[PATCH] Fix tracepoint create_tsv_from_upload sprintf crash

[Hui Zhu <teawater at gmail dot com>]

Hi,

I define a special tv "gtp_rb_discard_page_number"(Now, I know it is
not a good name because it is too long.  :D ) in KGTP.  When I use gdb
connect to it, I got:

*** buffer overflow detected ***: gdb terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f2f9de32537]
/lib/libc.so.6(+0xfe3f0)[0x7f2f9de313f0]
/lib/libc.so.6(+0xfd859)[0x7f2f9de30859]
/lib/libc.so.6(_IO_default_xsputn+0xcc)[0x7f2f9dda8c2c]
/lib/libc.so.6(_IO_vfprintf+0x3d6c)[0x7f2f9dd7c3ac]
/lib/libc.so.6(__vsprintf_chk+0x99)[0x7f2f9de308f9]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x7f2f9de3083f]
gdb(create_tsv_from_upload+0x48)[0x5bcdb8]
gdb(merge_uploaded_trace_state_variables+0x198)[0x5bd008]

This is because:
  char buf[20];
  int try_num = 0;
  struct trace_state_variable *tsv;

  if (utsv->name)
    {
      namebase = utsv->name;
      sprintf (buf, "%s", namebase);

When the name is longer than 20, GDB will crash.
So I make a patch to change sprintf to snprintf.

Thanks,
Hui

2011-12-06  Hui Zhu  <teawater@gmail.com>

	* tracepoint.c (create_tsv_from_upload): Change sprintf to snprintf.
---
 tracepoint.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

--- a/tracepoint.c
+++ b/tracepoint.c
@@ -3489,18 +3489,18 @@ create_tsv_from_upload (struct uploaded_
   if (utsv->name)
     {
       namebase = utsv->name;
-      sprintf (buf, "%s", namebase);
+      snprintf (buf, 20, "%s", namebase);
     }
   else
     {
       namebase = "__tsv";
-      sprintf (buf, "%s_%d", namebase, try_num++);
+      snprintf (buf, 20, "%s_%d", namebase, try_num++);
     }

   /* Fish for a name that is not in use.  */
   /* (should check against all internal vars?)  */
   while (find_trace_state_variable (buf))
-    sprintf (buf, "%s_%d", namebase, try_num++);
+    snprintf (buf, 20, "%s_%d", namebase, try_num++);

   /* We have an available name, create the variable.  */
   tsv = create_trace_state_variable (buf);