From 7c8730d45f63b76588da5ea0d4eff73a0bcae188 Mon Sep 17 00:00:00 2001 From: Max Reitz Date: Mon, 17 Jul 2017 17:12:07 +0200 Subject: block/vvfat: Fix compiler warning with gcc 7 gcc 7 complains that the sprintf() might write a null byte beyond the end of the tail buffer. That is wrong, but we can silence it by making i unsigned (it can never be negative anyway, see the if condition right before). For some reason, this allows gcc to suddenly accurately calculate the range of i so we can give the tail[] array the exact size it needs to have (which is 8 bytes) without gcc complaining. In addition, let us convert the sprintf() to snprintf(), because that is always nicer, and add an assertion about the range of the return value afterwards so we can see that "8 - len" will never be negative and thus "entry->name + MIN(j, 8 - len)" will never be out of bounds. Signed-off-by: Max Reitz Reviewed-by: Eric Blake Signed-off-by: Kevin Wolf --- block/vvfat.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'block/vvfat.c') diff --git a/block/vvfat.c b/block/vvfat.c index 6b11596abf..a9e207f7f0 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -549,7 +549,7 @@ static direntry_t *create_short_filename(BDRVVVFATState *s, const gchar *p, *last_dot = NULL; gunichar c; bool lossy_conversion = false; - char tail[11]; + char tail[8]; if (!entry) { return NULL; @@ -614,7 +614,8 @@ static direntry_t *create_short_filename(BDRVVVFATState *s, for (i = lossy_conversion ? 1 : 0; i < 999999; i++) { direntry_t *entry1; if (i > 0) { - int len = sprintf(tail, "~%d", i); + int len = snprintf(tail, sizeof(tail), "~%u", (unsigned)i); + assert(len <= 7); memcpy(entry->name + MIN(j, 8 - len), tail, len); } for (entry1 = array_get(&(s->directory), directory_start); -- cgit v1.2.3