summary refs log tree commit diff stats
path: root/hw
diff options
context:
space:
mode:
Diffstat (limited to 'hw')
-rw-r--r--hw/sun4m.c15
-rw-r--r--hw/sun4u.c15
-rw-r--r--hw/usb-net.c8
-rw-r--r--hw/vga.c8
4 files changed, 28 insertions, 18 deletions
diff --git a/hw/sun4m.c b/hw/sun4m.c
index 33abf0101c..21f88993a2 100644
--- a/hw/sun4m.c
+++ b/hw/sun4m.c
@@ -159,7 +159,8 @@ static int nvram_boot_set(void *opaque, const char *boot_device)
     for (i = 0; i < sizeof(image); i++)
         image[i] = m48t59_read(nvram, i) & 0xff;
 
-    strcpy((char *)header->boot_devices, boot_device);
+    pstrcpy((char *)header->boot_devices, sizeof(header->boot_devices),
+            boot_device);
     header->nboot_devices = strlen(boot_device) & 0xff;
     header->crc = cpu_to_be16(OHW_compute_crc(header, 0x00, 0xF8));
 
@@ -187,17 +188,19 @@ static void nvram_init(m48t59_t *nvram, uint8_t *macaddr, const char *cmdline,
     memset(image, '\0', sizeof(image));
 
     // Try to match PPC NVRAM
-    strcpy((char *)header->struct_ident, "QEMU_BIOS");
+    pstrcpy((char *)header->struct_ident, sizeof(header->struct_ident),
+            "QEMU_BIOS");
     header->struct_version = cpu_to_be32(3); /* structure v3 */
 
     header->nvram_size = cpu_to_be16(0x2000);
     header->nvram_arch_ptr = cpu_to_be16(sizeof(ohwcfg_v3_t));
     header->nvram_arch_size = cpu_to_be16(sizeof(struct sparc_arch_cfg));
-    strcpy((char *)header->arch, arch);
+    pstrcpy((char *)header->arch, sizeof(header->arch), arch);
     header->nb_cpus = smp_cpus & 0xff;
     header->RAM0_base = 0;
     header->RAM0_size = cpu_to_be64((uint64_t)RAM_size);
-    strcpy((char *)header->boot_devices, boot_devices);
+    pstrcpy((char *)header->boot_devices, sizeof(header->boot_devices),
+            boot_devices);
     header->nboot_devices = strlen(boot_devices) & 0xff;
     header->kernel_image = cpu_to_be64((uint64_t)KERNEL_LOAD_ADDR);
     header->kernel_size = cpu_to_be64((uint64_t)kernel_size);
@@ -225,7 +228,7 @@ static void nvram_init(m48t59_t *nvram, uint8_t *macaddr, const char *cmdline,
     // Variable partition
     part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
     part_header->signature = OPENBIOS_PART_SYSTEM;
-    strcpy(part_header->name, "system");
+    pstrcpy(part_header->name, sizeof(part_header->name), "system");
 
     end = start + sizeof(struct OpenBIOS_nvpart_v1);
     for (i = 0; i < nb_prom_envs; i++)
@@ -241,7 +244,7 @@ static void nvram_init(m48t59_t *nvram, uint8_t *macaddr, const char *cmdline,
     start = end;
     part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
     part_header->signature = OPENBIOS_PART_FREE;
-    strcpy(part_header->name, "free");
+    pstrcpy(part_header->name, sizeof(part_header->name), "free");
 
     end = 0x1fd0;
     OpenBIOS_finish_partition(part_header, end - start);
diff --git a/hw/sun4u.c b/hw/sun4u.c
index 71b5c792e4..42a765d11c 100644
--- a/hw/sun4u.c
+++ b/hw/sun4u.c
@@ -82,7 +82,8 @@ static int nvram_boot_set(void *opaque, const char *boot_device)
     for (i = 0; i < sizeof(image); i++)
         image[i] = m48t59_read(nvram, i) & 0xff;
 
-    strcpy((char *)header->boot_devices, boot_device);
+    pstrcpy((char *)header->boot_devices, sizeof(header->boot_devices),
+            boot_device);
     header->nboot_devices = strlen(boot_device) & 0xff;
     header->crc = cpu_to_be16(OHW_compute_crc(header, 0x00, 0xF8));
 
@@ -115,17 +116,19 @@ static int sun4u_NVRAM_set_params (m48t59_t *nvram, uint16_t NVRAM_size,
     memset(image, '\0', sizeof(image));
 
     // Try to match PPC NVRAM
-    strcpy((char *)header->struct_ident, "QEMU_BIOS");
+    pstrcpy((char *)header->struct_ident, sizeof(header->struct_ident),
+            "QEMU_BIOS");
     header->struct_version = cpu_to_be32(3); /* structure v3 */
 
     header->nvram_size = cpu_to_be16(NVRAM_size);
     header->nvram_arch_ptr = cpu_to_be16(sizeof(ohwcfg_v3_t));
     header->nvram_arch_size = cpu_to_be16(sizeof(struct sparc_arch_cfg));
-    strcpy((char *)header->arch, arch);
+    pstrcpy((char *)header->arch, sizeof(header->arch), arch);
     header->nb_cpus = smp_cpus & 0xff;
     header->RAM0_base = 0;
     header->RAM0_size = cpu_to_be64((uint64_t)RAM_size);
-    strcpy((char *)header->boot_devices, boot_devices);
+    pstrcpy((char *)header->boot_devices, sizeof(header->boot_devices),
+            boot_devices);
     header->nboot_devices = strlen(boot_devices) & 0xff;
     header->kernel_image = cpu_to_be64((uint64_t)kernel_image);
     header->kernel_size = cpu_to_be64((uint64_t)kernel_size);
@@ -156,7 +159,7 @@ static int sun4u_NVRAM_set_params (m48t59_t *nvram, uint16_t NVRAM_size,
     // Variable partition
     part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
     part_header->signature = OPENBIOS_PART_SYSTEM;
-    strcpy(part_header->name, "system");
+    pstrcpy(part_header->name, sizeof(part_header->name), "system");
 
     end = start + sizeof(struct OpenBIOS_nvpart_v1);
     for (i = 0; i < nb_prom_envs; i++)
@@ -172,7 +175,7 @@ static int sun4u_NVRAM_set_params (m48t59_t *nvram, uint16_t NVRAM_size,
     start = end;
     part_header = (struct OpenBIOS_nvpart_v1 *)&image[start];
     part_header->signature = OPENBIOS_PART_FREE;
-    strcpy(part_header->name, "free");
+    pstrcpy(part_header->name, sizeof(part_header->name), "free");
 
     end = 0x1fd0;
     OpenBIOS_finish_partition(part_header, end - start);
diff --git a/hw/usb-net.c b/hw/usb-net.c
index 7c25f3d10f..27dea109ef 100644
--- a/hw/usb-net.c
+++ b/hw/usb-net.c
@@ -625,7 +625,8 @@ typedef struct USBNetState {
 } USBNetState;
 
 static int ndis_query(USBNetState *s, uint32_t oid,
-                uint8_t *inbuf, unsigned int inlen, uint8_t *outbuf)
+                      uint8_t *inbuf, unsigned int inlen, uint8_t *outbuf,
+                      size_t outlen)
 {
     unsigned int i, count;
 
@@ -680,7 +681,7 @@ static int ndis_query(USBNetState *s, uint32_t oid,
 
     /* mandatory */
     case OID_GEN_VENDOR_DESCRIPTION:
-        strcpy(outbuf, "QEMU USB RNDIS Net");
+        pstrcpy(outbuf, outlen, "QEMU USB RNDIS Net");
         return strlen(outbuf) + 1;
 
     case OID_GEN_VENDOR_DRIVER_VERSION:
@@ -882,7 +883,8 @@ static int rndis_query_response(USBNetState *s,
         return USB_RET_STALL;
 
     infobuflen = ndis_query(s, le32_to_cpu(buf->OID),
-                    bufoffs + (uint8_t *) buf, buflen, infobuf);
+                            bufoffs + (uint8_t *) buf, buflen, infobuf,
+                            sizeof(infobuf));
     resplen = sizeof(rndis_query_cmplt_type) +
             ((infobuflen < 0) ? 0 : infobuflen);
     resp = rndis_queue_response(s, resplen);
diff --git a/hw/vga.c b/hw/vga.c
index 5a3203c62a..eb0bae8b93 100644
--- a/hw/vga.c
+++ b/hw/vga.c
@@ -1726,7 +1726,8 @@ static void vga_update_text(void *opaque, console_ch_t *chardata)
             if (!full_update)
                 return;
 
-            sprintf(msg_buffer, "%i x %i Text mode", width, height);
+            snprintf(msg_buffer, sizeof(msg_buffer), "%i x %i Text mode",
+                     width, height);
             break;
         }
 
@@ -1799,14 +1800,15 @@ static void vga_update_text(void *opaque, console_ch_t *chardata)
             return;
 
         s->get_resolution(s, &width, &height);
-        sprintf(msg_buffer, "%i x %i Graphic mode", width, height);
+        snprintf(msg_buffer, sizeof(msg_buffer), "%i x %i Graphic mode",
+                 width, height);
         break;
     case GMODE_BLANK:
     default:
         if (!full_update)
             return;
 
-        sprintf(msg_buffer, "VGA Blank mode");
+        snprintf(msg_buffer, sizeof(msg_buffer), "VGA Blank mode");
         break;
     }