You're right, so I modified to use asprintf(3) to handle the indeterminate
buffer size.
And there would be exit the process if overflow.


diff --git a/src/hyper/spadint.c b/src/hyper/spadint.c
index fb031fc..771047d 100644
--- a/src/hyper/spadint.c
+++ b/src/hyper/spadint.c
@@ -39,6 +39,9 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
 #include "debug.h"

 #include <signal.h>
+#include <limits.h>
+#include <error.h>
+#include <stdlib.h>

 #include "hyper.h"
 #include "parse.h"
@@ -182,18 +185,20 @@ mark_as_executed(HyperDocPage *page, TextNode
*command,int type)
 static void
 start_user_buffer(HyperDocPage *page)
 {
-    char buf[1024], *title;
+    char *buf, *title;
     char *SPAD;
-    char spadbuf[250];
-    char complfile[250];
+    char spadbuf[PATH_MAX];
+    char complfile[PATH_MAX];
     int ret_val;

     SPAD = (char *) getenv("AXIOM");
-    if (SPAD == NULL) {
-        sprintf(SPAD, "/spad/mnt/rios");
+    snprintf(spadbuf, sizeof(spadbuf), "%s/lib/spadbuf", SPAD);
+    if(access(spadbuf, R_OK) == -1)
+    {
+      perror("spadbuf access err");
+      exit(-1);
     }
-    sprintf(spadbuf, "%s/lib/spadbuf", SPAD);
-    sprintf(complfile, "%s/lib/command.list", SPAD);
+    snprintf(complfile, sizeof(complfile), "%s/lib/command.list", SPAD);
     title = print_to_string(page->title);
     if (access(complfile, R_OK) == 0)

@@ -201,11 +206,11 @@ start_user_buffer(HyperDocPage *page)
          * TTT says : why not invoke with "-name fricasclient" and set any
          * defaults in the usual way
          */
-        sprintf(buf,
+        asprintf(&buf,
         "xterm -sb -sl 500 -name fricasclient -n '%s' -T '%s' -e  %s %s
%s&",
                 title, title, spadbuf, page->name, complfile);
     else
-        sprintf(buf,
+    asprintf(&buf,
          "xterm -sb -sl 500 -name fricasclient -n '%s' -T '%s' -e  %s
'%s'&",
                 title, title, spadbuf, page->name);
     ret_val = system(buf);
@@ -215,6 +220,7 @@ start_user_buffer(HyperDocPage *page)
          * perror("running the xterm spadbuf program"); exit(-1);
          */
     }
+    free(buf);
     accept_menu_server_connection(page);
     sleep(2);
 }

On Fri, Jul 13, 2018 at 1:48 AM, Waldek Hebisch <hebi...@math.uni.wroc.pl>
wrote:

>
> Frankly, this does not look like a right fix.  AFAICS you are picking
> BUFSIZE from system headers -- this is not improvement over
> using fixed max value.  Using PATH_MAX helps, but in case
> of overflow snprintf truncate value, so further attempts to
> use result will produce nonsense.  So overflow should be
> fatal error.
>
> --
>                               Waldek Hebisch
>
> --
> You received this message because you are subscribed to the Google Groups
> "FriCAS - computer algebra system" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to fricas-devel+unsubscr...@googlegroups.com.
> To post to this group, send email to fricas-devel@googlegroups.com.
> Visit this group at https://groups.google.com/group/fricas-devel.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"FriCAS - computer algebra system" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to fricas-devel+unsubscr...@googlegroups.com.
To post to this group, send email to fricas-devel@googlegroups.com.
Visit this group at https://groups.google.com/group/fricas-devel.
For more options, visit https://groups.google.com/d/optout.

Reply via email to