Didn't have the time to patch the whole thing. But a first few lines of the patch would read as attached to this mail - and obviousy would need an review as everybody gets this kind of thing wrong.
I'm not sure if all the strings we sprintf'ed into actually had the right length to accomodate the '\0' that ends the string, though... Kind regards, Gunter. -- A list of frequently asked questions is available at: http://wiki.panotools.org/Hugin_FAQ --- You received this message because you are subscribed to the Google Groups "hugin and other free panoramic software" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/hugin-ptx/fe10e8e0-377a-f722-ac04-5a49fc2af315%40gmail.com. For more options, visit https://groups.google.com/d/optout.
diff libpano13-2.9.19/adjust.c libpano13-2.9.19-snprintf/adjust.c
419c419,420
< newscript = (char*) malloc( strlen(script) + NUMPTS * 60 ); // One line per pair of points
---
> size_t newscriptlen = strlen(script) + NUMPTS * 60;
> newscript = (char*) malloc( newscriptlen + 1 ); // One line per pair of points
421a423
> newscript[newscriptlen] = '\0';
426c428
< sprintf( newscript, "%s\n%s", script, cdesc );
---
> snprintf( newscript, newscriptlen, "%s\n%s", script, cdesc );
2173,2174c2175,2176
<
< sprintf( message,"Strategy %d\nAverage (rms) distance between Controlpoints \nafter %d iteration(s): %25.15g units", getFcnPanoNperCP(), numIt,result);//average);
---
> message[255] = '\0';
> snprintf( message, 255, "Strategy %d\nAverage (rms) distance between Controlpoints \nafter %d iteration(s): %25.15g units", getFcnPanoNperCP(), numIt,result);//average);
2935c2937
<
---
> line[79] = '\0';
2940c2942
< sprintf( line, "c n%d N%d x%lf y%lf X%lf Y%lf\n", cp[i].num[0], cp[i].num[1],
---
> snprintf( line, 79, "c n%d N%d x%lf y%lf X%lf Y%lf\n", cp[i].num[0], cp[i].num[1],
diff libpano13-2.9.19/correct.c libpano13-2.9.19-snprintf/correct.c
748,749c748,750
< {
< sprintf( percent, "%d", (int) (xul * 100)/(dx>0?dx:1));
---
> {
> percent[7] = '\0';
> snprintf( percent, 7, "%d", (int) (xul * 100)/(dx>0?dx:1));
diff libpano13-2.9.19/file.c libpano13-2.9.19-snprintf/file.c
1408c1408,1409
< sprintf(msg,"width=%d, height=%d, top = %d, bottom = %d, left = %d, right = %d\n",
---
> msg[999] = '\0';
> snprintf(msg, 999, "width=%d, height=%d, top = %d, bottom = %d, left = %d, right = %d\n",
1724,1725c1725,1726
<
< sprintf( &(sLayerName[1]), "%03d", numLayers+1 );
---
> sLayerName[4] = '\n';
> snprintf( &(sLayerName[1]), 4, "%03d", numLayers+1 );
1887c1888,1889
< sprintf(tempString, "%d", 100 / numberImages);
---
> tempString[127] = '\0';
> snprintf(tempString, 127, "%d", 100 / numberImages);
2077,2078c2079,2081
<
< sprintf(&(sLayerName[1]), "%03d", (i+1)%1000 );
---
>
> sLayerName[4] = '\0';
> snprintf(&(sLayerName[1]), 3, "%03d", (i+1)%1000 );
2087c2090
< sprintf(tempString, "%d", i * 100 / numberImages);
---
> snprintf(tempString, 127, "%d", i * 100 / numberImages);
2235c2238
< sprintf( &(sLayerName[1]), "%03d", i+1 );
---
> snprintf( &(sLayerName[1]), 3, "%03d", i+1 );
2807c2810
< char fname[40];
---
> char fname[40];fname[39] = '\0';
2820c2823
< sprintf(fname, "_PTStitcher_tmp_%06d", nTry);
---
> snprintf(fname, 39, "_PTStitcher_tmp_%06d", nTry);
2899c2902
< char outputFilename[MAX_PATH_LENGTH];
---
> char outputFilename[MAX_PATH_LENGTH];outputFilename[MAX_PATH_LENGTH-1] = '\0';
2915c2918
< sprintf( outputFilename, outputPrefix, i );
---
> snprintf( outputFilename, MAX_PATH_LENGTH-1, outputPrefix, i );
diff libpano13-2.9.19/filter.c libpano13-2.9.19-snprintf/filter.c
385,386c385,387
< {
< sprintf( percent, "%d", (int) ((y * 100)/ TrPtr->dest->height));
---
> {
> percent[7] = '\0';
> snprintf( percent, 7, "%d", (int) ((y * 100)/ TrPtr->dest->height));
diff libpano13-2.9.19/optimize.c libpano13-2.9.19-snprintf/optimize.c
97c97
< char msgx[200];
---
> char msgx[200];msgx[199] = '\0';
99c99
< sprintf (msgx,"You have too few control points (%d) or too many parameters (%d). Strange values may result!",o->numData,LM.n);
---
> snprintf (msgx,199,"You have too few control points (%d) or too many parameters (%d). Strange values may result!",o->numData,LM.n);
diff libpano13-2.9.19/ppm.c libpano13-2.9.19-snprintf/ppm.c
198c198
< char header[30];
---
> char header[30]; header[29] = '\0';
230c230
< sprintf(header, "P6\n%d %d\n%ld\n", im->width,
---
> snprintf(header, 29, "P6\n%d %d\n%ld\n", im->width,
pEpkey.asc
Description: application/pgp-keys
