From: Michal Sojka <sojkam1@fel.cvut.cz>
Date: Wed, 13 Apr 2016 12:57:55 +0000 (+0200)
Subject: Fix buffer overflow
X-Git-Url: http://rtime.felk.cvut.cz/gitweb/pes-rpp/rpp-test-sw.git/commitdiff_plain/48e362efdf338df393bc3e4e7eb6acb2eae612cd

Fix buffer overflow
---

diff --git a/rpp-test-sw/commands/cmd_hout.c b/rpp-test-sw/commands/cmd_hout.c
index be5bf4b..71a5a75 100644
--- a/rpp-test-sw/commands/cmd_hout.c
+++ b/rpp-test-sw/commands/cmd_hout.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2012-2013, 2015 Czech Technical University in Prague
+ * Copyright (C) 2012-2013, 2015, 2016 Czech Technical University in Prague
  *
  * Created on: 28.2.2013
  *
@@ -68,9 +68,9 @@ int cmd_do_test_hout_fault(cmd_io_t *cmd_io, const struct cmd_des *des, char *pa
 {
 	int pin;
 	char *p = param[1];
-	char spareParams;
+	char spareParams[2];
 
-	if (sscanf(p, "%d %1s", &pin, &spareParams) != 1)
+	if (sscanf(p, "%d %1s", &pin, spareParams) != 1)
 		return -CMDERR_BADPAR;
 	pin--;
 	if (pin < 0 || pin > 5) return -CMDERR_BADPAR;
@@ -105,7 +105,7 @@ int cmd_do_hout_pwm(cmd_io_t *cmd_io, const struct cmd_des *des, char *param[])
 {
 	char *p;
 	uint32_t values[MAX_PARAM_VALUES_NUM];
-	char spareParams;
+	char spareParams[2];
 	int pin;
 
 	p = param[1];
@@ -116,7 +116,7 @@ int cmd_do_hout_pwm(cmd_io_t *cmd_io, const struct cmd_des *des, char *param[])
 
 	if (param[2] != NULL) {     // More parameters = set values
 		p = param[2];
-		if (sscanf(p, "%d %d %1s", &values[0], &values[1], &spareParams) != 2)
+		if (sscanf(p, "%d %d %1s", &values[0], &values[1], spareParams) != 2)
 			return -CMDERR_BADPAR;
 		if (values[1] > 100) return -CMDERR_BADPAR;
 		hout_pwm_set_signal(pin, (double)values[0], values[1]);
@@ -143,9 +143,9 @@ int cmd_do_hout_pwm_start(cmd_io_t *cmd_io, const struct cmd_des *des, char *par
 {
 	int pin;
 	char *p = param[1];
-	char spareParams;
+	char spareParams[2];
 
-	if (sscanf(p, "%d %1s", &pin, &spareParams) != 1)
+	if (sscanf(p, "%d %1s", &pin, spareParams) != 1)
 		return -CMDERR_BADPAR;
 	pin--;
 	if (pin < 0 || pin > 5) return -CMDERR_BADPAR;
@@ -170,9 +170,9 @@ int cmd_do_hout_pwm_stop(cmd_io_t *cmd_io, const struct cmd_des *des, char *para
 {
 	int pin;
 	char *p = param[1];
-	char spareParams;
+	char spareParams[2];
 
-	if (sscanf(p, "%d %1s", &pin, &spareParams) != 1)
+	if (sscanf(p, "%d %1s", &pin, spareParams) != 1)
 		return -CMDERR_BADPAR;
 	pin--;
 	if (pin < 0 || pin > 5) return -CMDERR_BADPAR;