MdeModulePkg: For RegularExpressionDxe use 'sprintf_s' to replace 'sprintf'.

Function 'sprintf' has potential buffer overflow risk. This patch use 'sprintf_s' to improve the code.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Qiu Shumin <shumin.qiu@intel.com>
Reviewed-by: Yao Jiewen <Jiewen.Yao@intel.com>
Reviewed-by: Cinnamon Shia <cinnamon.shia@hpe.com>
Reviewed-by: Samer El-Haj-Mahmoud <elhaj@hpe.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@19582 6f19259b-4bc3-4df7-8a09-765794883524

MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.c

@@ -14,13 +14,13 @@
 **/
 #include "OnigurumaUefiPort.h"
 
-int sprintf(char *str, char const *fmt, ...)
+int sprintf_s(char *str, size_t sizeOfBuffer, char const *fmt, ...)
 {
   VA_LIST Marker;
   int   NumberOfPrinted;
 
   VA_START (Marker, fmt);
-  NumberOfPrinted = (int)AsciiVSPrint (str, 1000000, fmt, Marker);
+  NumberOfPrinted = (int)AsciiVSPrint (str, sizeOfBuffer, fmt, Marker);
   VA_END (Marker);
 
   return NumberOfPrinted;

MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/OnigurumaUefiPort.h

@@ -59,7 +59,7 @@ typedef UINTN size_t;
 
 int OnigStrCmp (char* Str1, char* Str2);
 
-int sprintf (char *str, char const *fmt, ...);
+int sprintf_s (char *str, size_t sizeOfBuffer, char const *fmt, ...);
 
 #define exit(n) ASSERT(FALSE);
 

MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regerror.c

@@ -191,12 +191,12 @@ onig_error_code_to_format(int code)
 
 static void sprint_byte(char* s, unsigned int v)
 {
-  sprintf(s, "%02x", (v & 0377));
+  sprintf_s(s, sizeof("00"), "%02x", (v & 0377));
 }
 
 static void sprint_byte_with_x(char* s, unsigned int v)
 {
-  sprintf(s, "\\x%02x", (v & 0377));
+  sprintf_s(s, sizeof("\\x00"), "\\x%02x", (v & 0377));
 }
 
 static int to_ascii(OnigEncoding enc, UChar *s, UChar *end,

MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regposerr.c

@@ -88,7 +88,7 @@ regerror(int posix_ecode, const regex_t* reg ARG_UNUSED, char* buf,
     s = "";
   }
   else {
-    sprintf(tbuf, "undefined error code (%d)", posix_ecode);
+    sprintf_s(tbuf, sizeof(tbuf), "undefined error code (%d)", posix_ecode);
     s = tbuf;
   }
 

MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma/regversion.c

@@ -36,7 +36,9 @@ onig_version(void)
 {
   static char s[12];
 
-  sprintf(s, "%d.%d.%d",
+  sprintf_s(s, 
+          sizeof(s),
+          "%d.%d.%d",
           ONIGURUMA_VERSION_MAJOR,
           ONIGURUMA_VERSION_MINOR,
           ONIGURUMA_VERSION_TEENY);
@@ -48,7 +50,9 @@ onig_copyright(void)
 {
   static char s[58];
 
-  sprintf(s, "Oniguruma %d.%d.%d : Copyright (C) 2002-2008 K.Kosako",
+  sprintf_s(s,
+          sizeof(s),
+          "Oniguruma %d.%d.%d : Copyright (C) 2002-2008 K.Kosako",
           ONIGURUMA_VERSION_MAJOR,
           ONIGURUMA_VERSION_MINOR,
           ONIGURUMA_VERSION_TEENY);