common,tools: make sure the destination buffer can handle the size of the string

fix klocwork issues:
Width is not specified for 's' conversion specifier.
This can result in an overflow of the buffer
provided in argument 3 of a call to 'sscanf'

Signed-off-by: songweibin <song.weibin@zte.com.cn>
(cherry picked from commit 5e8c412e63d6a86aa4846efe4cceff52ca8f16d5)

diff --git a/src/common/util.cc b/src/common/util.cc
index 4631bf092f6a67f1b3e2a3fa7e3987c8408c70b8..9cea0d78fd180da59b4da50139ca23ab43d3a187 100644 (file)
--- a/src/common/util.cc
+++ b/src/common/util.cc
@@ -194,7 +194,7 @@ void collect_sys_info(map<string, string> *m, CephContext *cct)
        break;
       char key[40];
       long long value;
-      int r = sscanf(line, "%s %lld", key, &value);
+      int r = sscanf(line, "%39s %lld", key, &value);
       if (r == 2) {
        if (strcmp(key, "MemTotal:") == 0)
          (*m)["mem_total_kb"] = boost::lexical_cast<string>(value);

diff --git a/src/tools/cephfs/Dumper.cc b/src/tools/cephfs/Dumper.cc
index 98ab43537eaa40b103a8317faea571e445893e68..0f4e78fbf90a991b92b10208a1fda207dea93c68 100644 (file)
--- a/src/tools/cephfs/Dumper.cc
+++ b/src/tools/cephfs/Dumper.cc
@@ -243,7 +243,7 @@ int Dumper::undump(const char *dump_file, bool force)
     if (strstr(buf, "fsid")) {
       uuid_d fsid;
       char fsid_str[40];
-      sscanf(strstr(buf, "fsid"), "fsid %s", fsid_str);
+      sscanf(strstr(buf, "fsid"), "fsid %39s", fsid_str);
       r = fsid.parse(fsid_str);
       if (!r) {
        derr  << "Invalid fsid" << dendl;