From 159a2607b94673c2229429459239d3f5f4da5651 Mon Sep 17 00:00:00 2001
From: Amin Ben Ramdhane <amin.benramdhane@pivasoftware.com>
Date: Thu, 16 Apr 2020 11:54:51 +0100
Subject: [PATCH] change sprintf -> snprintf

---
 dmdiagnostics.c                   | 62 +++++++++++++++----------------
 dmtree/tr064/upnp_configuration.c | 10 +++--
 dmtree/tr064/upnp_deviceinfo.c    |  4 +-
 dmtree/tr157/softwaremodules.c    | 12 +++---
 dmtree/tr181/bridging.c           |  4 +-
 dmtree/tr181/usb.c                |  4 +-
 6 files changed, 50 insertions(+), 46 deletions(-)

diff --git a/dmdiagnostics.c b/dmdiagnostics.c
index afbc652c..75e34e6e 100644
--- a/dmdiagnostics.c
+++ b/dmdiagnostics.c
@@ -18,9 +18,9 @@ struct upload_diagnostic_stats upload_stats = {0};
 
 char *get_param_diagnostics(char *diag, char *option)
 {
-	char buf[32], *value;
+	char buf[32] = {0}, *value;
 
-	sprintf(buf, "@%s[0]", diag);
+	snprintf(buf, sizeof(buf), "@%s[0]", diag);
 	dmuci_get_varstate_string("cwmp", buf, option, &value);
 		return value;
 }
@@ -28,14 +28,14 @@ char *get_param_diagnostics(char *diag, char *option)
 void set_param_diagnostics(char *diag, char *option, char *value)
 {
 	struct uci_section *curr_section = NULL;
-	char buf[32], *tmp;
+	char buf[32] = {0}, *tmp;
 
 	curr_section = dmuci_walk_state_section("cwmp", diag, NULL, NULL, CMP_SECTION, NULL, NULL, GET_FIRST_SECTION);
 	if(!curr_section)
 	{
 		dmuci_add_state_section("cwmp", diag, &curr_section, &tmp);
 	}
-	sprintf(buf, "@%s[0]", diag);
+	snprintf(buf, sizeof(buf), "@%s[0]", diag);
 	dmuci_set_varstate_value("cwmp", buf, option, value);
 }
 
@@ -95,23 +95,23 @@ static void ftp_download_per_packet(libtrace_packet_t *packet)
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
 		download_stats.random_seq = ntohl(tcp->seq);
-		sprintf((download_stats.tcpopenrequesttime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(download_stats.tcpopenrequesttime, sizeof(download_stats.tcpopenrequesttime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 	}
 	if (strcmp(tcp_flag, "SYN ACK ") == 0 && download_stats.random_seq != 0 && (ntohl(tcp->ack_seq) - 1 ) == download_stats.random_seq)
 	{
 		ts = trace_get_timeval(packet);
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
-		sprintf((download_stats.tcpopenresponsetime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(download_stats.tcpopenresponsetime, sizeof(download_stats.tcpopenresponsetime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 		download_stats.random_seq = ntohl(tcp->ack_seq);
-		sprintf((download_stats.tcpopenresponsetime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(download_stats.tcpopenresponsetime, sizeof(download_stats.tcpopenresponsetime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 	}
 	if (strcmp(tcp_flag, "PSH ACK ") == 0 && strlen(nexthdr) > strlen(FTP_RETR_REQUEST) && strncmp(nexthdr, FTP_RETR_REQUEST, strlen(FTP_RETR_REQUEST)) == 0)
 	{
 		ts = trace_get_timeval(packet);
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
-		sprintf((download_stats.romtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(download_stats.romtime, sizeof(download_stats.romtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 	}
 	if(strcmp(tcp_flag, "ACK ") == 0 && ntohl(tcp->seq) == download_stats.random_seq && download_stats.ack_seq == 0)
 	{
@@ -125,7 +125,7 @@ static void ftp_download_per_packet(libtrace_packet_t *packet)
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
 		if (download_stats.first_data == 0)
 		{
-			sprintf((download_stats.bomtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+			snprintf(download_stats.bomtime, sizeof(download_stats.bomtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 		}
 		download_stats.first_data = 1;
 	}
@@ -136,10 +136,10 @@ static void ftp_download_per_packet(libtrace_packet_t *packet)
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
 		if (download_stats.first_data == 0)
 		{
-			sprintf((download_stats.bomtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+			snprintf(download_stats.bomtime, sizeof(download_stats.bomtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 			download_stats.first_data = 1;
 		}
-		sprintf((download_stats.eomtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(download_stats.eomtime, sizeof(download_stats.eomtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 	}
 }
 
@@ -172,7 +172,7 @@ static void http_download_per_packet(libtrace_packet_t *packet)
     	ts = trace_get_timeval(packet);
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
-		sprintf((download_stats.tcpopenrequesttime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(download_stats.tcpopenrequesttime, sizeof(download_stats.tcpopenrequesttime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 		download_stats.random_seq = ntohl(tcp->seq);
 		return;
 	}
@@ -181,7 +181,7 @@ static void http_download_per_packet(libtrace_packet_t *packet)
 		ts = trace_get_timeval(packet);
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
-		sprintf((download_stats.tcpopenresponsetime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(download_stats.tcpopenresponsetime, sizeof(download_stats.tcpopenresponsetime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 		download_stats.random_seq = ntohl(tcp->seq);
 		return;
 	}
@@ -190,7 +190,7 @@ static void http_download_per_packet(libtrace_packet_t *packet)
 		ts = trace_get_timeval(packet);
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
-		sprintf((download_stats.romtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(download_stats.romtime, sizeof(download_stats.romtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 		download_stats.get_ack = ntohl(tcp->ack_seq);
 		return;
 	}
@@ -205,7 +205,7 @@ static void http_download_per_packet(libtrace_packet_t *packet)
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
 		if (download_stats.first_data == 0) {
-			sprintf((download_stats.bomtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+			snprintf(download_stats.bomtime, sizeof(download_stats.bomtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 			char *val = strstr(nexthdr,"Content-Length");
 			char *pch, *pchr;
 			val += strlen("Content-Length: ");
@@ -221,7 +221,7 @@ static void http_download_per_packet(libtrace_packet_t *packet)
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
 		if (download_stats.first_data == 0) {
-			sprintf((download_stats.bomtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+			snprintf(download_stats.bomtime, sizeof(download_stats.bomtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 			char *val = strstr(nexthdr,"Content-Length");
 			char *pch, *pchr;
 			val += strlen("Content-Length: ");
@@ -229,7 +229,7 @@ static void http_download_per_packet(libtrace_packet_t *packet)
 			download_stats.test_bytes_received = atoi(pch);
 			download_stats.first_data = 1;
 		}
-		sprintf((download_stats.eomtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(download_stats.eomtime, sizeof(download_stats.eomtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 		return;
 	}
 }
@@ -245,7 +245,7 @@ static void libtrace_cleanup(libtrace_t *trace, libtrace_packet_t *packet)
 
 static void set_download_stats(char *protocol)
 {
-	char buf[16];
+	char buf[16] = {0};
 
 	if(strcmp(protocol, "cwmp")== 0)
 		init_uci_varstate_ctx();
@@ -255,7 +255,7 @@ static void set_download_stats(char *protocol)
 	set_param_diagnostics("downloaddiagnostic", "EOMtime", download_stats.eomtime);
 	set_param_diagnostics("downloaddiagnostic", "TCPOpenRequestTime", download_stats.tcpopenrequesttime);
 	set_param_diagnostics("downloaddiagnostic", "TCPOpenResponseTime", download_stats.tcpopenresponsetime);
-	sprintf(buf,"%d", download_stats.test_bytes_received);
+	snprintf(buf, sizeof(buf), "%d", download_stats.test_bytes_received);
 	set_param_diagnostics("downloaddiagnostic", "TestBytesReceived", buf);
 
 	if(strcmp(protocol, "cwmp")== 0)
@@ -309,7 +309,7 @@ static void http_upload_per_packet(libtrace_packet_t *packet)
     	ts = trace_get_timeval(packet);
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
-		sprintf((upload_stats.tcpopenrequesttime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(upload_stats.tcpopenrequesttime, sizeof(upload_stats.tcpopenrequesttime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 		upload_stats.random_seq = ntohl(tcp->seq);
 	}
 	if (strcmp(tcp_flag, "SYN ACK ") == 0 && upload_stats.random_seq != 0 && (ntohl(tcp->ack_seq) - 1 ) == upload_stats.random_seq)
@@ -317,7 +317,7 @@ static void http_upload_per_packet(libtrace_packet_t *packet)
 		ts = trace_get_timeval(packet);
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
-		sprintf((upload_stats.tcpopenresponsetime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(upload_stats.tcpopenresponsetime, sizeof(upload_stats.tcpopenresponsetime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 		upload_stats.random_seq = ntohl(tcp->seq);
 	}
 	if (strcmp(tcp_flag, "PSH ACK ") == 0 && strncmp(nexthdr, "PUT", 3) == 0)
@@ -325,7 +325,7 @@ static void http_upload_per_packet(libtrace_packet_t *packet)
 		ts = trace_get_timeval(packet);
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
-		sprintf((upload_stats.romtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(upload_stats.romtime, sizeof(upload_stats.romtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 		if (strstr(nexthdr, "Expect: 100-continue"))
 		{
 			upload_stats.tmp=1;
@@ -354,7 +354,7 @@ static void http_upload_per_packet(libtrace_packet_t *packet)
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
 		if (upload_stats.first_data == 0)
 		{
-			sprintf((upload_stats.bomtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+			snprintf(upload_stats.bomtime, sizeof(upload_stats.bomtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 			upload_stats.first_data = 1;
 		}
 	}
@@ -365,7 +365,7 @@ static void http_upload_per_packet(libtrace_packet_t *packet)
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
 		if (upload_stats.first_data == 0)
 		{
-			sprintf((upload_stats.bomtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+			snprintf(upload_stats.bomtime, sizeof(upload_stats.bomtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 			upload_stats.first_data = 1;
 		}
 	}
@@ -374,7 +374,7 @@ static void http_upload_per_packet(libtrace_packet_t *packet)
 		ts = trace_get_timeval(packet);
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
-		sprintf((upload_stats.eomtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(upload_stats.eomtime, sizeof(upload_stats.eomtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 	}
 }
 
@@ -416,14 +416,14 @@ static void ftp_upload_per_packet(libtrace_packet_t *packet)
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
 		upload_stats.random_seq = ntohl(tcp->seq);
-		sprintf((upload_stats.tcpopenrequesttime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(upload_stats.tcpopenrequesttime, sizeof(upload_stats.tcpopenrequesttime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 	}
 	if (strcmp(tcp_flag, "SYN ACK ") == 0 && upload_stats.random_seq != 0 && (ntohl(tcp->ack_seq) - 1 ) == upload_stats.random_seq)
 	{
 		ts = trace_get_timeval(packet);
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
-		sprintf((upload_stats.tcpopenresponsetime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(upload_stats.tcpopenresponsetime, sizeof(upload_stats.tcpopenresponsetime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 		upload_stats.random_seq = ntohl(tcp->ack_seq);
 	}
 	if (strcmp(tcp_flag, "PSH ACK ") == 0 && strlen(nexthdr) > strlen(FTP_STOR_REQUEST) && strncmp(nexthdr, FTP_STOR_REQUEST, strlen(FTP_STOR_REQUEST)) == 0)
@@ -431,7 +431,7 @@ static void ftp_upload_per_packet(libtrace_packet_t *packet)
 		ts = trace_get_timeval(packet);
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
-		sprintf((upload_stats.romtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(upload_stats.romtime, sizeof(upload_stats.romtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 	}
 	if(strcmp(tcp_flag, "ACK ") == 0 && ntohl(tcp->seq) == upload_stats.random_seq && upload_stats.ack_seq == 0)
 	{
@@ -445,7 +445,7 @@ static void ftp_upload_per_packet(libtrace_packet_t *packet)
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
 		if (upload_stats.first_data == 0)
 		{
-			sprintf((upload_stats.bomtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+			snprintf(upload_stats.bomtime, sizeof(upload_stats.bomtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 			upload_stats.first_data = 1;
 		}
 	}
@@ -456,7 +456,7 @@ static void ftp_upload_per_packet(libtrace_packet_t *packet)
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
 		if (upload_stats.first_data == 0)
 		{
-			sprintf((upload_stats.bomtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+			snprintf(upload_stats.bomtime, sizeof(upload_stats.bomtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 			upload_stats.first_data = 1;
 		}
 	}
@@ -465,7 +465,7 @@ static void ftp_upload_per_packet(libtrace_packet_t *packet)
 		ts = trace_get_timeval(packet);
 		(void) localtime_r(&(ts.tv_sec), &lt);
 		strftime(s_now, sizeof s_now, "%Y-%m-%dT%H:%M:%S", &lt);
-		sprintf((upload_stats.eomtime),"%s.%06ldZ", s_now, (long) ts.tv_usec);
+		snprintf(upload_stats.eomtime, sizeof(upload_stats.eomtime), "%s.%06ldZ", s_now, (long) ts.tv_usec);
 		read_next = 0;
 	}
 }
diff --git a/dmtree/tr064/upnp_configuration.c b/dmtree/tr064/upnp_configuration.c
index 9e1584d4..4ffd1d49 100755
--- a/dmtree/tr064/upnp_configuration.c
+++ b/dmtree/tr064/upnp_configuration.c
@@ -269,13 +269,15 @@ int upnp_configuration_set_ipv4_defaultgateway(char *refparam, struct dmctx *ctx
 	return 0;
 }
 
-int upnp_configuration_ipinterface_createinstance(char *refparam, struct dmctx *ctx, void *data, char **instance){
+int upnp_configuration_ipinterface_createinstance(char *refparam, struct dmctx *ctx, void *data, char **instance)
+{
 	char *value=NULL;
 	char *iface_instance=NULL, ib[8], ip_name[32];
 	char *p = ip_name;
 	struct uci_section *iface_sec = NULL;
+
 	iface_instance = get_last_instance("network","interface","upnp_ip_iface_instance");
-	sprintf(ib, "%d", iface_instance ? atoi(iface_instance)+1 : 1);
+	snprintf(ib, sizeof(ib), "%d", iface_instance ? atoi(iface_instance)+1 : 1);
 	dmstrappendstr(p, "ip_interface_");
 	dmstrappendstr(p, ib);
 	dmstrappendend(p);
@@ -286,8 +288,10 @@ int upnp_configuration_ipinterface_createinstance(char *refparam, struct dmctx *
 	return 0;
 }
 
-int upnp_configuration_ipinterface_deleteinstance(char *refparam, struct dmctx *ctx, void *data, char *instance, unsigned char del_action){
+int upnp_configuration_ipinterface_deleteinstance(char *refparam, struct dmctx *ctx, void *data, char *instance, unsigned char del_action)
+{
 	struct upnp_configuration_args *upnp_configargs = (struct upnp_configuration_args *)data;
+
 	switch (del_action) {
 	case DEL_INST:
 		if(upnp_configargs->upnpConfiguration_sec == NULL) return FAULT_9005;
diff --git a/dmtree/tr064/upnp_deviceinfo.c b/dmtree/tr064/upnp_deviceinfo.c
index a40b5133..ed775669 100755
--- a/dmtree/tr064/upnp_deviceinfo.c
+++ b/dmtree/tr064/upnp_deviceinfo.c
@@ -235,11 +235,11 @@ int upnp_deviceinfo_networkinterface_createinstance(char *refparam, struct dmctx
 	struct uci_section *iface_sec = NULL;
 
 	iface_instance = get_last_instance("network","interface","upnp_iface_int_instance");
-	sprintf(ib, "%d", iface_instance ? atoi(iface_instance)+1 : 1);
+	snprintf(ib, sizeof(ib), "%d", iface_instance ? atoi(iface_instance)+1 : 1);
 	dmstrappendstr(p, "ip_interface_");
 	dmstrappendstr(p, ib);
 	dmstrappendend(p);
-	sprintf(ib, "%d", iface_instance ? atoi(iface_instance)+1 : 1);
+	snprintf(ib, sizeof(ib), "%d", iface_instance ? atoi(iface_instance)+1 : 1);
 	dmuci_add_section_and_rename("network", "interface", &iface_sec, &value);
 	dmuci_set_value("network", ip_name, "", "interface");
 	dmuci_set_value("network", ip_name, "proto", "dhcp");
diff --git a/dmtree/tr157/softwaremodules.c b/dmtree/tr157/softwaremodules.c
index 69366daf..9a65ad1b 100644
--- a/dmtree/tr157/softwaremodules.c
+++ b/dmtree/tr157/softwaremodules.c
@@ -60,11 +60,11 @@ static int browseSoftwareModulesExecEnvInst(struct dmctx *dmctx, DMNODE *parent_
 static int browseSoftwareModulesDeploymentUnitInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
 {
 	json_object *res = NULL, *du_obj = NULL, *arrobj = NULL;
-	char *idx, *idx_last = NULL, buf[16];
+	char *idx, *idx_last = NULL, buf[16] = {0};
 	int id = 0, j = 0, i, incr;
 
 	for (i = 0;; i += 100) {
-		sprintf(buf, "%d", i);
+		snprintf(buf, sizeof(buf), "%d", i);
 		dmubus_call("softwaremanagement", "du_list", UBUS_ARGS{{"index", buf, Integer}}, 1, &res);
 		if (res) {
 			incr = 0;
@@ -118,11 +118,11 @@ static int get_SoftwareModules_DeploymentUnitNumberOfEntries(char *refparam, str
 {
 	json_object *res = NULL, *deployment_unit = NULL;
 	size_t nbre_du = 0, total_du = 0;
-	char buf[16];
+	char buf[16] = {0};
 	int i;
 
 	for (i = 0;; i += 100) {
-		sprintf(buf, "%d", i);
+		snprintf(buf, sizeof(buf), "%d", i);
 		dmubus_call("softwaremanagement", "du_list", UBUS_ARGS{{"index", buf, Integer}}, 1, &res);
 		DM_ASSERT(res, *value = "0");
 		json_object_object_get_ex(res, "deployment_unit", &deployment_unit);
@@ -651,14 +651,14 @@ static int get_SoftwareModulesExecutionUnit_MemoryInUse(char *refparam, struct d
 static int get_SoftwareModulesExecutionUnit_References(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
 {
 	json_object *res = NULL, *du_obj = NULL, *arrobj = NULL;
-	char *environment, *name, *curr_environment, *curr_name, buf[16];
+	char *environment, *name, *curr_environment, *curr_name, buf[16] = {0};
 	int j = 0, env = 0, i, incr;
 
 	curr_name = dmjson_get_value((json_object *)data, 1, "name");
 	curr_environment = dmjson_get_value((json_object *)data, 1, "environment");
 
 	for (i = 0;; i += 100) {
-		sprintf(buf, "%d", i);
+		snprintf(buf, sizeof(buf), "%d", i);
 		dmubus_call("softwaremanagement", "du_list", UBUS_ARGS{{"index", buf, Integer}}, 1, &res);
 		DM_ASSERT(res, *value = "");
 		if (res) {
diff --git a/dmtree/tr181/bridging.c b/dmtree/tr181/bridging.c
index e5a0d2a0..83556c47 100644
--- a/dmtree/tr181/bridging.c
+++ b/dmtree/tr181/bridging.c
@@ -2247,8 +2247,8 @@ static int browseBridgeVlanPortInst(struct dmctx *dmctx, DMNODE *parent_node, vo
 				dmuci_set_value_by_section(dmmap_port, "bridge_key", br_args->br_key);
 				/* Get the last vlan_instance and add one. */
 				int m = get_vlanport_last_inst(br_args->br_key);
-				char instance[10];
-				sprintf(instance, "%d", m+1);
+				char instance[10] = {0};
+				snprintf(instance, sizeof(instance), "%d", m+1);
 				dmuci_set_value_by_section(dmmap_port, "vport_inst", instance);
 				dmasprintf(&name, "%s_%d", "vlanport", m);
 				dmuci_set_value_by_section(dmmap_port, "section_name", name);
diff --git a/dmtree/tr181/usb.c b/dmtree/tr181/usb.c
index 3970d8cb..781f2809 100644
--- a/dmtree/tr181/usb.c
+++ b/dmtree/tr181/usb.c
@@ -393,7 +393,7 @@ static int get_USB_InterfaceNumberOfEntries(char *refparam, struct dmctx *ctx, v
 {
 	DIR *dir;
 	struct dirent *ent;
-	char filename[276];
+	char filename[276] = {0};
 	char buffer[64];
 	int nbre= 0;
 	ssize_t rc;
@@ -402,7 +402,7 @@ static int get_USB_InterfaceNumberOfEntries(char *refparam, struct dmctx *ctx, v
 		return 0;
 
 	while ((ent = readdir (dir)) != NULL) {
-		sprintf(filename, "/sys/class/net/%s", ent->d_name);
+		snprintf(filename, sizeof(filename), "/sys/class/net/%s", ent->d_name);
 		rc = readlink (filename, buffer, sizeof(buffer) - 1);
 		if (rc > 0) {
 			buffer[rc] = 0;