From d31b81c1010b4259bb0caafdbd82483fabda787d Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Sat, 16 Feb 2013 10:42:23 -0800 Subject: Convert more sprintf calls to snprintf You could analyze most of these and quickly recognize that there was no chance of buffer overflow already, but why make everyone spend time doing that when we can just make it obviously safe? Signed-off-by: Alan Coopersmith Backported-to-NX-by: Ulrich Sibiller --- nx-X11/lib/X11/ErrDes.c | 9 +++++---- nx-X11/lib/X11/GetDflt.c | 2 +- nx-X11/lib/X11/KeysymStr.c | 2 +- nx-X11/lib/X11/XlibInt.c | 8 ++++---- 4 files changed, 11 insertions(+), 10 deletions(-) (limited to 'nx-X11') diff --git a/nx-X11/lib/X11/ErrDes.c b/nx-X11/lib/X11/ErrDes.c index ac13b480b..f13e3dce4 100644 --- a/nx-X11/lib/X11/ErrDes.c +++ b/nx-X11/lib/X11/ErrDes.c @@ -109,7 +109,7 @@ XGetErrorText( if (nbytes == 0) return 0; if (code <= BadImplementation && code > 0) { - sprintf(buf, "%d", code); + snprintf(buf, sizeof(buf), "%d", code); (void) XGetErrorDatabaseText(dpy, "XProtoError", buf, _XErrorList + _XErrorOffsets[code], buffer, nbytes); @@ -125,11 +125,12 @@ XGetErrorText( bext = ext; } if (!buffer[0] && bext) { - sprintf(buf, "%s.%d", bext->name, code - bext->codes.first_error); + snprintf(buf, sizeof(buf), "%s.%d", + bext->name, code - bext->codes.first_error); (void) XGetErrorDatabaseText(dpy, "XProtoError", buf, "", buffer, nbytes); } if (!buffer[0]) - sprintf(buffer, "%d", code); + snprintf(buffer, nbytes, "%d", code); return 0; } @@ -190,7 +191,7 @@ XGetErrorDatabaseText( else tptr = Xmalloc (tlen); if (tptr) { - sprintf(tptr, "%s.%s", name, type); + snprintf(tptr, tlen, "%s.%s", name, type); XrmGetResource(db, tptr, "ErrorType.ErrorNumber", &type_str, &result); if (tptr != temp) diff --git a/nx-X11/lib/X11/GetDflt.c b/nx-X11/lib/X11/GetDflt.c index 749893c7e..f2098dff3 100644 --- a/nx-X11/lib/X11/GetDflt.c +++ b/nx-X11/lib/X11/GetDflt.c @@ -87,7 +87,7 @@ GetHomeDir( len2 = strlen (ptr2); } if ((len1 + len2 + 1) < len) - sprintf (dest, "%s%s", ptr1, (ptr2) ? ptr2 : ""); + snprintf (dest, len, "%s%s", ptr1, (ptr2) ? ptr2 : ""); else *dest = '\0'; #else diff --git a/nx-X11/lib/X11/KeysymStr.c b/nx-X11/lib/X11/KeysymStr.c index 797cf53bd..ba6c8450a 100644 --- a/nx-X11/lib/X11/KeysymStr.c +++ b/nx-X11/lib/X11/KeysymStr.c @@ -107,7 +107,7 @@ char *XKeysymToString(KeySym ks) XrmQuark empty = NULLQUARK; GRNData data; - sprintf(buf, "%lX", ks); + snprintf(buf, sizeof(buf), "%lX", ks); resval.addr = (XPointer)buf; resval.size = strlen(buf) + 1; data.name = (char *)NULL; diff --git a/nx-X11/lib/X11/XlibInt.c b/nx-X11/lib/X11/XlibInt.c index 2d84c626d..1ecbaaa4f 100644 --- a/nx-X11/lib/X11/XlibInt.c +++ b/nx-X11/lib/X11/XlibInt.c @@ -3521,7 +3521,7 @@ static int _XPrintDefaultError( mesg, BUFSIZ); (void) fprintf(fp, mesg, event->request_code); if (event->request_code < 128) { - sprintf(number, "%d", event->request_code); + snprintf(number, sizeof(number), "%d", event->request_code); XGetErrorDatabaseText(dpy, "XRequest", number, "", buffer, BUFSIZ); } else { for (ext = dpy->ext_procs; @@ -3541,7 +3541,7 @@ static int _XPrintDefaultError( fputs(" ", fp); (void) fprintf(fp, mesg, event->minor_code); if (ext) { - sprintf(mesg, "%s.%d", ext->name, event->minor_code); + snprintf(mesg, sizeof(mesg), "%s.%d", ext->name, event->minor_code); XGetErrorDatabaseText(dpy, "XRequest", mesg, "", buffer, BUFSIZ); (void) fprintf(fp, " (%s)", buffer); } @@ -3564,8 +3564,8 @@ static int _XPrintDefaultError( bext = ext; } if (bext) - sprintf(buffer, "%s.%d", bext->name, - event->error_code - bext->codes.first_error); + snprintf(buffer, sizeof(buffer), "%s.%d", bext->name, + event->error_code - bext->codes.first_error); else strcpy(buffer, "Value"); XGetErrorDatabaseText(dpy, mtype, buffer, "", mesg, BUFSIZ); -- cgit v1.2.3