search

moonlight-stream / moonlight-embedded

Gamestream client for embedded systems
https://github.com/moonlight-stream/moonlight-embedded/wiki
GNU General Public License v3.0
1.48k stars 322 forks source link

fix unbounded write of sprintf #890

Closed szsam closed 3 months ago

szsam commented 3 months ago

Description Buffer write operations that do not control the length of data written may overflow. Fix by replacing sprintf() with snprintf().

Purpose

Machiry commented 3 months ago

Hello @cgutman ,

My name is Aravind Machiry, Assistant Professor at Purdue's ECE Department.

Thank you for considering this pull request. This pull request was the result of our on-going research work (along with @szsam) to improve the security and quality of open-source embedded projects.

In addition to scanning codebases with CodeQL, we are also doing a short (~4 minutes) survey to understand the use of static analysis tools like gcc -Wall and CodeQL in embedded software projects.

It would greatly benefit our research if you could fill this anonymous survey: https://purdue.ca1.qualtrics.com/jfe/form/SV_0OnXfr5plPe1QCa

Thank you, Aravind