ref: 314bec5278c282e1008f6dcd2ed31cb206644ee3
parent: d1aead4d7a6bfe554773fead5682a68c53b8c95f
author: Ali Gholami Rudi <ali@rudi.ir>
date: Sat Nov 29 17:01:24 EST 2014
roff: safer strcpy() and sprintf() calls This is based on a patch by Dirk-Wilhelm Peters <peters@schwertfisch.de>.
--- a/dev.c
+++ b/dev.c
@@ -44,9 +44,9 @@
if (pos >= NFONTS)
return -1;
if (strchr(name, '/'))
- strcpy(path, name);
+ snprintf(path, sizeof(path), "%s", name);
else
- sprintf(path, "%s/dev%s/%s", dev_dir, dev_dev, name);
+ snprintf(path, sizeof(path), "%s/dev%s/%s", dev_dir, dev_dev, name);
fn = font_open(path);
if (!fn)
return -1;
@@ -53,7 +53,7 @@
if (fn_font[pos])
font_close(fn_font[pos]);
if (fn_name[pos] != name) /* ignore if fn_name[pos] is passed */
- strcpy(fn_name[pos], id);
+ snprintf(fn_name[pos], sizeof(fn_name[pos]), "%s", id);
fn_font[pos] = fn;
out("x font %d %s\n", pos, name);return pos;
@@ -65,9 +65,9 @@
char tok[ILNLEN];
int i;
FILE *desc;
- strcpy(dev_dir, dir);
- strcpy(dev_dev, dev);
- sprintf(path, "%s/dev%s/DESC", dir, dev);
+ snprintf(dev_dir, sizeof(dev_dir), "%s", dir);
+ snprintf(dev_dev, sizeof(dev_dev), "%s", dev);
+ snprintf(path, sizeof(path), "%s/dev%s/DESC", dir, dev);
desc = fopen(path, "r");
if (!desc)
return 1;
@@ -213,8 +213,10 @@
}
for (i = 2; i < NARGS; i++) { if (args[i] && fspecial_n < LEN(fspecial_fn)) {- strcpy(fspecial_fn[fspecial_n], fn);
- strcpy(fspecial_sp[fspecial_n], args[i]);
+ snprintf(fspecial_fn[fspecial_n],
+ sizeof(fspecial_fn[fspecial_n]), "%s", fn);
+ snprintf(fspecial_sp[fspecial_n],
+ sizeof(fspecial_sp[fspecial_n]), "%s", args[i]);
fspecial_n++;
}
}
--- a/font.c
+++ b/font.c
@@ -73,8 +73,8 @@
fn->gl = mextend(fn->gl, fn->gl_n, fn->gl_sz, sizeof(fn->gl[0]));
}
g = &fn->gl[fn->gl_n];
- strcpy(g->id, id);
- strcpy(g->name, name);
+ snprintf(g->id, sizeof(g->id), "%s", id);
+ snprintf(g->name, sizeof(g->name), "%s", name);
g->type = type;
g->font = fn;
dict_put(fn->gl_dict, g->id, fn->gl_n);
@@ -315,8 +315,10 @@
for (i = 0; i < fn->feat_n; i++)
if (!strcmp(feat, fn->feat_name[i]))
return i;
- if (mk)
- strcpy(fn->feat_name[fn->feat_n], feat);
+ if (mk) {+ snprintf(fn->feat_name[fn->feat_n],
+ sizeof(fn->feat_name[fn->feat_n]), "%s", feat);
+ }
return mk ? fn->feat_n++ : -1;
}
--- a/roff.c
+++ b/roff.c
@@ -61,10 +61,10 @@
int main(int argc, char **argv)
{- char fontdir[PATHLEN] = TROFFFDIR;
- char macrodir[PATHLEN] = TROFFMDIR;
- char dev[PATHLEN] = "utf";
char path[PATHLEN];
+ char *fontdir = TROFFFDIR;
+ char *macrodir = TROFFMDIR;
+ char *dev = "utf";
int i;
int ret;
for (i = 1; i < argc; i++) {@@ -75,21 +75,24 @@
n_cp = 1;
break;
case 'm':
- sprintf(path, "%s/%s.tmac", macrodir, argv[i] + 2);
+ snprintf(path, sizeof(path), "%s/%s.tmac",
+ macrodir, argv[i] + 2);
if (!xopens(path))
- sprintf(path, "%s/tmac.%s", macrodir, argv[i] + 2);
+ snprintf(path, sizeof(path), "%s/tmac.%s",
+ macrodir, argv[i] + 2);
if (!xopens(path))
- sprintf(path, "%s/%s", macrodir, argv[i] + 2);
+ snprintf(path, sizeof(path), "%s/%s",
+ macrodir, argv[i] + 2);
in_queue(path);
break;
case 'F':
- strcpy(fontdir, argv[i][2] ? argv[i] + 2 : argv[++i]);
+ fontdir = argv[i][2] ? argv[i] + 2 : argv[++i];
break;
case 'M':
- strcpy(macrodir, argv[i][2] ? argv[i] + 2 : argv[++i]);
+ macrodir = argv[i][2] ? argv[i] + 2 : argv[++i];
break;
case 'T':
- strcpy(dev, argv[i][2] ? argv[i] + 2 : argv[++i]);
+ dev = argv[i][2] ? argv[i] + 2 : argv[++i];
break;
default:
printf("%s", usage);--- a/sbuf.c
+++ b/sbuf.c
@@ -41,7 +41,7 @@
char buf[ILNLEN];
va_list ap;
va_start(ap, s);
- vsprintf(buf, s, ap);
+ vsnprintf(buf, sizeof(buf), s, ap);
va_end(ap);
sbuf_append(sbuf, buf);
}
--- a/tr.c
+++ b/tr.c
@@ -686,7 +686,7 @@
if (i < 0 && cdef_n < NCDEFS)
i = cdef_n++;
if (i >= 0) {- strncpy(cdef_src[i], c, sizeof(cdef_src[i]) - 1);
+ snprintf(cdef_src[i], sizeof(cdef_src[i]), "%s", c);
cdef_dst[i] = xmalloc(strlen(def) + 1);
strcpy(cdef_dst[i], def);
cdef_fn[i] = fn ? dev_pos(fn) : 0;