[igt-dev] [PATCH i-g-t v3] intel_reg: Fix truncate string in the snprintf

Mon Aug 27 11:04:43 UTC 2018

From: Rodrigo Siqueira <rodrigosiqueiramelo at gmail.com>

This patch fix the following GCC warning:

../tools/intel_reg.c: In function ‘dump_decode’:
../tools/intel_reg.c:203:41: warning: ‘snprintf’ output may be truncated
before the last format character [-Wformat-truncation=]
   snprintf(decode, sizeof(decode), "\n%s", bin);
[..]
../tools/intel_reg.c:200:40: warning: ‘%s’ directive output may be
truncated writing up to 1023 bytes into a region of size 1022
[-Wformat-truncation=]
    snprintf(decode, sizeof(decode), " (%s)\n%s", tmp, bin);
[..]
../tools/intel_reg.c:200:4: note: ‘snprintf’ output between 5 and 2051
bytes into a destination of size 1024
    snprintf(decode, sizeof(decode), " (%s)\n%s", tmp, bin);
[..]

The decode[] variable contains concatenated contents of bin[] and tmp[],
both of which are allocated as 1024 bytes.

Allocating 1024 chars for bin[] seems like an overkill, since all it
ever holds it the output of to_binary().

to_binary outputs fixed format:
--------------------------------------------------------------------
               24               16                8                0
  1 1 0 1 1 1 1 0  1 0 1 0 1 1 0 1  1 0 1 1 1 1 1 0  1 1 1 0 1 1 1 1
--------------------------------------------------------------------
Which is 138 chars long (sans the new line).

We can limit the size of char bin[] to that number (-ish), and then
slightly bump the size of decode[] to accommodate for combined sizes of
tmp[] and bin[].

Changes since V1:
 - Improve commit message
Changes since V2:
 - updated commit message
 - limit the amount of stack abuse

Signed-off-by: Rodrigo Siqueira <rodrigosiqueiramelo at gmail.com>
Signed-off-by: Arkadiusz Hiler <arkadiusz.hiler at intel.com>
---
 tools/intel_reg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/intel_reg.c b/tools/intel_reg.c
index ddff2794..1247b70b 100644
--- a/tools/intel_reg.c
+++ b/tools/intel_reg.c
@@ -180,9 +180,9 @@ static void to_binary(char *buf, size_t buflen, uint32_t val)
 
 static void dump_decode(struct config *config, struct reg *reg, uint32_t val)
 {
-	char decode[1024];
+	char decode[1300];
 	char tmp[1024];
-	char bin[1024];
+	char bin[200];
 
 	if (config->binary)
 		to_binary(bin, sizeof(bin), val);
-- 
2.17.1

