Fix format-overflow warning in mtcInvApi

There is a format-overflow warning because the batch_str buffer is 10 chars length and the formatted variable can get at most 11 chars. To fix this issue the sprintf was changed to snprintf to avoid the overflow. Also the signature of mtcInvApi_read_inventory was changed to avoid negative values. The impact of this change is minimum as this function only has one caller, where the supplied argument is always the number 5. Change-Id: I3adfd270e603021d6e41bdad08eb06e65686b989 Signed-off-by: Erich Cordoba <erich.cordoba.malibran@intel.com>
2019-06-25 16:17:47 -05:00 · 2019-06-25 16:17:47 -05:00 · dc182898c4
parent c8603da349
commit dc182898c4
2 changed files with 3 additions and 3 deletions
--- a/mtce/src/maintenance/mtcInvApi.cpp
+++ b/mtce/src/maintenance/mtcInvApi.cpp
@ -60,7 +60,7 @@
 *              number of inventory elements.
 *
 */
-int mtcInvApi_read_inventory ( int batch )
+int mtcInvApi_read_inventory ( uint batch )
 {
    char batch_str [10] ;
    int rc    = PASS ;
@ -86,7 +86,7 @@ int mtcInvApi_read_inventory ( int batch )
        batch = MTC_INV_BATCH_MAX ;

    /* Add the batch integer to the request label */
-    sprintf (&batch_str[0], "%d", batch );
+    snprintf (&batch_str[0], sizeof(batch_str), "%d", batch );

    obj_ptr->sysinvEvent.token.url = MTC_INV_LABEL ;
    obj_ptr->sysinvEvent.token.url.append(MTC_INV_BATCH);
--- a/mtce/src/maintenance/mtcInvApi.h
+++ b/mtce/src/maintenance/mtcInvApi.h
@ -85,7 +85,7 @@ int mtcInvApi_handler ( libEvent & event );
  *- HTTP status codes - any standard HTTP codes
  *
  *****************************************************************************/
-int mtcInvApi_read_inventory ( int batch );
+int mtcInvApi_read_inventory ( uint batch );

 /** Add a host to the sysinv database
  *