Fix security issue (#305)

Change sprintf to snprintf to avoid potential security issue
microsoft · May 26, 2024 · 3a18068 · 3a18068
1 parent f76eae4
commit 3a18068
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/utils_internal.cc b/src/utils_internal.cc
@@ -31,7 +31,8 @@ static bool matchPort(const int port1, const int port2) {
 namespace mscclpp {
 std::string int64ToBusId(int64_t id) {
   char busId[20];
-  std::sprintf(busId, "%04lx:%02lx:%02lx.%01lx", (id) >> 20, (id & 0xff000) >> 12, (id & 0xff0) >> 4, (id & 0xf));
+  std::snprintf(busId, sizeof(busId), "%04lx:%02lx:%02lx.%01lx", (id) >> 20, (id & 0xff000) >> 12, (id & 0xff0) >> 4,
+                (id & 0xf));
   return std::string(busId);
 }
 
@@ -111,7 +112,7 @@ uint64_t getHostHash(void) {
 uint64_t computePidHash(void) {
   char pname[1024];
   // Start off with our pid ($$)
-  sprintf(pname, "%ld", (long)getpid());
+  std::snprintf(pname, sizeof(pname), "%ld", (long)getpid());
   int plen = strlen(pname);
   int len = readlink("/proc/self/ns/pid", pname + plen, sizeof(pname) - 1 - plen);
   if (len < 0) len = 0;