[PATCH:libX11 7/7] Convert more sprintf calls to snprintf

Sun, 17 Feb 2013 09:50:15 -0800 

You could analyze most of these and quickly recognize that there was no
chance of buffer overflow already, but why make everyone spend time doing
that when we can just make it obviously safe?

Signed-off-by: Alan Coopersmith <[email protected]>
---
 src/ErrDes.c    |    9 +++++----
 src/GetDflt.c   |    2 +-
 src/KeysymStr.c |    2 +-
 src/XlibInt.c   |    8 ++++----
 4 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/ErrDes.c b/src/ErrDes.c
index 9a5b180..ef5edad 100644
--- a/src/ErrDes.c
+++ b/src/ErrDes.c
@@ -109,7 +109,7 @@ XGetErrorText(
 
     if (nbytes == 0) return 0;
     if (code <= BadImplementation && code > 0) {
-       sprintf(buf, "%d", code);
+        snprintf(buf, sizeof(buf), "%d", code);
         (void) XGetErrorDatabaseText(dpy, "XProtoError", buf,
                                      _XErrorList + _XErrorOffsets[code],
                                     buffer, nbytes);
@@ -125,11 +125,12 @@ XGetErrorText(
            bext = ext;
     }
     if (!buffer[0] && bext) {
-       sprintf(buf, "%s.%d", bext->name, code - bext->codes.first_error);
+       snprintf(buf, sizeof(buf), "%s.%d",
+                 bext->name, code - bext->codes.first_error);
        (void) XGetErrorDatabaseText(dpy, "XProtoError", buf, "", buffer, 
nbytes);
     }
     if (!buffer[0])
-       sprintf(buffer, "%d", code);
+       snprintf(buffer, nbytes, "%d", code);
     return 0;
 }
 
@@ -190,7 +191,7 @@ XGetErrorDatabaseText(
        else
            tptr = Xmalloc (tlen);
        if (tptr) {
-           sprintf(tptr, "%s.%s", name, type);
+           snprintf(tptr, tlen, "%s.%s", name, type);
            XrmGetResource(db, tptr, "ErrorType.ErrorNumber",
              &type_str, &result);
            if (tptr != temp)
diff --git a/src/GetDflt.c b/src/GetDflt.c
index dfda1c6..6f62cd8 100644
--- a/src/GetDflt.c
+++ b/src/GetDflt.c
@@ -110,7 +110,7 @@ GetHomeDir(
        len2 = strlen (ptr2);
     }
     if ((len1 + len2 + 1) < len)
-       sprintf (dest, "%s%s", ptr1, (ptr2) ? ptr2 : "");
+       snprintf (dest, len, "%s%s", ptr1, (ptr2) ? ptr2 : "");
     else
        *dest = '\0';
 #else
diff --git a/src/KeysymStr.c b/src/KeysymStr.c
index f24f3b1..c7c4704 100644
--- a/src/KeysymStr.c
+++ b/src/KeysymStr.c
@@ -107,7 +107,7 @@ char *XKeysymToString(KeySym ks)
        XrmQuark empty = NULLQUARK;
        GRNData data;
 
-       sprintf(buf, "%lX", ks);
+       snprintf(buf, sizeof(buf), "%lX", ks);
        resval.addr = (XPointer)buf;
        resval.size = strlen(buf) + 1;
        data.name = (char *)NULL;
diff --git a/src/XlibInt.c b/src/XlibInt.c
index e4d35fd..c436842 100644
--- a/src/XlibInt.c
+++ b/src/XlibInt.c
@@ -1432,7 +1432,7 @@ static int _XPrintDefaultError(
        mesg, BUFSIZ);
     (void) fprintf(fp, mesg, event->request_code);
     if (event->request_code < 128) {
-       sprintf(number, "%d", event->request_code);
+       snprintf(number, sizeof(number), "%d", event->request_code);
        XGetErrorDatabaseText(dpy, "XRequest", number, "", buffer, BUFSIZ);
     } else {
        for (ext = dpy->ext_procs;
@@ -1452,7 +1452,7 @@ static int _XPrintDefaultError(
        fputs("  ", fp);
        (void) fprintf(fp, mesg, event->minor_code);
        if (ext) {
-           sprintf(mesg, "%s.%d", ext->name, event->minor_code);
+           snprintf(mesg, sizeof(mesg), "%s.%d", ext->name, event->minor_code);
            XGetErrorDatabaseText(dpy, "XRequest", mesg, "", buffer, BUFSIZ);
            (void) fprintf(fp, " (%s)", buffer);
        }
@@ -1475,8 +1475,8 @@ static int _XPrintDefaultError(
                bext = ext;
        }
        if (bext)
-           sprintf(buffer, "%s.%d", bext->name,
-                   event->error_code - bext->codes.first_error);
+           snprintf(buffer, sizeof(buffer), "%s.%d", bext->name,
+                     event->error_code - bext->codes.first_error);
        else
            strcpy(buffer, "Value");
        XGetErrorDatabaseText(dpy, mtype, buffer, "", mesg, BUFSIZ);
-- 
1.7.9.2

_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel

Reply via email to