From fe4d503c3d56dbdaac032b3a71ded4f968247edb Mon Sep 17 00:00:00 2001
From: "Liu, Xinwu" <xinwu.liu@intel.com>
Date: Tue, 25 Sep 2018 11:14:55 +0800
Subject: [PATCH] tools: acrn-crashlog: remove unsafe api sscanf

Use str_split_ere instead of sscanf.

Tracked-On: #1254
Signed-off-by: Liu, Xinwu <xinwu.liu@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
Acked-by: Chen Gang <gang.c.chen@intel.com>
---
 tools/acrn-crashlog/acrnprobe/history.c | 28 +++++++++++--------------
 tools/acrn-crashlog/acrnprobe/sender.c  | 12 +++++++----
 2 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/tools/acrn-crashlog/acrnprobe/history.c b/tools/acrn-crashlog/acrnprobe/history.c
index 50a44d69f..0cf9806e2 100644
--- a/tools/acrn-crashlog/acrnprobe/history.c
+++ b/tools/acrn-crashlog/acrnprobe/history.c
@@ -228,27 +228,23 @@ void hist_raise_infoerror(char *type)
 	free(key);
 }
 
-static int get_time_firstline(char *buffer)
+static int get_time_from_firstline(char *buffer, size_t size)
 {
-	char firstline[MAXLINESIZE];
-	int ret;
-	char *fmt = "%*[^ ]%*[ ]%*[^ ]%*[ ]%[^ ]%*c";
+	char lasttime[MAXLINESIZE];
+	const char *prefix = "#V1.0 CURRENTUPTIME   ";
+	int len;
 
-	memset(firstline, 0, MAXLINESIZE);
-	ret = file_read_string(history_file, firstline, MAXLINESIZE);
-	if (ret <= 0) {
-		LOGW("file_read_string failed, %d %s\n", ret, strerror(-ret));
+	len = file_read_key_value(history_file, prefix, MAXLINESIZE, lasttime);
+	if (len <= 0) {
+		LOGW("failed to read value from %s, error %s\n",
+		      history_file, strerror(-len));
 		return -1;
 	}
-
-	if (!strstr(firstline, "#V1.0 "))
+	if ((size_t)len >= size)
 		return -1;
 
-	ret = sscanf(firstline, fmt, buffer);
-	if (ret != 1) {
-		LOGE("get last time failed, %d %s\n", ret, firstline);
-		return -1;
-	}
+	*(char *)mempcpy(buffer, lasttime, len) = '\0';
+
 	return 0;
 }
 
@@ -272,7 +268,7 @@ int prepare_history(void)
 		}
 	}
 
-	ret = get_time_firstline(linebuf);
+	ret = get_time_from_firstline(linebuf, MAXLINESIZE);
 	if (ret == 0) {
 		current_lines = count_lines_in_file(history_file);
 		hist_raise_uptime(linebuf);
diff --git a/tools/acrn-crashlog/acrnprobe/sender.c b/tools/acrn-crashlog/acrnprobe/sender.c
index b45de6ae5..0dd315a7b 100644
--- a/tools/acrn-crashlog/acrnprobe/sender.c
+++ b/tools/acrn-crashlog/acrnprobe/sender.c
@@ -572,8 +572,10 @@ static int telemd_new_vmevent(const char *line_to_sync,
 		ANDROID_ENEVT_FMT ANDROID_KEY_FMT ANDROID_LONGTIME_FMT
 		ANDROID_TYPE_FMT ANDROID_LINE_REST_FMT;
 
-	res = sscanf(line_to_sync, vm_format, event, vmkey, longtime,
-		     type, rest);
+	res = str_split_ere(line_to_sync, len, vm_format, strlen(vm_format),
+			    event, sizeof(event), vmkey, sizeof(vmkey),
+			    longtime, sizeof(longtime),
+			    type, sizeof(type), rest, sizeof(rest));
 	if (res != 5) {
 		LOGE("get an invalid line from (%s), skip\n", vm->name);
 		return VMEVT_HANDLED;
@@ -917,8 +919,10 @@ static int crashlog_new_vmevent(const char *line_to_sync,
 		ANDROID_ENEVT_FMT ANDROID_KEY_FMT ANDROID_LONGTIME_FMT
 		ANDROID_TYPE_FMT ANDROID_LINE_REST_FMT;
 
-	res = sscanf(line_to_sync, vm_format, event, vmkey, longtime,
-		     type, rest);
+	res = str_split_ere(line_to_sync, len, vm_format, strlen(vm_format),
+			    event, sizeof(event), vmkey, sizeof(vmkey),
+			    longtime, sizeof(longtime),
+			    type, sizeof(type), rest, sizeof(rest));
 	if (res != 5) {
 		LOGE("get an invalid line from (%s), skip\n", vm->name);
 		return ret;