From 5d49b4cdf9417b88476567c8ec78ff185d84b10f Mon Sep 17 00:00:00 2001
From: Peng Fan <peng.fan@nxp.com>
Date: Wed, 23 Dec 2015 12:08:09 +0800
Subject: [PATCH] common: nvedit: use snprintf instead of sprintf

Use snprintf to replace sprintf.

Coverity log:
"
Unbounded source buffer (STRING_SIZE)
string_size: Passing string init_val of unknown size to sprintf.
"

Reported-by: Coverity
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>
---
 common/cmd_nvedit.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/cmd_nvedit.c b/common/cmd_nvedit.c
index 2f9cdd095a..5ae9d9d5ae 100644
--- a/common/cmd_nvedit.c
+++ b/common/cmd_nvedit.c
@@ -595,7 +595,7 @@ static int do_env_edit(cmd_tbl_t *cmdtp, int flag, int argc,
 	/* Set read buffer to initial value or empty sting */
 	init_val = getenv(argv[1]);
 	if (init_val)
-		sprintf(buffer, "%s", init_val);
+		snprintf(buffer, CONFIG_SYS_CBSIZE, "%s", init_val);
 	else
 		buffer[0] = '\0';
 
-- 
2.39.5