.name, "k%04x", filling_id);
+ snprintf(data.name, sizeof(data.name), "k%04x", filling_id);
data.configdata = (FAR uint8_t *)&filling_id;
data.len = sizeof(filling_id);
ret = ioctl(fd, CFGDIOC_SETCONFIG, &data);
@@ -2064,7 +2064,7 @@ static void test_nvs_gc_touched_deleted_ate(struct mtdnvs_ctx_s *ctx)
for (i = 0; i <= filling_id; i++)
{
- sprintf(data.name, "k%04x", i);
+ snprintf(data.name, sizeof(data.name), "k%04x", i);
data.configdata = (FAR uint8_t *)&data_read;
data.len = sizeof(data_read);
@@ -2146,7 +2146,7 @@ static void test_nvs_gc_touched_expired_ate(struct mtdnvs_ctx_s *ctx)
while (1)
{
- sprintf(data.name, "k%04x", filling_id);
+ snprintf(data.name, sizeof(data.name), "k%04x", filling_id);
data.configdata = (FAR uint8_t *)&filling_id;
data.len = sizeof(filling_id);
ret = ioctl(fd, CFGDIOC_SETCONFIG, &data);
@@ -2170,7 +2170,7 @@ static void test_nvs_gc_touched_expired_ate(struct mtdnvs_ctx_s *ctx)
* B A(deleted) gc
*/
- sprintf(data.name, "k%04x", 1);
+ snprintf(data.name, sizeof(data.name), "k%04x", 1);
data.configdata = NULL;
data.len = 0;
ret = ioctl(fd, CFGDIOC_DELCONFIG, &data);
@@ -2207,7 +2207,7 @@ static void test_nvs_gc_touched_expired_ate(struct mtdnvs_ctx_s *ctx)
*/
update_id = 3;
- sprintf(data.name, "k%04x", 2);
+ snprintf(data.name, sizeof(data.name), "k%04x", 2);
data.configdata = (FAR uint8_t *)&update_id;
data.len = sizeof(update_id);
ret = ioctl(fd, CFGDIOC_SETCONFIG, &data);
@@ -2222,7 +2222,7 @@ static void test_nvs_gc_touched_expired_ate(struct mtdnvs_ctx_s *ctx)
for (i = 0; i <= filling_id - 1; i++)
{
- sprintf(data.name, "k%04x", i);
+ snprintf(data.name, sizeof(data.name), "k%04x", i);
data.configdata = (FAR uint8_t *)&data_read;
data.len = sizeof(data_read);
ret = ioctl(fd, CFGDIOC_GETCONFIG, &data);
@@ -2323,7 +2323,7 @@ static void test_nvs_gc_not_touched_expired_ate(struct mtdnvs_ctx_s *ctx)
while (1)
{
- sprintf(data.name, "k%04x", filling_id);
+ snprintf(data.name, sizeof(data.name), "k%04x", filling_id);
data.configdata = (FAR uint8_t *)&filling_id;
data.len = sizeof(filling_id);
ret = ioctl(fd, CFGDIOC_SETCONFIG, &data);
@@ -2347,7 +2347,7 @@ static void test_nvs_gc_not_touched_expired_ate(struct mtdnvs_ctx_s *ctx)
* B(deleted) A gc
*/
- sprintf(data.name, "k%04x", filling_id - 1);
+ snprintf(data.name, sizeof(data.name), "k%04x", filling_id - 1);
data.configdata = NULL;
data.len = 0;
ret = ioctl(fd, CFGDIOC_DELCONFIG, &data);
@@ -2364,7 +2364,7 @@ static void test_nvs_gc_not_touched_expired_ate(struct mtdnvs_ctx_s *ctx)
*/
update_id = 3;
- sprintf(data.name, "k%04x", 2);
+ snprintf(data.name, sizeof(data.name), "k%04x", 2);
data.configdata = (FAR uint8_t *)&update_id;
data.len = sizeof(update_id);
ret = ioctl(fd, CFGDIOC_SETCONFIG, &data);
@@ -2379,7 +2379,7 @@ static void test_nvs_gc_not_touched_expired_ate(struct mtdnvs_ctx_s *ctx)
for (i = 0; i <= filling_id - 1; i++)
{
- sprintf(data.name, "k%04x", i);
+ snprintf(data.name, sizeof(data.name), "k%04x", i);
data.configdata = (FAR uint8_t *)&data_read;
data.len = sizeof(data_read);
ret = ioctl(fd, CFGDIOC_GETCONFIG, &data);
diff --git a/testing/scanftest/scanftest_main.c b/testing/scanftest/scanftest_main.c
index e68acd425..df1d7791b 100644
--- a/testing/scanftest/scanftest_main.c
+++ b/testing/scanftest/scanftest_main.c
@@ -1126,7 +1126,7 @@ int main(int argc, FAR char *argv[])
{
fscanf(fp, "%s", s2);
fscanf(fp, "%2c", s3);
- sprintf(s1, "%s%s", s2, s3);
+ snprintf(s1, sizeof(s1), "%s%s", s2, s3);
if (strcmp(s1, teststring) != 0)
{
diff --git a/testing/smart_test/smart_test.c b/testing/smart_test/smart_test.c
index 38d63d66f..5ad6c05d9 100644
--- a/testing/smart_test/smart_test.c
+++ b/testing/smart_test/smart_test.c
@@ -91,7 +91,8 @@ static int smart_create_test_file(char *filename)
{
g_line_pos[x] = ftell(fd);
- sprintf(string, "This is line %d at offset %d\n", x, g_line_pos[x]);
+ snprintf(string, sizeof(string),
+ "This is line %d at offset %d\n", x, g_line_pos[x]);
g_line_len[x] = strlen(string);
fprintf(fd, "%s", string);
@@ -148,8 +149,9 @@ static int smart_seek_test(char *filename)
fread(readstring, 1, g_line_len[index], fd);
readstring[g_line_len[index]] = '\0';
- sprintf(cmpstring, "This is line %d at offset %d\n",
- index, g_line_pos[index]);
+ snprintf(cmpstring, sizeof(cmpstring),
+ "This is line %d at offset %d\n",
+ index, g_line_pos[index]);
if (strcmp(readstring, cmpstring) != 0)
{