diff options
author | Aleksey Sanin <aleksey@src.gnome.org> | 2002-06-14 17:07:10 +0000 |
---|---|---|
committer | Aleksey Sanin <aleksey@src.gnome.org> | 2002-06-14 17:07:10 +0000 |
commit | 49cc97565fbe2928388a1e437c44429097a504ae (patch) | |
tree | e96c37456485dd61090411351595f4fb820c73b0 /xmlIO.c | |
parent | e059b891efee0c1834c8a02358eb57cca6587177 (diff) | |
download | android_external_libxml2-49cc97565fbe2928388a1e437c44429097a504ae.tar.gz android_external_libxml2-49cc97565fbe2928388a1e437c44429097a504ae.tar.bz2 android_external_libxml2-49cc97565fbe2928388a1e437c44429097a504ae.zip |
replaced sprintf() with snprintf() to prevent possible buffer overflow
* DOCBparser.c HTMLparser.c debugXML.c encoding.c
nanoftp.c nanohttp.c parser.c tree.c uri.c xmlIO.c
xmllint.c xpath.c: replaced sprintf() with snprintf()
to prevent possible buffer overflow (the bug was pointed
out by Anju Premachandran)
Diffstat (limited to 'xmlIO.c')
-rw-r--r-- | xmlIO.c | 10 |
1 files changed, 5 insertions, 5 deletions
@@ -492,7 +492,7 @@ xmlGzfileOpenW (const char *filename, int compression) { char mode[15]; gzFile fd; - sprintf(mode, "wb%d", compression); + snprintf(mode, sizeof(mode), "wb%d", compression); if (!strcmp(filename, "-")) { fd = gzdopen(dup(1), mode); return((void *) fd); @@ -714,9 +714,9 @@ xmlCreateZMemBuff( int compression ) { } /* Set the header data. The CRC will be needed for the trailer */ - buff->crc = crc32( 0L, Z_NULL, 0 ); - hdr_lgth = sprintf( (char *)buff->zbuff, "%c%c%c%c%c%c%c%c%c%c", + hdr_lgth = snprintf( (char *)buff->zbuff, buff->size, + "%c%c%c%c%c%c%c%c%c%c", GZ_MAGIC1, GZ_MAGIC2, Z_DEFLATED, 0, 0, 0, 0, 0, 0, LXML_ZLIB_OS_CODE ); buff->zctrl.next_out = buff->zbuff + hdr_lgth; @@ -1182,7 +1182,7 @@ xmlIOHTTPCloseWrite( void * context, const char * http_mthd ) { dump_name = tempnam( NULL, "lxml" ); if ( dump_name != NULL ) { - (void)sprintf( buffer, "%s.content", dump_name ); + (void)snprintf( buffer, sizeof(buffer), "%s.content", dump_name ); tst_file = fopen( buffer, "w" ); if ( tst_file != NULL ) { @@ -1194,7 +1194,7 @@ xmlIOHTTPCloseWrite( void * context, const char * http_mthd ) { fclose( tst_file ); } - (void)sprintf( buffer, "%s.reply", dump_name ); + (void)snprintf( buffer, sizeof(buffer), "%s.reply", dump_name ); tst_file = fopen( buffer, "w" ); if ( tst_file != NULL ) { xmlGenericError( xmlGenericErrorContext, |