common,tools: make sure the destination buffer can handle the size of the string

fix klocwork issues:
Width is not specified for 's' conversion specifier.
This can result in an overflow of the buffer
provided in argument 3 of a call to 'sscanf'

Signed-off-by: songweibin <song.weibin@zte.com.cn>
(cherry picked from commit 5e8c412e63d6a86aa4846efe4cceff52ca8f16d5)

diff --git a/src/common/util.cc b/src/common/util.cc
index 3448eb2bfa37bd028ff8ef190d33c63788640018..9678f6076411c3f0b0e86c76f573479280ccd2c8 100644 (file)
--- a/src/common/util.cc
+++ b/src/common/util.cc
@@ -249,7 +249,7 @@ void collect_sys_info(map<string, string> *m, CephContext *cct)
        break;
       char key[40];
       long long value;
-      int r = sscanf(line, "%s %lld", key, &value);
+      int r = sscanf(line, "%39s %lld", key, &value);
       if (r == 2) {
        if (strcmp(key, "MemTotal:") == 0)
          (*m)["mem_total_kb"] = boost::lexical_cast<string>(value);

diff --git a/src/tools/cephfs/Dumper.cc b/src/tools/cephfs/Dumper.cc
index 11d32523f416e46b705198681a8af21d2aaab6fb..6b7584978918eeee6445b9a7e6141fbe6bbe65b0 100644 (file)
--- a/src/tools/cephfs/Dumper.cc
+++ b/src/tools/cephfs/Dumper.cc
@@ -243,7 +243,7 @@ int Dumper::undump(const char *dump_file, bool force)
     if (strstr(buf, "fsid")) {
       uuid_d fsid;
       char fsid_str[40];
-      sscanf(strstr(buf, "fsid"), "fsid %s", fsid_str);
+      sscanf(strstr(buf, "fsid"), "fsid %39s", fsid_str);
       r = fsid.parse(fsid_str);
       if (!r) {
        derr  << "Invalid fsid" << dendl;