diff --git a/src/calendar.c b/src/calendar.c index 2286f265..46e036b4 100644 --- a/src/calendar.c +++ b/src/calendar.c @@ -499,7 +499,7 @@ get_month_abbrev(char const *mon) { static char buf[80]; #ifndef REM_USE_WCHAR - sprintf(buf, "%.3s", mon); + snprintf(buf, sizeof(buf), "%.3s", mon); return buf; #else char *s; @@ -626,9 +626,9 @@ Colorize256(int r, int g, int b, int bg, int clamp) } } if (bg) { - sprintf(buf, "\x1B[48;5;%dm", best); + snprintf(buf, sizeof(buf), "\x1B[48;5;%dm", best); } else { - sprintf(buf, "\x1B[38;5;%dm", best); + snprintf(buf, sizeof(buf), "\x1B[38;5;%dm", best); } return buf; } @@ -641,9 +641,9 @@ ColorizeTrue(int r, int g, int b, int bg, int clamp) ClampColor(&r, &g, &b); } if (bg) { - sprintf(buf, "\x1B[48;2;%d;%d;%dm", r, g, b); + snprintf(buf, sizeof(buf), "\x1B[48;2;%d;%d;%dm", r, g, b); } else { - sprintf(buf, "\x1B[38;2;%d;%d;%dm", r, g, b); + snprintf(buf, sizeof(buf), "\x1B[38;2;%d;%d;%dm", r, g, b); } return buf; } @@ -1812,7 +1812,7 @@ static void WriteCalHeader(void) int y, m, d; FromDSE(DSEToday, &y, &m, &d); - sprintf(buf, "%s %d", get_month_name(m), y); + snprintf(buf, sizeof(buf), "%s %d", get_month_name(m), y); WriteTopCalLine(); @@ -2016,7 +2016,7 @@ static int DoCalRem(ParsePtr p, int col) trig.typ == MSF_TYPE) { if (PsCal && is_color) { char cbuf[24]; - sprintf(cbuf, "%d %d %d ", col_r, col_g, col_b); + snprintf(cbuf, sizeof(cbuf), "%d %d %d ", col_r, col_g, col_b); DBufPuts(&pre_buf, cbuf); strcpy(trig.passthru, "COLOR"); /* Don't change trig.typ or next if() will trigger! */ @@ -2149,7 +2149,7 @@ static int DoCalRem(ParsePtr p, int col) if (trig.typ != PASSTHRU_TYPE && UserFuncExists("calprefix")==1) { char evalBuf[64]; - sprintf(evalBuf, "calprefix(%d)", trig.priority); + snprintf(evalBuf, sizeof(evalBuf), "calprefix(%d)", trig.priority); s2 = evalBuf; r = EvalExpr(&s2, &v, NULL); if (!r) { @@ -2192,7 +2192,7 @@ static int DoCalRem(ParsePtr p, int col) if (trig.typ != PASSTHRU_TYPE && UserFuncExists("calsuffix")==1) { char evalBuf[64]; - sprintf(evalBuf, "calsuffix(%d)", trig.priority); + snprintf(evalBuf, sizeof(evalBuf), "calsuffix(%d)", trig.priority); s2 = evalBuf; r = EvalExpr(&s2, &v, NULL); if (!r) { @@ -2736,7 +2736,7 @@ CalendarTime(int tim, int duration) else hh2 = h2; if (days) { - sprintf(daybuf, "+%d", days); + snprintf(daybuf, sizeof(daybuf), "+%d", days); } else { daybuf[0] = 0; } @@ -2759,12 +2759,12 @@ CalendarTime(int tim, int duration) switch(ScFormat) { case SC_AMPM: - sprintf(buf, "%d%c%02d%s-%d%c%02d%s%s ", + snprintf(buf, sizeof(buf), "%d%c%02d%s-%d%c%02d%s%s ", hh, TimeSep, min, ampm1, hh2, TimeSep, min2, ampm2, daybuf); break; case SC_MIL: - sprintf(buf, "%02d%c%02d-%02d%c%02d%s ", + snprintf(buf, sizeof(buf), "%02d%c%02d-%02d%c%02d%s ", h, TimeSep, min, h2, TimeSep, min2, daybuf); break; } @@ -2796,7 +2796,7 @@ char const *SimpleTime(int tim) if (h == 0) hh=12; else if (h > 12) hh=h-12; else hh=h; - sprintf(buf, "%d%c%02d%.64s ", hh, TimeSep, min, (h>=12) ? tr("pm") : tr("am")); + snprintf(buf, sizeof(buf), "%d%c%02d%.64s ", hh, TimeSep, min, (h>=12) ? tr("pm") : tr("am")); } break; @@ -2804,7 +2804,7 @@ char const *SimpleTime(int tim) if (tim != NO_TIME) { h = tim / 60; min = tim % 60; - sprintf(buf, "%02d%c%02d ", h, TimeSep, min); + snprintf(buf, sizeof(buf), "%02d%c%02d ", h, TimeSep, min); } break; } @@ -2856,7 +2856,7 @@ char const *SynthesizeTag(void) MD5Init(&ctx); MD5Update(&ctx, (unsigned char *) CurLine, strlen(CurLine)); MD5Final(buf, &ctx); - sprintf(out, "__syn__%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", + snprintf(out, sizeof(out), "__syn__%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", (unsigned int) buf[0], (unsigned int) buf[1], (unsigned int) buf[2], (unsigned int) buf[3], (unsigned int) buf[4], (unsigned int) buf[5], diff --git a/src/dorem.c b/src/dorem.c index 1ce6a9aa..2dfacb61 100644 --- a/src/dorem.c +++ b/src/dorem.c @@ -1180,7 +1180,7 @@ int TriggerReminder(ParsePtr p, Trigger *t, TimeTrig *tim, int dse, int is_queue return OK; } FromDSE(dse, &y, &m, &d); - sprintf(tmpBuf, "%04d/%02d/%02d ", y, m+1, d); + snprintf(tmpBuf, sizeof(tmpBuf), "%04d/%02d/%02d ", y, m+1, d); if (DBufPuts(&calRow, tmpBuf) != OK) { DBufFree(&calRow); DBufFree(&pre_buf); @@ -1201,9 +1201,9 @@ int TriggerReminder(ParsePtr p, Trigger *t, TimeTrig *tim, int dse, int is_queue DBufPuts(&calRow, "* "); } if (tim->duration != NO_TIME) { - sprintf(tmpBuf, "%d ", tim->duration); + snprintf(tmpBuf, sizeof(tmpBuf), "%d ", tim->duration); } else { - sprintf(tmpBuf, "* "); + snprintf(tmpBuf, sizeof(tmpBuf), "* "); } if (DBufPuts(&calRow, tmpBuf) != OK) { DBufFree(&calRow); @@ -1211,9 +1211,9 @@ int TriggerReminder(ParsePtr p, Trigger *t, TimeTrig *tim, int dse, int is_queue return E_NO_MEM; } if (tim->ttime != NO_TIME) { - sprintf(tmpBuf, "%d ", tim->ttime); + snprintf(tmpBuf, sizeof(tmpBuf), "%d ", tim->ttime); } else { - sprintf(tmpBuf, "* "); + snprintf(tmpBuf, sizeof(tmpBuf), "* "); } if (DBufPuts(&calRow, tmpBuf) != OK) { DBufFree(&calRow); @@ -1263,7 +1263,7 @@ int TriggerReminder(ParsePtr p, Trigger *t, TimeTrig *tim, int dse, int is_queue /* Don't use msgprefix() on RUN-type reminders */ if (t->typ != RUN_TYPE) { if (UserFuncExists("msgprefix") == 1) { - sprintf(PrioExpr, "msgprefix(%d)", t->priority); + snprintf(PrioExpr, sizeof(PrioExpr), "msgprefix(%d)", t->priority); s = PrioExpr; r = EvalExpr(&s, &v, NULL); if (!r) { @@ -1289,7 +1289,7 @@ int TriggerReminder(ParsePtr p, Trigger *t, TimeTrig *tim, int dse, int is_queue if (t->typ != RUN_TYPE) { if (UserFuncExists("msgsuffix") == 1) { - sprintf(PrioExpr, "msgsuffix(%d)", t->priority); + snprintf(PrioExpr, sizeof(PrioExpr), "msgsuffix(%d)", t->priority); s = PrioExpr; r = EvalExpr(&s, &v, NULL); if (!r) { @@ -1694,7 +1694,7 @@ static int ShouldTriggerBasedOnWarn(Trigger *t, int dse, int *err) return (dse == DSEToday); } for (i=1; ; i++) { - sprintf(buffer, "%s(%d)", t->warn, i); + snprintf(buffer, sizeof(buffer), "%s(%d)", t->warn, i); s = buffer; r = EvalExpr(&s, &v, NULL); if (r) { diff --git a/src/expr.c b/src/expr.c index 5e23addc..fec822a8 100644 --- a/src/expr.c +++ b/src/expr.c @@ -3014,12 +3014,12 @@ int DoCoerce(char type, Value *v) } case STR_TYPE: switch(v->type) { - case INT_TYPE: sprintf(coerce_buf, "%d", v->v.val); break; - case TIME_TYPE: sprintf(coerce_buf, "%02d%c%02d", v->v.val / 60, + case INT_TYPE: snprintf(coerce_buf, sizeof(coerce_buf), "%d", v->v.val); break; + case TIME_TYPE: snprintf(coerce_buf, sizeof(coerce_buf), "%02d%c%02d", v->v.val / 60, TimeSep, v->v.val % 60); break; case DATE_TYPE: FromDSE(v->v.val, &y, &m, &d); - sprintf(coerce_buf, "%04d%c%02d%c%02d", + snprintf(coerce_buf, sizeof(coerce_buf), "%04d%c%02d%c%02d", y, DateSep, m+1, DateSep, d); break; case DATETIME_TYPE: @@ -3028,7 +3028,7 @@ int DoCoerce(char type, Value *v) k = v->v.val % MINUTES_PER_DAY; h = k / 60; i = k % 60; - sprintf(coerce_buf, "%04d%c%02d%c%02d%c%02d%c%02d", + snprintf(coerce_buf, sizeof(coerce_buf), "%04d%c%02d%c%02d%c%02d%c%02d", y, DateSep, m+1, DateSep, d, DateTimeSep, h, TimeSep, i); break; default: return E_CANT_COERCE; diff --git a/src/funcs.c b/src/funcs.c index 0076f637..8ccde36f 100644 --- a/src/funcs.c +++ b/src/funcs.c @@ -1076,7 +1076,7 @@ static int FOrd(func_info *info) if (u == 1 && t != 11) s = "st"; if (u == 2 && t != 12) s = "nd"; if (u == 3 && t != 13) s = "rd"; - sprintf(buf, "%d%s", v, s); + snprintf(buf, sizeof(buf), "%d%s", v, s); return RetStrVal(buf, info); } @@ -1828,10 +1828,10 @@ static int FTrigger(func_info *info) FromDSE(date, &y, &m, &d); if (tim != NO_TIME) { - sprintf(buf, "%d %s %d AT %02d:%02d", d, MonthName[m], y, + snprintf(buf, sizeof(buf), "%d %s %d AT %02d:%02d", d, MonthName[m], y, tim/60, tim%60); } else { - sprintf(buf, "%d %s %d", d, MonthName[m], y); + snprintf(buf, sizeof(buf), "%d %s %d", d, MonthName[m], y); } return RetStrVal(buf, info); } @@ -3012,6 +3012,7 @@ static int FPsshade(func_info *info) char psbuff[256]; char *s = psbuff; int i; + size_t len = sizeof(psbuff); /* 1 or 3 args */ if (Nargs != 1 && Nargs != 3) return E_2MANY_ARGS; @@ -3027,16 +3028,19 @@ static int FPsshade(func_info *info) Wprint(tr("psshade() is deprecated; use SPECIAL SHADE instead.")); } - sprintf(s, "/_A LineWidth 2 div def "); + snprintf(s, len, "/_A LineWidth 2 div def "); + len -= strlen(s); s += strlen(s); - sprintf(s, "_A _A moveto "); + snprintf(s, len, "_A _A moveto "); + len -= strlen(s); s += strlen(s); - sprintf(s, "BoxWidth _A sub _A lineto BoxWidth _A sub BoxHeight _A sub lineto "); + snprintf(s, len, "BoxWidth _A sub _A lineto BoxWidth _A sub BoxHeight _A sub lineto "); + len -= strlen(s); s += strlen(s); if (Nargs == 1) { - sprintf(s, "_A BoxHeight _A sub lineto closepath %d 100 div setgray fill 0.0 setgray", ARGV(0)); + snprintf(s, len, "_A BoxHeight _A sub lineto closepath %d 100 div setgray fill 0.0 setgray", ARGV(0)); } else { - sprintf(s, "_A BoxHeight _A sub lineto closepath %d 100 div %d 100 div %d 100 div setrgbcolor fill 0.0 setgray", ARGV(0), ARGV(1), ARGV(2)); + snprintf(s, len, "_A BoxHeight _A sub lineto closepath %d 100 div %d 100 div %d 100 div setrgbcolor fill 0.0 setgray", ARGV(0), ARGV(1), ARGV(2)); } return RetStrVal(psbuff, info); } @@ -3059,6 +3063,7 @@ static int FPsmoon(func_info *info) char const *extra = NULL; int size = -1; int fontsize = -1; + size_t len = sizeof(psbuff); ASSERT_TYPE(0, INT_TYPE); if (ARGV(0) < 0) return E_2LOW; @@ -3082,60 +3087,71 @@ static int FPsmoon(func_info *info) Wprint(tr("psmoon() is deprecated; use SPECIAL MOON instead.")); } if (size > 0) { - sprintf(sizebuf, "%d", size); + snprintf(sizebuf, sizeof(sizebuf), "%d", size); } else { strcpy(sizebuf, "DaySize 2 div"); } if (fontsize > 0) { - sprintf(fontsizebuf, "%d", fontsize); + snprintf(fontsizebuf, sizeof(fontsizebuf), "%d", fontsize); } else { strcpy(fontsizebuf, "EntrySize"); } - sprintf(s, "gsave 0 setgray newpath Border %s add BoxHeight Border sub %s sub", + snprintf(s, len, "gsave 0 setgray newpath Border %s add BoxHeight Border sub %s sub", sizebuf, sizebuf); + len -= strlen(s); s += strlen(s); - sprintf(s, " %s 0 360 arc closepath", sizebuf); + snprintf(s, len, " %s 0 360 arc closepath", sizebuf); + len -= strlen(s); s += strlen(s); switch(ARGV(0)) { case 0: - sprintf(s, " fill"); + snprintf(s, len, " fill"); + len -= strlen(s); s += strlen(s); break; case 2: - sprintf(s, " stroke"); + snprintf(s, len, " stroke"); + len -= strlen(s); s += strlen(s); break; case 1: - sprintf(s, " stroke"); + snprintf(s, len, " stroke"); + len -= strlen(s); s += strlen(s); - sprintf(s, " newpath Border %s add BoxHeight Border sub %s sub", + snprintf(s, len, " newpath Border %s add BoxHeight Border sub %s sub", sizebuf, sizebuf); + len -= strlen(s); s += strlen(s); - sprintf(s, " %s 90 270 arc closepath fill", sizebuf); + snprintf(s, len, " %s 90 270 arc closepath fill", sizebuf); + len -= strlen(s); s += strlen(s); break; default: - sprintf(s, " stroke"); + snprintf(s, len, " stroke"); + len -= strlen(s); s += strlen(s); - sprintf(s, " newpath Border %s add BoxHeight Border sub %s sub", + snprintf(s, len, " newpath Border %s add BoxHeight Border sub %s sub", sizebuf, sizebuf); + len -= strlen(s); s += strlen(s); - sprintf(s, " %s 270 90 arc closepath fill", sizebuf); + snprintf(s, len, " %s 270 90 arc closepath fill", sizebuf); + len -= strlen(s); s += strlen(s); break; } if (extra) { - sprintf(s, " Border %s add %s add Border add BoxHeight border sub %s sub %s sub moveto /EntryFont findfont %s scalefont setfont (%s) show", + snprintf(s, len, " Border %s add %s add Border add BoxHeight border sub %s sub %s sub moveto /EntryFont findfont %s scalefont setfont (%s) show", sizebuf, sizebuf, sizebuf, sizebuf, fontsizebuf, extra); + len -= strlen(s); s += strlen(s); } - sprintf(s, " grestore"); + snprintf(s, len, " grestore"); return RetStrVal(psbuff, info); } @@ -3266,7 +3282,7 @@ static int FDatepart(func_info *info) * used for the timezone stuff! */ static int setenv(char const *varname, char const *val, int overwrite) { - static char tzbuf[256]; + static char tzbuf[128]; if (strcmp(varname, "TZ")) { fprintf(ErrFp, "built-in setenv can only be used with TZ\n"); abort(); @@ -3279,7 +3295,7 @@ static int setenv(char const *varname, char const *val, int overwrite) if (strlen(val) > 250) { return -1; } - sprintf(tzbuf, "%s=%s", varname, val); + snprintf(tzbuf, sizeof(tzbuf), "%s=%s", varname, val); return(putenv(tzbuf)); } #endif @@ -3288,12 +3304,12 @@ static int setenv(char const *varname, char const *val, int overwrite) * used for the timezone stuff! */ static void unsetenv(char const *varname) { - static char tzbuf[8]; + static char tzbuf[128]; if (strcmp(varname, "TZ")) { fprintf(ErrFp, "built-in unsetenv can only be used with TZ\n"); abort(); } - sprintf(tzbuf, "%s", varname); + snprintf(tzbuf, sizeof(tzbuf), "%s", varname); putenv(tzbuf); } #endif diff --git a/src/json.c b/src/json.c index fac6155f..3acee050 100644 --- a/src/json.c +++ b/src/json.c @@ -299,7 +299,7 @@ json_value * json_parse_ex (json_settings * settings, if (flags & flag_string) { if (!b) - { sprintf (error, "Unexpected EOF in string (at %u:%u)", line_and_col); + { snprintf (error, sizeof(error), "Unexpected EOF in string (at %u:%u)", line_and_col); goto e_failed; } @@ -325,7 +325,7 @@ json_value * json_parse_ex (json_settings * settings, (uc_b3 = hex_value (*++ state.ptr)) == 0xFF || (uc_b4 = hex_value (*++ state.ptr)) == 0xFF) { - sprintf (error, "Invalid character value `%c` (at %u:%u)", b, line_and_col); + snprintf (error, sizeof(error), "Invalid character value `%c` (at %u:%u)", b, line_and_col); goto e_failed; } @@ -342,7 +342,7 @@ json_value * json_parse_ex (json_settings * settings, (uc_b3 = hex_value (*++ state.ptr)) == 0xFF || (uc_b4 = hex_value (*++ state.ptr)) == 0xFF) { - sprintf (error, "Invalid character value `%c` (at %u:%u)", b, line_and_col); + snprintf (error, sizeof(error), "Invalid character value `%c` (at %u:%u)", b, line_and_col); goto e_failed; } @@ -472,7 +472,7 @@ json_value * json_parse_ex (json_settings * settings, if (flags & flag_block_comment) { if (!b) - { sprintf (error, "%u:%u: Unexpected EOF in block comment", line_and_col); + { snprintf (error, sizeof(error), "%u:%u: Unexpected EOF in block comment", line_and_col); goto e_failed; } @@ -488,12 +488,12 @@ json_value * json_parse_ex (json_settings * settings, else if (b == '/') { if (! (flags & (flag_seek_value | flag_done)) && top->type != json_object) - { sprintf (error, "%u:%u: Comment not allowed here", line_and_col); + { snprintf (error, sizeof(error), "%u:%u: Comment not allowed here", line_and_col); goto e_failed; } if (++ state.ptr == end) - { sprintf (error, "%u:%u: EOF unexpected", line_and_col); + { snprintf (error, sizeof(error), "%u:%u: EOF unexpected", line_and_col); goto e_failed; } @@ -508,7 +508,7 @@ json_value * json_parse_ex (json_settings * settings, continue; default: - sprintf (error, "%u:%u: Unexpected `%c` in comment opening sequence", line_and_col, b); + snprintf (error, sizeof(error), "%u:%u: Unexpected `%c` in comment opening sequence", line_and_col, b); goto e_failed; }; } @@ -526,7 +526,7 @@ json_value * json_parse_ex (json_settings * settings, default: - sprintf (error, "%u:%u: Trailing garbage: `%c`", + snprintf (error, sizeof(error), "%u:%u: Trailing garbage: `%c`", state.cur_line, state.cur_col, b); goto e_failed; @@ -545,7 +545,7 @@ json_value * json_parse_ex (json_settings * settings, if (top && top->type == json_array) flags = (flags & ~ (flag_need_comma | flag_seek_value)) | flag_next; else - { sprintf (error, "%u:%u: Unexpected ]", line_and_col); + { snprintf (error, sizeof(error), "%u:%u: Unexpected ]", line_and_col); goto e_failed; } @@ -561,7 +561,7 @@ json_value * json_parse_ex (json_settings * settings, } else { - sprintf (error, "%u:%u: Expected , before %c", + snprintf (error, sizeof(error), "%u:%u: Expected , before %c", state.cur_line, state.cur_col, b); goto e_failed; @@ -576,7 +576,7 @@ json_value * json_parse_ex (json_settings * settings, } else { - sprintf (error, "%u:%u: Expected : before %c", + snprintf (error, sizeof(error), "%u:%u: Expected : before %c", state.cur_line, state.cur_col, b); goto e_failed; @@ -702,7 +702,7 @@ json_value * json_parse_ex (json_settings * settings, continue; } else - { sprintf (error, "%u:%u: Unexpected %c when seeking value", line_and_col, b); + { snprintf (error, sizeof(error), "%u:%u: Unexpected %c when seeking value", line_and_col, b); goto e_failed; } }; @@ -722,7 +722,7 @@ json_value * json_parse_ex (json_settings * settings, case '"': if (flags & flag_need_comma) - { sprintf (error, "%u:%u: Expected , before \"", line_and_col); + { snprintf (error, sizeof(error), "%u:%u: Expected , before \"", line_and_col); goto e_failed; } @@ -747,7 +747,7 @@ json_value * json_parse_ex (json_settings * settings, } /* FALLTHROUGH */ default: - sprintf (error, "%u:%u: Unexpected `%c` in object", line_and_col, b); + snprintf (error, sizeof(error), "%u:%u: Unexpected `%c` in object", line_and_col, b); goto e_failed; }; @@ -765,7 +765,7 @@ json_value * json_parse_ex (json_settings * settings, if (! (flags & flag_num_e)) { if (flags & flag_num_zero) - { sprintf (error, "%u:%u: Unexpected `0` before `%c`", line_and_col, b); + { snprintf (error, sizeof(error), "%u:%u: Unexpected `0` before `%c`", line_and_col, b); goto e_failed; } @@ -814,7 +814,7 @@ json_value * json_parse_ex (json_settings * settings, else if (b == '.' && top->type == json_integer) { if (!num_digits) - { sprintf (error, "%u:%u: Expected digit before `.`", line_and_col); + { snprintf (error, sizeof(error), "%u:%u: Expected digit before `.`", line_and_col); goto e_failed; } @@ -831,7 +831,7 @@ json_value * json_parse_ex (json_settings * settings, if (top->type == json_double) { if (!num_digits) - { sprintf (error, "%u:%u: Expected digit after `.`", line_and_col); + { snprintf (error, sizeof(error), "%u:%u: Expected digit after `.`", line_and_col); goto e_failed; } @@ -857,7 +857,7 @@ json_value * json_parse_ex (json_settings * settings, else { if (!num_digits) - { sprintf (error, "%u:%u: Expected digit after `e`", line_and_col); + { snprintf (error, sizeof(error), "%u:%u: Expected digit after `e`", line_and_col); goto e_failed; } @@ -942,7 +942,7 @@ json_value * json_parse_ex (json_settings * settings, e_unknown_value: - sprintf (error, "%u:%u: Unknown value", line_and_col); + snprintf (error, sizeof(error), "%u:%u: Unknown value", line_and_col); goto e_failed; e_alloc_failure: @@ -952,7 +952,7 @@ e_alloc_failure: e_overflow: - sprintf (error, "%u:%u: Too long (caught overflow)", line_and_col); + snprintf (error, sizeof(error), "%u:%u: Too long (caught overflow)", line_and_col); goto e_failed; e_failed: diff --git a/src/omit.c b/src/omit.c index 1f5915f4..ce2755fc 100644 --- a/src/omit.c +++ b/src/omit.c @@ -218,7 +218,7 @@ int IsOmitted(int dse, int localomit, char const *omitfunc, int *omit) Value v; FromDSE(dse, &y, &m, &d); - sprintf(expr, "%s('%04d-%02d-%02d')", + snprintf(expr, sizeof(expr), "%s('%04d-%02d-%02d')", omitfunc, y, m+1, d); s = expr; r = EvalExpr(&s, &v, NULL); diff --git a/src/queue.c b/src/queue.c index 132aa37b..be46b0ff 100644 --- a/src/queue.c +++ b/src/queue.c @@ -702,7 +702,7 @@ static int CalculateNextTimeUsingSched(QueuedRem *q) to be a security hole! */ while(1) { char exprBuf[VAR_NAME_LEN+32]; - sprintf(exprBuf, "%s(%d)", q->sched, q->ntrig); + snprintf(exprBuf, sizeof(exprBuf), "%s(%d)", q->sched, q->ntrig); s = exprBuf; r = EvalExpr(&s, &v, NULL); if (r) { diff --git a/src/rem2ps.c b/src/rem2ps.c index 57f42f53..1033a6e4 100644 --- a/src/rem2ps.c +++ b/src/rem2ps.c @@ -1222,7 +1222,7 @@ int DoQueuedPs(void) if (moonsize < 0) { size = "DaySize 2 div"; } else { - sprintf(buffer, "%d", moonsize); + snprintf(buffer, sizeof(buffer), "%d", moonsize); size = buffer; } @@ -1235,7 +1235,7 @@ int DoQueuedPs(void) if (fontsize < 0) { fsize = "EntrySize"; } else { - sprintf(fbuffer, "%d", fontsize); + snprintf(fbuffer, sizeof(fbuffer), "%d", fontsize); fsize = fbuffer; } printf("/EntryFont findfont %s scalefont setfont (", @@ -1273,7 +1273,7 @@ int DoQueuedPs(void) if (fontsize < 0) { fsize = "EntrySize"; } else { - sprintf(fbuffer, "%d", fontsize); + snprintf(fbuffer, sizeof(fbuffer), "%d", fontsize); fsize = fbuffer; } printf("/EntryFont findfont %s scalefont setfont (", diff --git a/src/sort.c b/src/sort.c index 88fded2f..4bccc454 100644 --- a/src/sort.c +++ b/src/sort.c @@ -183,7 +183,7 @@ static void IssueSortBanner(int dse) if (UserFuncExists("sortbanner") != 1) return; FromDSE(dse, &y, &m, &d); - sprintf(BanExpr, "sortbanner('%04d/%02d/%02d')", y, m+1, d); + snprintf(BanExpr, sizeof(BanExpr), "sortbanner('%04d/%02d/%02d')", y, m+1, d); y = EvalExpr(&s, &v, NULL); if (y) return; if (DoCoerce(STR_TYPE, &v)) return;