FreeRTOS Support Archive
The FreeRTOS support forum is used to obtain active support directly from Real
Time Engineers Ltd. In return for using our top quality software and services for
free, we request you play fair and do your bit to help others too! Sign up
to receive notifications of new support topics then help where you can.
This is a read only archive of threads posted to the FreeRTOS support forum.
The archive is updated every week, so will not always contain the very latest posts.
Use these archive pages to search previous posts. Use the Live FreeRTOS Forum
link to reply to a post, or start a new support thread.
[FreeRTOS Home] [Live FreeRTOS Forum] [FAQ] [Archive Top] [October 2011 Threads] unsafe snprintfPosted by Purple Pants on October 12, 2011 The printf-stdarg.c file distributed with FreeRTOS comtains a snprintf() implementation that silently drops the 'count' parameter. That is, it is less safe than the normal sprintf() call since most users won't be aware of this 'feature' and might take less care of buffer overflow potential than if they were forced to use sprintf(). It is difficult to overstate how bad this is. At a minimum, I would suggest that the snprintf function is either removed from the source or have a #warning show on compile.
I appreciate that printf-stdarg.c is a third-party file and only used in the demos. Nevertheless, it is included with the FreeRTOS distribution and recommended in the FreeRTOS Reference Manual. I suspect that most users would assume that is it up the quality of other FreeRTOS code, and be completely oblivious as to the potential problem its use could cause.
RE: unsafe snprintfPosted by Richard on October 12, 2011 I take your point, I will look into whether it is used anywhere, to see if taking it out would break anything. #warning is not an option, as it would just not compile with many compilers.
The file in question is an ultra light implementation, included mainly to avoid code size bloat and very light stack usage.
Regards.
RE: unsafe snprintfPosted by Purple Pants on October 13, 2011 Thanks. I realise it is meant to be a lite implementation, but 'lite' shouldn't mean maliciously broken! :)
Perhaps removing the '(void)count;' line might be a reasonable halfway house - its only purpose is to prevent the compiler warning that count isn't used, after all.
As to removing it, a search on 'snprintf' and replace of 'sprintf' will do the job - since it actually is sprintf under the bonnet, changing all calls to the real thing won't make anything worse.
Copyright (C) Amazon Web Services, Inc. or its affiliates. All rights reserved.
|