Ahoi, For a long time i send a update for misc/dvtm. This is a new patch[1] without ugly snprintf patches or etc.
# $Id: UPDATE,v 1.3 2013/08/28 11:10:04 dhn Exp $ 2013-08-28 Dennis Herrmann <[email protected]> * Update to 0.9 * Update/Remove some patches - Update: patches/patch-vt_c - Remove: patches/patch-dvtm_c [1] https://github.com/jasperla/openbsd-wip/tree/master/misc/dvtm 2012/12/12 Dennis Herrmann <[email protected]> > Stuart Henderson writes: > > On 2012/12/04 22:38, Dennis Herrmann wrote: > > > [03] "warning: sprintf() is often misused, please use snprintf()" > > > > We're not patching these in ports unless there's a serious > > bug - feeding this type of fix upstream is usually the best course > > of action....however > > > > > + static void send_curs(Vt *t) > > > + { > > > + char keyseq[16]; > > > +- sprintf(keyseq, "\e[%d;%dR", (int)(t->curs_row - t->lines), > t->curs_col); > > > ++ printf(keyseq, "\e[%d;%dR", (int)(t->curs_row - t->lines), > t->curs_col); > > > + vt_write(t, keyseq, strlen(keyseq)); > > > + } > > > + > > > > in this case the patch is bogus, the intent is to print to a string, > > it should either be changed to snprintf with a size limit, (and check > > the return code to avoid possibly not terminating the escape sequence > > properly if the string does get truncated), or (as there is a finite > > maximum length the %d can expand to) use a buffer large enough to > > hold the longest possible output of the sprintf. > > > > I change the patch a little bit, I hope it looks better? > > + static void send_curs(Vt *t) > + { > + char keyseq[16]; > +- sprintf(keyseq, "\e[%d;%dR", (int)(t->curs_row - t->lines), > t->curs_col); > ++ snprintf(keyseq, sizeof(keyseq), "\e[%d;%dR", (int)(t->curs_row - > t->lines), t->curs_col); > + vt_write(t, keyseq, strlen(keyseq)); > + } > > /dhn >
dvtm_update-0.9.diff
Description: Binary data
