Convert more sprintf calls to snprintf

You could analyze most of these and quickly recognize that there was no chance of buffer overflow already, but why make everyone spend time doing that when we can just make it obviously safe? Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>

Convert more sprintf calls to snprintf
d31b81c1 · Alan Coopersmith · Ulrich Sibiller · d43f4c39 · d31b81c1 · d31b81c1
Commit d31b81c1 authored Feb 16, 2013 by Alan Coopersmith Committed by Ulrich Sibiller Oct 19, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 10 deletions

ErrDes.c nx-X11/lib/X11/ErrDes.c +5 -4

GetDflt.c nx-X11/lib/X11/GetDflt.c +1 -1

KeysymStr.c nx-X11/lib/X11/KeysymStr.c +1 -1

XlibInt.c nx-X11/lib/X11/XlibInt.c +4 -4

No files found.
--- a/nx-X11/lib/X11/ErrDes.c
+++ b/nx-X11/lib/X11/ErrDes.c
@@ -109,7 +109,7 @@ XGetErrorText(

    if (nbytes == 0) return 0;
    if (code <= BadImplementation && code > 0) {
-	sprintf(buf, "%d", code);
+        snprintf(buf, sizeof(buf), "%d", code);
        (void) XGetErrorDatabaseText(dpy, "XProtoError", buf,
                                     _XErrorList + _XErrorOffsets[code],
 				     buffer, nbytes);
@@ -125,11 +125,12 @@ XGetErrorText(
 	    bext = ext;
    }
    if (!buffer[0] && bext) {
-	sprintf(buf, "%s.%d", bext->name, code - bext->codes.first_error);
+	snprintf(buf, sizeof(buf), "%s.%d",
+                 bext->name, code - bext->codes.first_error);
 	(void) XGetErrorDatabaseText(dpy, "XProtoError", buf, "", buffer, nbytes);
    }
    if (!buffer[0])
-	sprintf(buffer, "%d", code);
+	snprintf(buffer, nbytes, "%d", code);
    return 0;
 }

@@ -190,7 +191,7 @@ XGetErrorDatabaseText(
 	else
 	    tptr = Xmalloc (tlen);
 	if (tptr) {
-	    sprintf(tptr, "%s.%s", name, type);
+	    snprintf(tptr, tlen, "%s.%s", name, type);
 	    XrmGetResource(db, tptr, "ErrorType.ErrorNumber",
 	      &type_str, &result);
 	    if (tptr != temp)

--- a/nx-X11/lib/X11/GetDflt.c
+++ b/nx-X11/lib/X11/GetDflt.c
@@ -87,7 +87,7 @@ GetHomeDir(
 	len2 = strlen (ptr2);
    }
    if ((len1 + len2 + 1) < len)
-	sprintf (dest, "%s%s", ptr1, (ptr2) ? ptr2 : "");
+	snprintf (dest, len, "%s%s", ptr1, (ptr2) ? ptr2 : "");
    else
 	*dest = '\0';
 #else

--- a/nx-X11/lib/X11/KeysymStr.c
+++ b/nx-X11/lib/X11/KeysymStr.c
@@ -107,7 +107,7 @@ char *XKeysymToString(KeySym ks)
 	XrmQuark empty = NULLQUARK;
 	GRNData data;

-	sprintf(buf, "%lX", ks);
+	snprintf(buf, sizeof(buf), "%lX", ks);
 	resval.addr = (XPointer)buf;
 	resval.size = strlen(buf) + 1;
 	data.name = (char *)NULL;

--- a/nx-X11/lib/X11/XlibInt.c
+++ b/nx-X11/lib/X11/XlibInt.c
@@ -3521,7 +3521,7 @@ static int _XPrintDefaultError(
 	mesg, BUFSIZ);
    (void) fprintf(fp, mesg, event->request_code);
    if (event->request_code < 128) {
-	sprintf(number, "%d", event->request_code);
+	snprintf(number, sizeof(number), "%d", event->request_code);
 	XGetErrorDatabaseText(dpy, "XRequest", number, "", buffer, BUFSIZ);
    } else {
 	for (ext = dpy->ext_procs;
@@ -3541,7 +3541,7 @@ static int _XPrintDefaultError(
 	fputs("  ", fp);
 	(void) fprintf(fp, mesg, event->minor_code);
 	if (ext) {
-	    sprintf(mesg, "%s.%d", ext->name, event->minor_code);
+	    snprintf(mesg, sizeof(mesg), "%s.%d", ext->name, event->minor_code);
 	    XGetErrorDatabaseText(dpy, "XRequest", mesg, "", buffer, BUFSIZ);
 	    (void) fprintf(fp, " (%s)", buffer);
 	}
@@ -3564,8 +3564,8 @@ static int _XPrintDefaultError(
 		bext = ext;
 	}
 	if (bext)
-	    sprintf(buffer, "%s.%d", bext->name,
-		    event->error_code - bext->codes.first_error);
+	    snprintf(buffer, sizeof(buffer), "%s.%d", bext->name,
+                     event->error_code - bext->codes.first_error);
 	else
 	    strcpy(buffer, "Value");
 	XGetErrorDatabaseText(dpy, mtype, buffer, "", mesg, BUFSIZ);