On Fri, Mar 30, 2012 at 06:07:49PM +0200, Christophe Fergeau wrote:
> The hotkey parser was generating a string with sprintf and data it got
> from the controller socket (ie data which can have an arbitrary
> length). Using sprintf there is a bad idea, replace it with snprintf.
ACK.
> ---
> client/hot_keys.cpp | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/client/hot_keys.cpp b/client/hot_keys.cpp
> index f98a4bb..2d0b9db 100644
> --- a/client/hot_keys.cpp
> +++ b/client/hot_keys.cpp
> @@ -140,7 +140,7 @@ void HotKeysParser::add_hotkey(const std::string& hotkey,
> const CommandsMap& com
>
> if (commands_map.find(command_name) == commands_map.end()) {
> char buf[1000];
> - sprintf(buf, "invalid action bname %s", command_name.c_str());
> + snprintf(buf, sizeof(buf), "invalid action bname %s",
> command_name.c_str());
> THROW(buf);
> }
> int command_id = commands_map.find(command_name)->second;
> --
> 1.7.9.3
>
> _______________________________________________
> Spice-devel mailing list
> [email protected]
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
_______________________________________________
Spice-devel mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/spice-devel
