Am 17.02.2013 18:45, schrieb Alan Coopersmith:
> You could analyze most of these and quickly recognize that there was no
> chance of buffer overflow already, but why make everyone spend time doing
> that when we can just make it obviously safe?
>
> Signed-off-by: Alan Coopersmith <[email protected]>
> ---
> src/ErrDes.c | 9 +++++----
> src/GetDflt.c | 2 +-
> src/KeysymStr.c | 2 +-
> src/XlibInt.c | 8 ++++----
> 4 files changed, 11 insertions(+), 10 deletions(-)
>
> diff --git a/src/ErrDes.c b/src/ErrDes.c
> index 9a5b180..ef5edad 100644
> --- a/src/ErrDes.c
> +++ b/src/ErrDes.c
> @@ -109,7 +109,7 @@ XGetErrorText(
>
> if (nbytes == 0) return 0;
> if (code <= BadImplementation && code > 0) {
> - sprintf(buf, "%d", code);
> + snprintf(buf, sizeof(buf), "%d", code);
> (void) XGetErrorDatabaseText(dpy, "XProtoError", buf,
> _XErrorList + _XErrorOffsets[code],
> buffer, nbytes);
> @@ -125,11 +125,12 @@ XGetErrorText(
> bext = ext;
> }
> if (!buffer[0] && bext) {
> - sprintf(buf, "%s.%d", bext->name, code - bext->codes.first_error);
> + snprintf(buf, sizeof(buf), "%s.%d",
> + bext->name, code - bext->codes.first_error);
> (void) XGetErrorDatabaseText(dpy, "XProtoError", buf, "", buffer,
> nbytes);
> }
> if (!buffer[0])
> - sprintf(buffer, "%d", code);
> + snprintf(buffer, nbytes, "%d", code);
> return 0;
> }
>
> @@ -190,7 +191,7 @@ XGetErrorDatabaseText(
> else
> tptr = Xmalloc (tlen);
> if (tptr) {
> - sprintf(tptr, "%s.%s", name, type);
> + snprintf(tptr, tlen, "%s.%s", name, type);
> XrmGetResource(db, tptr, "ErrorType.ErrorNumber",
> &type_str, &result);
> if (tptr != temp)
perhaps an asprintf() is more nice here ?
re,
wh
> diff --git a/src/GetDflt.c b/src/GetDflt.c
> index dfda1c6..6f62cd8 100644
> --- a/src/GetDflt.c
> +++ b/src/GetDflt.c
> @@ -110,7 +110,7 @@ GetHomeDir(
> len2 = strlen (ptr2);
> }
> if ((len1 + len2 + 1) < len)
> - sprintf (dest, "%s%s", ptr1, (ptr2) ? ptr2 : "");
> + snprintf (dest, len, "%s%s", ptr1, (ptr2) ? ptr2 : "");
> else
> *dest = '\0';
> #else
> diff --git a/src/KeysymStr.c b/src/KeysymStr.c
> index f24f3b1..c7c4704 100644
> --- a/src/KeysymStr.c
> +++ b/src/KeysymStr.c
> @@ -107,7 +107,7 @@ char *XKeysymToString(KeySym ks)
> XrmQuark empty = NULLQUARK;
> GRNData data;
>
> - sprintf(buf, "%lX", ks);
> + snprintf(buf, sizeof(buf), "%lX", ks);
> resval.addr = (XPointer)buf;
> resval.size = strlen(buf) + 1;
> data.name = (char *)NULL;
> diff --git a/src/XlibInt.c b/src/XlibInt.c
> index e4d35fd..c436842 100644
> --- a/src/XlibInt.c
> +++ b/src/XlibInt.c
> @@ -1432,7 +1432,7 @@ static int _XPrintDefaultError(
> mesg, BUFSIZ);
> (void) fprintf(fp, mesg, event->request_code);
> if (event->request_code < 128) {
> - sprintf(number, "%d", event->request_code);
> + snprintf(number, sizeof(number), "%d", event->request_code);
> XGetErrorDatabaseText(dpy, "XRequest", number, "", buffer, BUFSIZ);
> } else {
> for (ext = dpy->ext_procs;
> @@ -1452,7 +1452,7 @@ static int _XPrintDefaultError(
> fputs(" ", fp);
> (void) fprintf(fp, mesg, event->minor_code);
> if (ext) {
> - sprintf(mesg, "%s.%d", ext->name, event->minor_code);
> + snprintf(mesg, sizeof(mesg), "%s.%d", ext->name, event->minor_code);
> XGetErrorDatabaseText(dpy, "XRequest", mesg, "", buffer, BUFSIZ);
> (void) fprintf(fp, " (%s)", buffer);
> }
> @@ -1475,8 +1475,8 @@ static int _XPrintDefaultError(
> bext = ext;
> }
> if (bext)
> - sprintf(buffer, "%s.%d", bext->name,
> - event->error_code - bext->codes.first_error);
> + snprintf(buffer, sizeof(buffer), "%s.%d", bext->name,
> + event->error_code - bext->codes.first_error);
> else
> strcpy(buffer, "Value");
> XGetErrorDatabaseText(dpy, mtype, buffer, "", mesg, BUFSIZ);
_______________________________________________
[email protected]: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel
