Fixes for possible buffer overflows in sprintf() usages.

3 files changed, 4 insertions, 4 deletions

diff --git a/Modules/_testcapimodule.c b/Modules/_testcapimodule.c
index b17a277..01e103b 100644
--- a/Modules/_testcapimodule.c
+++ b/Modules/_testcapimodule.c
@@ -36,7 +36,7 @@ sizeof_error(const char* fatname, const char* typename,
         int expected, int got)
 {
 	char buf[1024];
-	sprintf(buf, "%s #define == %d but sizeof(%s) == %d",
+	sprintf(buf, "%.200s #define == %d but sizeof(%.200s) == %d",
 		fatname, expected, typename, got);
 	PyErr_SetString(TestError, buf);
 	return (PyObject*)NULL;
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index 667bb20..27e7f1a 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -5787,7 +5787,7 @@ static int insertvalues(PyObject *d)
     APIRET    rc;
     ULONG     values[QSV_MAX+1];
     PyObject *v;
-    char     *ver, tmp[10];
+    char     *ver, tmp[50];
 
     Py_BEGIN_ALLOW_THREADS
     rc = DosQuerySysInfo(1, QSV_MAX, &values[1], sizeof(values));
diff --git a/Modules/readline.c b/Modules/readline.c
index aa29a61..d213992 100644
--- a/Modules/readline.c
+++ b/Modules/readline.c
@@ -165,7 +165,7 @@ set_hook(const char * funcname, PyObject **hook_var, PyThreadState **tstate, PyO
 {
 	PyObject *function = Py_None;
 	char buf[80];
-	sprintf(buf, "|O:set_%s", funcname);
+	sprintf(buf, "|O:set_%.50s", funcname);
 	if (!PyArg_ParseTuple(args, buf, &function))
 		return NULL;
 	if (function == Py_None) {
@@ -181,7 +181,7 @@ set_hook(const char * funcname, PyObject **hook_var, PyThreadState **tstate, PyO
 		*tstate = PyThreadState_Get();
 	}
 	else {
-		sprintf(buf, "set_%s(func): argument not callable", funcname);
+		sprintf(buf, "set_%.50s(func): argument not callable", funcname);
 		PyErr_SetString(PyExc_TypeError, buf);
 		return NULL;
 	}