common: nvedit: use snprintf instead of sprintf

Use snprintf to replace sprintf.

Coverity log:
"
Unbounded source buffer (STRING_SIZE)
string_size: Passing string init_val of unknown size to sprintf.
"

Reported-by: Coverity
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Cc: Tom Rini <trini@konsulko.com>
Cc: Simon Glass <sjg@chromium.org>
Reviewed-by: Joe Hershberger <joe.hershberger@ni.com>

diff --git a/common/cmd_nvedit.c b/common/cmd_nvedit.c
index 2f9cdd095a7b7bbaf4d47e5435eed7e3931a9bf5..5ae9d9d5ae36b94335c3acffac86bafecf3e4a35 100644 (file)
--- a/common/cmd_nvedit.c
+++ b/common/cmd_nvedit.c
@@ -595,7 +595,7 @@ static int do_env_edit(cmd_tbl_t *cmdtp, int flag, int argc,
        /* Set read buffer to initial value or empty sting */
        init_val = getenv(argv[1]);
        if (init_val)
-               sprintf(buffer, "%s", init_val);
+               snprintf(buffer, CONFIG_SYS_CBSIZE, "%s", init_val);
        else
                buffer[0] = '\0';