From d5694e46233aa7173134fc3952b5f25a7e0b0f58 Mon Sep 17 00:00:00 2001 From: Sean McBride Date: Fri, 17 Jun 2022 19:57:11 -0400 Subject: Source: Replace uses of sprintf with safer snprintf --- Source/CursesDialog/cmCursesLongMessageForm.cxx | 2 +- Source/CursesDialog/form/fty_int.c | 2 +- Source/CursesDialog/form/fty_num.c | 2 +- Source/cmFindPackageCommand.cxx | 8 ++++---- Source/cmStringCommand.cxx | 3 ++- Source/cmSystemTools.cxx | 2 +- Tests/LoadCommand/CMakeCommands/cmTestCommand.c | 17 ++++++++++------- .../LoadCommandOneConfig/CMakeCommands/cmTestCommand.c | 17 ++++++++++------- 8 files changed, 30 insertions(+), 23 deletions(-) diff --git a/Source/CursesDialog/cmCursesLongMessageForm.cxx b/Source/CursesDialog/cmCursesLongMessageForm.cxx index 8a7bb86..73e3f3c 100644 --- a/Source/CursesDialog/cmCursesLongMessageForm.cxx +++ b/Source/CursesDialog/cmCursesLongMessageForm.cxx @@ -84,7 +84,7 @@ void cmCursesLongMessageForm::UpdateStatusBar() for (size_t i = 0; i < sideSpace; i++) { version[i] = ' '; } - sprintf(version + sideSpace, "%s", vertmp); + snprintf(version + sideSpace, sizeof(version) - sideSpace, "%s", vertmp); version[width] = '\0'; char fmt_s[] = "%s"; diff --git a/Source/CursesDialog/form/fty_int.c b/Source/CursesDialog/form/fty_int.c index 7107fcc..7aeb4b8 100644 --- a/Source/CursesDialog/form/fty_int.c +++ b/Source/CursesDialog/form/fty_int.c @@ -117,7 +117,7 @@ static bool Check_Integer_Field(FIELD * field, const void * argp) { if (valhigh) return FALSE; } - sprintf(buf,"%.*ld",(prec>0?prec:0),val); + snprintf(buf,sizeof(buf),"%.*ld",(prec>0?prec:0),val); set_field_buffer(field,0,buf); return TRUE; } diff --git a/Source/CursesDialog/form/fty_num.c b/Source/CursesDialog/form/fty_num.c index 7809599..4109b6f 100644 --- a/Source/CursesDialog/form/fty_num.c +++ b/Source/CursesDialog/form/fty_num.c @@ -140,7 +140,7 @@ static bool Check_Numeric_Field(FIELD * field, const void * argp) { if (valhigh) return FALSE; } - sprintf(buf,"%.*f",(prec>0?prec:0),val); + snprintf(buf,sizeof(buf),"%.*f",(prec>0?prec:0),val); set_field_buffer(field,0,buf); return TRUE; } diff --git a/Source/cmFindPackageCommand.cxx b/Source/cmFindPackageCommand.cxx index 8c6a0aa..4ad9124 100644 --- a/Source/cmFindPackageCommand.cxx +++ b/Source/cmFindPackageCommand.cxx @@ -822,13 +822,13 @@ void cmFindPackageCommand::SetVersionVariables( char buf[64]; snprintf(buf, sizeof(buf), "%u", major); addDefinition(prefix + "_MAJOR", buf); - sprintf(buf, "%u", minor); + snprintf(buf, sizeof(buf), "%u", minor); addDefinition(prefix + "_MINOR", buf); - sprintf(buf, "%u", patch); + snprintf(buf, sizeof(buf), "%u", patch); addDefinition(prefix + "_PATCH", buf); - sprintf(buf, "%u", tweak); + snprintf(buf, sizeof(buf), "%u", tweak); addDefinition(prefix + "_TWEAK", buf); - sprintf(buf, "%u", count); + snprintf(buf, sizeof(buf), "%u", count); addDefinition(prefix + "_COUNT", buf); } diff --git a/Source/cmStringCommand.cxx b/Source/cmStringCommand.cxx index c3ee695..fe311d1 100644 --- a/Source/cmStringCommand.cxx +++ b/Source/cmStringCommand.cxx @@ -143,7 +143,8 @@ bool HandleHexCommand(std::vector const& args, std::string::size_type hexIndex = 0; for (auto const& c : instr) { - sprintf(&output[hexIndex], "%.2x", static_cast(c) & 0xFF); + snprintf(&output[hexIndex], 3, "%.2x", + static_cast(c) & 0xFF); hexIndex += 2; } diff --git a/Source/cmSystemTools.cxx b/Source/cmSystemTools.cxx index 351386a..55b0df8 100644 --- a/Source/cmSystemTools.cxx +++ b/Source/cmSystemTools.cxx @@ -1218,7 +1218,7 @@ std::string cmSystemTools::ComputeCertificateThumbprint( certContext, CERT_HASH_PROP_ID, hashData, &hashLength)) { for (DWORD i = 0; i < hashLength; i++) { // Convert each byte to hexadecimal - sprintf(pHashPrint, "%02X", hashData[i]); + snprintf(pHashPrint, 3, "%02X", hashData[i]); pHashPrint += 2; } *pHashPrint = '\0'; diff --git a/Tests/LoadCommand/CMakeCommands/cmTestCommand.c b/Tests/LoadCommand/CMakeCommands/cmTestCommand.c index af7b092..7176ebe 100644 --- a/Tests/LoadCommand/CMakeCommands/cmTestCommand.c +++ b/Tests/LoadCommand/CMakeCommands/cmTestCommand.c @@ -75,10 +75,10 @@ static int CCONV InitialPass(void* inf, void* mf, int argc, char* argv[]) info->CAPI->DisplaySatus(mf, info->CAPI->GetStartOutputDirectory(mf)); info->CAPI->DisplaySatus(mf, info->CAPI->GetCurrentDirectory(mf)); info->CAPI->DisplaySatus(mf, info->CAPI->GetCurrentOutputDirectory(mf)); - sprintf(buffer, "Cache version: %d.%d, CMake version: %d.%d", - info->CAPI->GetCacheMajorVersion(mf), - info->CAPI->GetCacheMinorVersion(mf), - info->CAPI->GetMajorVersion(mf), info->CAPI->GetMinorVersion(mf)); + snprintf( + buffer, sizeof(buffer), "Cache version: %d.%d, CMake version: %d.%d", + info->CAPI->GetCacheMajorVersion(mf), info->CAPI->GetCacheMinorVersion(mf), + info->CAPI->GetMajorVersion(mf), info->CAPI->GetMinorVersion(mf)); info->CAPI->DisplaySatus(mf, buffer); if (info->CAPI->CommandExists(mf, "SET")) { info->CAPI->DisplaySatus(mf, "Command SET exists"); @@ -91,10 +91,12 @@ static int CCONV InitialPass(void* inf, void* mf, int argc, char* argv[]) source_file = info->CAPI->CreateNewSourceFile(mf); cstr = info->CAPI->SourceFileGetSourceName(source_file); - sprintf(buffer, "Should be empty (source file name): [%s]", cstr); + snprintf(buffer, sizeof(buffer), "Should be empty (source file name): [%s]", + cstr); info->CAPI->DisplaySatus(mf, buffer); cstr = info->CAPI->SourceFileGetFullPath(source_file); - sprintf(buffer, "Should be empty (source file full path): [%s]", cstr); + snprintf(buffer, sizeof(buffer), + "Should be empty (source file full path): [%s]", cstr); info->CAPI->DisplaySatus(mf, buffer); info->CAPI->DefineSourceFileProperty(mf, "SOME_PROPERTY", "unused old prop", "This property is no longer used", 0); @@ -106,7 +108,8 @@ static int CCONV InitialPass(void* inf, void* mf, int argc, char* argv[]) "This property is for testing.", 0); info->CAPI->SourceFileSetProperty(source_file, "SOME_PROPERTY2", "HERE"); cstr = info->CAPI->SourceFileGetProperty(source_file, "ABSTRACT"); - sprintf(buffer, "Should be 0 (source file abstract property): [%p]", cstr); + snprintf(buffer, sizeof(buffer), + "Should be 0 (source file abstract property): [%p]", cstr); info->CAPI->DisplaySatus(mf, buffer); info->CAPI->DestroySourceFile(source_file); diff --git a/Tests/LoadCommandOneConfig/CMakeCommands/cmTestCommand.c b/Tests/LoadCommandOneConfig/CMakeCommands/cmTestCommand.c index af7b092..7176ebe 100644 --- a/Tests/LoadCommandOneConfig/CMakeCommands/cmTestCommand.c +++ b/Tests/LoadCommandOneConfig/CMakeCommands/cmTestCommand.c @@ -75,10 +75,10 @@ static int CCONV InitialPass(void* inf, void* mf, int argc, char* argv[]) info->CAPI->DisplaySatus(mf, info->CAPI->GetStartOutputDirectory(mf)); info->CAPI->DisplaySatus(mf, info->CAPI->GetCurrentDirectory(mf)); info->CAPI->DisplaySatus(mf, info->CAPI->GetCurrentOutputDirectory(mf)); - sprintf(buffer, "Cache version: %d.%d, CMake version: %d.%d", - info->CAPI->GetCacheMajorVersion(mf), - info->CAPI->GetCacheMinorVersion(mf), - info->CAPI->GetMajorVersion(mf), info->CAPI->GetMinorVersion(mf)); + snprintf( + buffer, sizeof(buffer), "Cache version: %d.%d, CMake version: %d.%d", + info->CAPI->GetCacheMajorVersion(mf), info->CAPI->GetCacheMinorVersion(mf), + info->CAPI->GetMajorVersion(mf), info->CAPI->GetMinorVersion(mf)); info->CAPI->DisplaySatus(mf, buffer); if (info->CAPI->CommandExists(mf, "SET")) { info->CAPI->DisplaySatus(mf, "Command SET exists"); @@ -91,10 +91,12 @@ static int CCONV InitialPass(void* inf, void* mf, int argc, char* argv[]) source_file = info->CAPI->CreateNewSourceFile(mf); cstr = info->CAPI->SourceFileGetSourceName(source_file); - sprintf(buffer, "Should be empty (source file name): [%s]", cstr); + snprintf(buffer, sizeof(buffer), "Should be empty (source file name): [%s]", + cstr); info->CAPI->DisplaySatus(mf, buffer); cstr = info->CAPI->SourceFileGetFullPath(source_file); - sprintf(buffer, "Should be empty (source file full path): [%s]", cstr); + snprintf(buffer, sizeof(buffer), + "Should be empty (source file full path): [%s]", cstr); info->CAPI->DisplaySatus(mf, buffer); info->CAPI->DefineSourceFileProperty(mf, "SOME_PROPERTY", "unused old prop", "This property is no longer used", 0); @@ -106,7 +108,8 @@ static int CCONV InitialPass(void* inf, void* mf, int argc, char* argv[]) "This property is for testing.", 0); info->CAPI->SourceFileSetProperty(source_file, "SOME_PROPERTY2", "HERE"); cstr = info->CAPI->SourceFileGetProperty(source_file, "ABSTRACT"); - sprintf(buffer, "Should be 0 (source file abstract property): [%p]", cstr); + snprintf(buffer, sizeof(buffer), + "Should be 0 (source file abstract property): [%p]", cstr); info->CAPI->DisplaySatus(mf, buffer); info->CAPI->DestroySourceFile(source_file); -- cgit v0.12