[PATCH:libX11 7/7] Convert more sprintf calls to snprintf
Alan Coopersmith
alan.coopersmith at oracle.com
Sun Feb 17 09:45:48 PST 2013
You could analyze most of these and quickly recognize that there was no
chance of buffer overflow already, but why make everyone spend time doing
that when we can just make it obviously safe?
Signed-off-by: Alan Coopersmith <alan.coopersmith at oracle.com>
---
src/ErrDes.c | 9 +++++----
src/GetDflt.c | 2 +-
src/KeysymStr.c | 2 +-
src/XlibInt.c | 8 ++++----
4 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/src/ErrDes.c b/src/ErrDes.c
index 9a5b180..ef5edad 100644
--- a/src/ErrDes.c
+++ b/src/ErrDes.c
@@ -109,7 +109,7 @@ XGetErrorText(
if (nbytes == 0) return 0;
if (code <= BadImplementation && code > 0) {
- sprintf(buf, "%d", code);
+ snprintf(buf, sizeof(buf), "%d", code);
(void) XGetErrorDatabaseText(dpy, "XProtoError", buf,
_XErrorList + _XErrorOffsets[code],
buffer, nbytes);
@@ -125,11 +125,12 @@ XGetErrorText(
bext = ext;
}
if (!buffer[0] && bext) {
- sprintf(buf, "%s.%d", bext->name, code - bext->codes.first_error);
+ snprintf(buf, sizeof(buf), "%s.%d",
+ bext->name, code - bext->codes.first_error);
(void) XGetErrorDatabaseText(dpy, "XProtoError", buf, "", buffer, nbytes);
}
if (!buffer[0])
- sprintf(buffer, "%d", code);
+ snprintf(buffer, nbytes, "%d", code);
return 0;
}
@@ -190,7 +191,7 @@ XGetErrorDatabaseText(
else
tptr = Xmalloc (tlen);
if (tptr) {
- sprintf(tptr, "%s.%s", name, type);
+ snprintf(tptr, tlen, "%s.%s", name, type);
XrmGetResource(db, tptr, "ErrorType.ErrorNumber",
&type_str, &result);
if (tptr != temp)
diff --git a/src/GetDflt.c b/src/GetDflt.c
index dfda1c6..6f62cd8 100644
--- a/src/GetDflt.c
+++ b/src/GetDflt.c
@@ -110,7 +110,7 @@ GetHomeDir(
len2 = strlen (ptr2);
}
if ((len1 + len2 + 1) < len)
- sprintf (dest, "%s%s", ptr1, (ptr2) ? ptr2 : "");
+ snprintf (dest, len, "%s%s", ptr1, (ptr2) ? ptr2 : "");
else
*dest = '\0';
#else
diff --git a/src/KeysymStr.c b/src/KeysymStr.c
index f24f3b1..c7c4704 100644
--- a/src/KeysymStr.c
+++ b/src/KeysymStr.c
@@ -107,7 +107,7 @@ char *XKeysymToString(KeySym ks)
XrmQuark empty = NULLQUARK;
GRNData data;
- sprintf(buf, "%lX", ks);
+ snprintf(buf, sizeof(buf), "%lX", ks);
resval.addr = (XPointer)buf;
resval.size = strlen(buf) + 1;
data.name = (char *)NULL;
diff --git a/src/XlibInt.c b/src/XlibInt.c
index e4d35fd..c436842 100644
--- a/src/XlibInt.c
+++ b/src/XlibInt.c
@@ -1432,7 +1432,7 @@ static int _XPrintDefaultError(
mesg, BUFSIZ);
(void) fprintf(fp, mesg, event->request_code);
if (event->request_code < 128) {
- sprintf(number, "%d", event->request_code);
+ snprintf(number, sizeof(number), "%d", event->request_code);
XGetErrorDatabaseText(dpy, "XRequest", number, "", buffer, BUFSIZ);
} else {
for (ext = dpy->ext_procs;
@@ -1452,7 +1452,7 @@ static int _XPrintDefaultError(
fputs(" ", fp);
(void) fprintf(fp, mesg, event->minor_code);
if (ext) {
- sprintf(mesg, "%s.%d", ext->name, event->minor_code);
+ snprintf(mesg, sizeof(mesg), "%s.%d", ext->name, event->minor_code);
XGetErrorDatabaseText(dpy, "XRequest", mesg, "", buffer, BUFSIZ);
(void) fprintf(fp, " (%s)", buffer);
}
@@ -1475,8 +1475,8 @@ static int _XPrintDefaultError(
bext = ext;
}
if (bext)
- sprintf(buffer, "%s.%d", bext->name,
- event->error_code - bext->codes.first_error);
+ snprintf(buffer, sizeof(buffer), "%s.%d", bext->name,
+ event->error_code - bext->codes.first_error);
else
strcpy(buffer, "Value");
XGetErrorDatabaseText(dpy, mtype, buffer, "", mesg, BUFSIZ);
--
1.7.9.2
More information about the xorg-devel
mailing list