Stuart Henderson writes:
> On 2012/12/04 22:38, Dennis Herrmann wrote:
> > [03] "warning: sprintf() is often misused, please use snprintf()"
>
> We're not patching these in ports unless there's a serious
> bug - feeding this type of fix upstream is usually the best course
> of action....however
>
> > + static void send_curs(Vt *t)
> > + {
> > + char keyseq[16];
> > +- sprintf(keyseq, "\e[%d;%dR", (int)(t->curs_row - t->lines),
> > t->curs_col);
> > ++ printf(keyseq, "\e[%d;%dR", (int)(t->curs_row - t->lines), t->curs_col);
> > + vt_write(t, keyseq, strlen(keyseq));
> > + }
> > +
>
> in this case the patch is bogus, the intent is to print to a string,
> it should either be changed to snprintf with a size limit, (and check
> the return code to avoid possibly not terminating the escape sequence
> properly if the string does get truncated), or (as there is a finite
> maximum length the %d can expand to) use a buffer large enough to
> hold the longest possible output of the sprintf.
>
I change the patch a little bit, I hope it looks better?
+ static void send_curs(Vt *t)
+ {
+ char keyseq[16];
+- sprintf(keyseq, "\e[%d;%dR", (int)(t->curs_row - t->lines),
t->curs_col);
++ snprintf(keyseq, sizeof(keyseq), "\e[%d;%dR", (int)(t->curs_row -
t->lines), t->curs_col);
+ vt_write(t, keyseq, strlen(keyseq));
+ }
/dhn
diff --git a/misc/dvtm/patches/patch-vt_c b/misc/dvtm/patches/patch-vt_c
index 0fbc97d..a44aac7 100644
--- a/misc/dvtm/patches/patch-vt_c
+++ b/misc/dvtm/patches/patch-vt_c
@@ -16,7 +16,7 @@
{
char keyseq[16];
- sprintf(keyseq, "\e[%d;%dR", (int)(t->curs_row - t->lines), t->curs_col);
-+ printf(keyseq, "\e[%d;%dR", (int)(t->curs_row - t->lines), t->curs_col);
++ snprintf(keyseq, sizeof(keyseq), "\e[%d;%dR", (int)(t->curs_row - t->lines), t->curs_col);
vt_write(t, keyseq, strlen(keyseq));
}
pgpn4O3wZaLPP.pgp
Description: PGP signature
