This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=72805baa9dd49fee62b757e5225d78d90966c08e commit 72805baa9dd49fee62b757e5225d78d90966c08e Author: Guillem Jover <[email protected]> AuthorDate: Mon Jul 22 21:03:08 2024 +0200 Use snprintf() instead of sprintf() For many of the callers, the current usage is supposed to be safe already, but some could be problematic either due to translated strings being longer than expected, or data types growing in size in the future and taking more output space. Warned-by: gcc on OpenBSD and macOS Changelog: internal --- lib/compat/strerror.c | 2 +- lib/compat/strsignal.c | 2 +- lib/dpkg/buffer.c | 2 +- lib/dpkg/execname.c | 8 ++++---- lib/dpkg/path.c | 2 +- src/deb/build.c | 6 +++--- src/main/enquiry.c | 4 ++-- utils/start-stop-daemon.c | 10 +++++----- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/lib/compat/strerror.c b/lib/compat/strerror.c index e35ffc149..0587e9845 100644 --- a/lib/compat/strerror.c +++ b/lib/compat/strerror.c @@ -42,7 +42,7 @@ strerror(int e) if (e >= 0 && e < sys_nerr) return sys_errlist[e]; - sprintf(buf, _("Unknown error %d"), e); + snprintf(buf, sizeof(buf), _("Unknown error %d"), e); return buf; } diff --git a/lib/compat/strsignal.c b/lib/compat/strsignal.c index 66ed0c39d..1ec189ad9 100644 --- a/lib/compat/strsignal.c +++ b/lib/compat/strsignal.c @@ -70,7 +70,7 @@ strsignal(int s) if (s > 0 && s < COMPAT_NSIGLIST) return sys_siglist[s]; - sprintf(buf, _("Unknown signal %d"), s); + snprintf(buf, sizeof(buf), _("Unknown signal %d"), s); return buf; } diff --git a/lib/dpkg/buffer.c b/lib/dpkg/buffer.c index 3d4ed9e6a..42c7f3f5f 100644 --- a/lib/dpkg/buffer.c +++ b/lib/dpkg/buffer.c @@ -97,7 +97,7 @@ buffer_md5_done(struct buffer_data *data) hash = ctx->hash; MD5Final(digest, &ctx->ctx); for (i = 0; i < 16; ++i) { - sprintf(hash, "%02x", *p++); + snprintf(hash, 3, "%02x", *p++); hash += 2; } *hash = '\0'; diff --git a/lib/dpkg/execname.c b/lib/dpkg/execname.c index 44044aac5..e97835815 100644 --- a/lib/dpkg/execname.c +++ b/lib/dpkg/execname.c @@ -59,7 +59,7 @@ proc_get_psinfo(pid_t pid, struct psinfo *psinfo) char filename[64]; FILE *fp; - sprintf(filename, "/proc/%d/psinfo", pid); + snprintf(filename, sizeof(filename), "/proc/%d/psinfo", pid); fp = fopen(filename, "r"); if (!fp) return false; @@ -95,7 +95,7 @@ dpkg_get_pid_execname(pid_t pid) char lcontents[_POSIX_PATH_MAX + 1]; int nread; - sprintf(lname, "/proc/%d/exe", pid); + snprintf(lname, sizeof(lname), "/proc/%d/exe", pid); nread = readlink(lname, lcontents, sizeof(lcontents) - 1); if (nread == -1) return NULL; @@ -140,7 +140,7 @@ dpkg_get_pid_execname(pid_t pid) char filename[64]; struct varbuf vb = VARBUF_INIT; - sprintf(filename, "/proc/%d/execname", pid); + snprintf(filename, sizeof(filename), "/proc/%d/execname", pid); if (file_slurp(filename, &vb, NULL) < 0) return NULL; @@ -156,7 +156,7 @@ dpkg_get_pid_execname(pid_t pid) char filename[64]; struct psinfo psi; - sprintf(filename, "/proc/%d/psinfo", pid); + snprintf(filename, sizeof(filename), "/proc/%d/psinfo", pid); if (!proc_get_psinfo(pid, &psi)) return NULL; diff --git a/lib/dpkg/path.c b/lib/dpkg/path.c index d7b20d633..635543df5 100644 --- a/lib/dpkg/path.c +++ b/lib/dpkg/path.c @@ -157,7 +157,7 @@ path_quote_filename(char *dst, const char *src, size_t n) if (size <= 0) break; - sprintf(dst, "\\%03o", + snprintf(dst, 5, "\\%03o", *(const unsigned char *)src); dst += 4; src++; diff --git a/src/deb/build.c b/src/deb/build.c index 373967238..fbf6f75e0 100644 --- a/src/deb/build.c +++ b/src/deb/build.c @@ -653,7 +653,7 @@ do_build(const char *const *argv) if (fstat(gzfd, &controlstab)) ohshite(_("failed to stat temporary file (%s)"), _("control member")); - sprintf(versionbuf, "%-8s\n%jd\n", OLDARCHIVEVERSION, + snprintf(versionbuf, sizeof(versionbuf), "%-8s\n%jd\n", OLDARCHIVEVERSION, (intmax_t)controlstab.st_size); if (fd_write(ar->fd, versionbuf, strlen(versionbuf)) < 0) ohshite(_("error writing '%s'"), debar); @@ -664,7 +664,7 @@ do_build(const char *const *argv) const char deb_magic[] = ARCHIVEVERSION "\n"; char adminmember[16 + 1]; - sprintf(adminmember, "%s%s", ADMINMEMBER, + snprintf(adminmember, sizeof(adminmember), "%s%s", ADMINMEMBER, compressor_get_extension(control_compress_params.type)); dpkg_ar_put_magic(ar); @@ -708,7 +708,7 @@ do_build(const char *const *argv) if (deb_format.major == 2) { char datamember[16 + 1]; - sprintf(datamember, "%s%s", DATAMEMBER, + snprintf(datamember, sizeof(datamember), "%s%s", DATAMEMBER, compressor_get_extension(compress_params.type)); if (lseek(gzfd, 0, SEEK_SET)) diff --git a/src/main/enquiry.c b/src/main/enquiry.c index 13dc8c01a..ddd11abe3 100644 --- a/src/main/enquiry.c +++ b/src/main/enquiry.c @@ -319,7 +319,7 @@ unpackchk(const char *const *argv) pkg_hash_iter_free(iter); } else if (sects <= 12) { for (se= sectionentries; se; se= se->next) { - sprintf(buf,"%d",se->count); + snprintf(buf, sizeof(buf), "%d", se->count); printf(_(" %d in %s: "),se->count,se->name); width= 70-strlen(se->name)-strlen(buf); while (width > 59) { putchar(' '); width--; } @@ -344,7 +344,7 @@ unpackchk(const char *const *argv) totalcount); width= 0; for (se= sectionentries; se; se= se->next) { - sprintf(buf,"%d",se->count); + snprintf(buf, sizeof(buf), "%d", se->count); width -= (6 + strlen(se->name) + strlen(buf)); if (width < 0) { putchar('\n'); width= 73 - strlen(se->name) - strlen(buf); } printf(" %s (%d)",se->name,se->count); diff --git a/utils/start-stop-daemon.c b/utils/start-stop-daemon.c index d11ad2930..3511938c8 100644 --- a/utils/start-stop-daemon.c +++ b/utils/start-stop-daemon.c @@ -1620,7 +1620,7 @@ proc_status_field(pid_t pid, const char *field) ssize_t line_len; size_t field_len = strlen(field); - sprintf(filename, "/proc/%d/status", pid); + snprintf(filename, sizeof(filename), "/proc/%d/status", pid); fp = fopen(filename, "r"); if (!fp) return NULL; @@ -1646,7 +1646,7 @@ proc_get_psinfo(pid_t pid, struct psinfo *psinfo) char filename[64]; FILE *fp; - sprintf(filename, "/proc/%d/psinfo", pid); + snprintf(filename, sizeof(filename), "/proc/%d/psinfo", pid); fp = fopen(filename, "r"); if (!fp) return false; @@ -1749,7 +1749,7 @@ pid_is_exec(pid_t pid, const struct stat *esb) int nread; struct stat sb; - sprintf(lname, "/proc/%d/exe", pid); + snprintf(lname, sizeof(lname), "/proc/%d/exe", pid); nread = readlink(lname, lcontents, sizeof(lcontents) - 1); if (nread < 0) return false; @@ -1777,7 +1777,7 @@ pid_is_exec(pid_t pid, const struct stat *esb) struct stat sb; char filename[64]; - sprintf(filename, "/proc/%d/object/a.out", pid); + snprintf(filename, sizeof(filename), "/proc/%d/object/a.out", pid); if (stat(filename, &sb) != 0) return false; @@ -2047,7 +2047,7 @@ pid_is_user(pid_t pid, uid_t uid) struct stat sb; char buf[32]; - sprintf(buf, "/proc/%d", pid); + snprintf(buf, sizeof(buf), "/proc/%d", pid); if (stat(buf, &sb) != 0) return false; return (sb.st_uid == uid); -- Dpkg.Org's dpkg
