From 49cc97565fbe2928388a1e437c44429097a504ae Mon Sep 17 00:00:00 2001
From: Aleksey Sanin <aleksey@src.gnome.org>
Date: Fri, 14 Jun 2002 17:07:10 +0000
Subject: replaced sprintf() with snprintf() to prevent possible buffer
 overflow

* DOCBparser.c HTMLparser.c debugXML.c encoding.c
nanoftp.c nanohttp.c parser.c tree.c uri.c xmlIO.c
xmllint.c xpath.c: replaced sprintf() with snprintf()
to prevent possible buffer overflow (the bug was pointed
out by Anju Premachandran)
---
 xpath.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'xpath.c')

diff --git a/xpath.c b/xpath.c
index f4f79b38..8ad2f10b 100644
--- a/xpath.c
+++ b/xpath.c
@@ -1135,18 +1135,18 @@ xmlXPathFormatNumber(double number, char buffer[], int buffersize)
     switch (xmlXPathIsInf(number)) {
     case 1:
 	if (buffersize > (int)sizeof("Infinity"))
-	    sprintf(buffer, "Infinity");
+	    snprintf(buffer, buffersize, "Infinity");
 	break;
     case -1:
 	if (buffersize > (int)sizeof("-Infinity"))
-	    sprintf(buffer, "-Infinity");
+	    snprintf(buffer, buffersize, "-Infinity");
 	break;
     default:
 	if (xmlXPathIsNaN(number)) {
 	    if (buffersize > (int)sizeof("NaN"))
-		sprintf(buffer, "NaN");
+		snprintf(buffer, buffersize, "NaN");
 	} else if (number == 0 && xmlXPathGetSign(number) != 0) {
-	    sprintf(buffer, "0");
+	    snprintf(buffer, buffersize, "0");
 	} else if (number == ((int) number)) {
 	    char work[30];
 	    char *ptr, *cur;
-- 
cgit v1.2.3