From b687440c28c7da6ee0ae44514d20248db5161606 Mon Sep 17 00:00:00 2001 From: Alan Coopersmith Date: Sat, 16 Feb 2013 10:42:23 -0800 Subject: [PATCH] Convert more sprintf calls to snprintf You could analyze most of these and quickly recognize that there was no chance of buffer overflow already, but why make everyone spend time doing that when we can just make it obviously safe? Signed-off-by: Alan Coopersmith --- src/ErrDes.c | 9 +++++---- src/GetDflt.c | 2 +- src/KeysymStr.c | 2 +- src/XlibInt.c | 8 ++++---- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/src/ErrDes.c b/src/ErrDes.c index 9a5b1805..ef5edad6 100644 --- a/src/ErrDes.c +++ b/src/ErrDes.c @@ -109,7 +109,7 @@ XGetErrorText( if (nbytes == 0) return 0; if (code <= BadImplementation && code > 0) { - sprintf(buf, "%d", code); + snprintf(buf, sizeof(buf), "%d", code); (void) XGetErrorDatabaseText(dpy, "XProtoError", buf, _XErrorList + _XErrorOffsets[code], buffer, nbytes); @@ -125,11 +125,12 @@ XGetErrorText( bext = ext; } if (!buffer[0] && bext) { - sprintf(buf, "%s.%d", bext->name, code - bext->codes.first_error); + snprintf(buf, sizeof(buf), "%s.%d", + bext->name, code - bext->codes.first_error); (void) XGetErrorDatabaseText(dpy, "XProtoError", buf, "", buffer, nbytes); } if (!buffer[0]) - sprintf(buffer, "%d", code); + snprintf(buffer, nbytes, "%d", code); return 0; } @@ -190,7 +191,7 @@ XGetErrorDatabaseText( else tptr = Xmalloc (tlen); if (tptr) { - sprintf(tptr, "%s.%s", name, type); + snprintf(tptr, tlen, "%s.%s", name, type); XrmGetResource(db, tptr, "ErrorType.ErrorNumber", &type_str, &result); if (tptr != temp) diff --git a/src/GetDflt.c b/src/GetDflt.c index dfda1c64..6f62cd82 100644 --- a/src/GetDflt.c +++ b/src/GetDflt.c @@ -110,7 +110,7 @@ GetHomeDir( len2 = strlen (ptr2); } if ((len1 + len2 + 1) < len) - sprintf (dest, "%s%s", ptr1, (ptr2) ? ptr2 : ""); + snprintf (dest, len, "%s%s", ptr1, (ptr2) ? ptr2 : ""); else *dest = '\0'; #else diff --git a/src/KeysymStr.c b/src/KeysymStr.c index f24f3b1d..c7c47046 100644 --- a/src/KeysymStr.c +++ b/src/KeysymStr.c @@ -107,7 +107,7 @@ char *XKeysymToString(KeySym ks) XrmQuark empty = NULLQUARK; GRNData data; - sprintf(buf, "%lX", ks); + snprintf(buf, sizeof(buf), "%lX", ks); resval.addr = (XPointer)buf; resval.size = strlen(buf) + 1; data.name = (char *)NULL; diff --git a/src/XlibInt.c b/src/XlibInt.c index e4d35fdc..c4368426 100644 --- a/src/XlibInt.c +++ b/src/XlibInt.c @@ -1432,7 +1432,7 @@ static int _XPrintDefaultError( mesg, BUFSIZ); (void) fprintf(fp, mesg, event->request_code); if (event->request_code < 128) { - sprintf(number, "%d", event->request_code); + snprintf(number, sizeof(number), "%d", event->request_code); XGetErrorDatabaseText(dpy, "XRequest", number, "", buffer, BUFSIZ); } else { for (ext = dpy->ext_procs; @@ -1452,7 +1452,7 @@ static int _XPrintDefaultError( fputs(" ", fp); (void) fprintf(fp, mesg, event->minor_code); if (ext) { - sprintf(mesg, "%s.%d", ext->name, event->minor_code); + snprintf(mesg, sizeof(mesg), "%s.%d", ext->name, event->minor_code); XGetErrorDatabaseText(dpy, "XRequest", mesg, "", buffer, BUFSIZ); (void) fprintf(fp, " (%s)", buffer); } @@ -1475,8 +1475,8 @@ static int _XPrintDefaultError( bext = ext; } if (bext) - sprintf(buffer, "%s.%d", bext->name, - event->error_code - bext->codes.first_error); + snprintf(buffer, sizeof(buffer), "%s.%d", bext->name, + event->error_code - bext->codes.first_error); else strcpy(buffer, "Value"); XGetErrorDatabaseText(dpy, mtype, buffer, "", mesg, BUFSIZ);