diff options
| author | Aleksey Sanin <aleksey@src.gnome.org> | 2002-06-14 17:07:10 +0000 |
|---|---|---|
| committer | Aleksey Sanin <aleksey@src.gnome.org> | 2002-06-14 17:07:10 +0000 |
| commit | 49cc97565fbe2928388a1e437c44429097a504ae (patch) | |
| tree | e96c37456485dd61090411351595f4fb820c73b0 /xpath.c | |
| parent | e059b891efee0c1834c8a02358eb57cca6587177 (diff) | |
| download | android_external_libxml2-49cc97565fbe2928388a1e437c44429097a504ae.tar.gz android_external_libxml2-49cc97565fbe2928388a1e437c44429097a504ae.tar.bz2 android_external_libxml2-49cc97565fbe2928388a1e437c44429097a504ae.zip | |
replaced sprintf() with snprintf() to prevent possible buffer overflow
* DOCBparser.c HTMLparser.c debugXML.c encoding.c
nanoftp.c nanohttp.c parser.c tree.c uri.c xmlIO.c
xmllint.c xpath.c: replaced sprintf() with snprintf()
to prevent possible buffer overflow (the bug was pointed
out by Anju Premachandran)
Diffstat (limited to 'xpath.c')
| -rw-r--r-- | xpath.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -1135,18 +1135,18 @@ xmlXPathFormatNumber(double number, char buffer[], int buffersize) switch (xmlXPathIsInf(number)) { case 1: if (buffersize > (int)sizeof("Infinity")) - sprintf(buffer, "Infinity"); + snprintf(buffer, buffersize, "Infinity"); break; case -1: if (buffersize > (int)sizeof("-Infinity")) - sprintf(buffer, "-Infinity"); + snprintf(buffer, buffersize, "-Infinity"); break; default: if (xmlXPathIsNaN(number)) { if (buffersize > (int)sizeof("NaN")) - sprintf(buffer, "NaN"); + snprintf(buffer, buffersize, "NaN"); } else if (number == 0 && xmlXPathGetSign(number) != 0) { - sprintf(buffer, "0"); + snprintf(buffer, buffersize, "0"); } else if (number == ((int) number)) { char work[30]; char *ptr, *cur; |