laruence Tue, 09 Aug 2011 12:16:58 +0000
Revision: http://svn.php.net/viewvc?view=revision&revision=314641
Log:
Avoiding strcpy, strcat, sprintf usage to make static analyzer happy
Changed paths:
U php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.c
U php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.ih
U php/php-src/branches/PHP_5_3/ext/standard/crypt.c
U php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c
U php/php-src/branches/PHP_5_3/ext/standard/proc_open.c
U php/php-src/branches/PHP_5_3/ext/standard/user_filters.c
U php/php-src/branches/PHP_5_3/ext/xml/xml.c
U php/php-src/branches/PHP_5_3/main/fopen_wrappers.c
U php/php-src/branches/PHP_5_3/main/streams/filter.c
U php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.c
U php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.ih
U php/php-src/branches/PHP_5_4/ext/standard/crypt.c
U php/php-src/branches/PHP_5_4/ext/standard/http_fopen_wrapper.c
U php/php-src/branches/PHP_5_4/ext/standard/proc_open.c
U php/php-src/branches/PHP_5_4/ext/standard/user_filters.c
U php/php-src/branches/PHP_5_4/ext/xml/xml.c
U php/php-src/branches/PHP_5_4/main/fopen_wrappers.c
U php/php-src/branches/PHP_5_4/main/streams/filter.c
U php/php-src/trunk/ext/ereg/regex/regerror.c
U php/php-src/trunk/ext/ereg/regex/regerror.ih
U php/php-src/trunk/ext/ereg/regex.patch
U php/php-src/trunk/ext/standard/crypt.c
U php/php-src/trunk/ext/standard/http_fopen_wrapper.c
U php/php-src/trunk/ext/standard/proc_open.c
U php/php-src/trunk/ext/standard/user_filters.c
U php/php-src/trunk/ext/xml/xml.c
U php/php-src/trunk/main/fopen_wrappers.c
U php/php-src/trunk/main/streams/filter.c
Modified: php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -74,7 +74,7 @@
char convbuf[50];
if (errcode == REG_ATOI)
- s = regatoi(preg, convbuf);
+ s = regatoi(preg, convbuf, sizeof(convbuf));
else {
for (r = rerrs; r->code >= 0; r++)
if (r->code == target)
@@ -84,7 +84,7 @@
if (r->code >= 0)
(void) strncpy(convbuf, r->name, 50);
else
- sprintf(convbuf, "REG_0x%x", target);
+ snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target);
assert(strlen(convbuf) < sizeof(convbuf));
s = convbuf;
} else
@@ -106,12 +106,13 @@
/*
- regatoi - internal routine to implement REG_ATOI
- == static char *regatoi(const regex_t *preg, char *localbuf);
+ == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
*/
static char *
-regatoi(preg, localbuf)
+regatoi(preg, localbuf, bufsize)
const regex_t *preg;
char *localbuf;
+int bufsize;
{
register const struct rerr *r;
@@ -121,6 +122,6 @@
if (r->code < 0)
return("0");
- sprintf(localbuf, "%d", r->code);
+ snprintf(localbuf, bufsize, "%d", r->code);
return(localbuf);
}
Modified: php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.ih
===================================================================
--- php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.ih 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_3/ext/ereg/regex/regerror.ih 2011-08-09 12:16:58 UTC (rev 314641)
@@ -4,7 +4,7 @@
#endif
/* === regerror.c === */
-static char *regatoi(const regex_t *preg, char *localbuf);
+static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
#ifdef __cplusplus
}
Modified: php/php-src/branches/PHP_5_3/ext/standard/crypt.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/crypt.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_3/ext/standard/crypt.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -170,10 +170,10 @@
/* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */
if (!*salt) {
#if PHP_MD5_CRYPT
- strcpy(salt, "$1$");
+ strncpy(salt, "$1$", PHP_MAX_SALT_LEN);
php_to64(&salt[3], PHP_CRYPT_RAND, 4);
php_to64(&salt[7], PHP_CRYPT_RAND, 4);
- strcpy(&salt[11], "$");
+ strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11);
#elif PHP_STD_DES_CRYPT
php_to64(&salt[0], PHP_CRYPT_RAND, 2);
salt[2] = '\0';
Modified: php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_3/ext/standard/http_fopen_wrapper.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -330,7 +330,7 @@
scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
scratch = emalloc(scratch_len);
strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1);
- strcat(scratch, " ");
+ strncat(scratch, " ", 1);
}
}
}
@@ -344,7 +344,7 @@
if (!scratch) {
scratch_len = strlen(path) + 29 + protocol_version_len;
scratch = emalloc(scratch_len);
- strcpy(scratch, "GET ");
+ strncpy(scratch, "GET ", scratch_len);
}
/* Should we send the entire path in the request line, default to no. */
Modified: php/php-src/branches/PHP_5_3/ext/standard/proc_open.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/proc_open.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_3/ext/standard/proc_open.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -183,8 +183,8 @@
l = string_length + el_len + 1;
memcpy(p, string_key, string_length);
- strcat(p, "=");
- strcat(p, data);
+ strncat(p, "=", 1);
+ strncat(p, data, el_len);
#ifndef PHP_WIN32
*ep = p;
Modified: php/php-src/branches/PHP_5_3/ext/standard/user_filters.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/standard/user_filters.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_3/ext/standard/user_filters.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -311,7 +311,7 @@
period = wildcard + (period - filtername);
while (period) {
*period = '\0';
- strcat(wildcard, ".*");
+ strncat(wildcard, ".*", 2);
if (SUCCESS == zend_hash_find(BG(user_filter_map), wildcard, strlen(wildcard) + 1, (void**)&fdat)) {
period = NULL;
} else {
Modified: php/php-src/branches/PHP_5_3/ext/xml/xml.c
===================================================================
--- php/php-src/branches/PHP_5_3/ext/xml/xml.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_3/ext/xml/xml.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -1050,7 +1050,7 @@
if (zend_hash_find(Z_ARRVAL_PP(parser->ctag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
int newlen = Z_STRLEN_PP(myval) + decoded_len;
Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
- strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+ strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
Z_STRLEN_PP(myval) += decoded_len;
efree(decoded_value);
} else {
@@ -1070,7 +1070,7 @@
if (zend_hash_find(Z_ARRVAL_PP(curtag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
int newlen = Z_STRLEN_PP(myval) + decoded_len;
Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
- strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+ strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
Z_STRLEN_PP(myval) += decoded_len;
efree(decoded_value);
return;
Modified: php/php-src/branches/PHP_5_3/main/fopen_wrappers.c
===================================================================
--- php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_3/main/fopen_wrappers.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -463,7 +463,8 @@
#endif
if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) &&
IS_ABSOLUTE_PATH(PG(doc_root), length)) {
- filename = emalloc(length + strlen(path_info) + 2);
+ int path_len = strlen(path_info);
+ filename = emalloc(length + path_len + 2);
if (filename) {
memcpy(filename, PG(doc_root), length);
if (!IS_SLASH(filename[length - 1])) { /* length is never 0 */
@@ -472,7 +473,7 @@
if (IS_SLASH(path_info[0])) {
length--;
}
- strcpy(filename + length, path_info);
+ strncpy(filename + length, path_len + 1);
}
} else {
filename = SG(request_info).path_translated;
Modified: php/php-src/branches/PHP_5_3/main/streams/filter.c
===================================================================
--- php/php-src/branches/PHP_5_3/main/streams/filter.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_3/main/streams/filter.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -270,7 +270,7 @@
period = wildname + (period - filtername);
while (period && !filter) {
*period = '\0';
- strcat(wildname, ".*");
+ strncat(wildname, ".*", 2);
if (SUCCESS == zend_hash_find(filter_hash, wildname, strlen(wildname) + 1, (void**)&factory)) {
filter = factory->create_filter(filtername, filterparams, persistent TSRMLS_CC);
}
Modified: php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -74,7 +74,7 @@
char convbuf[50];
if (errcode == REG_ATOI)
- s = regatoi(preg, convbuf);
+ s = regatoi(preg, convbuf, sizeof(convbuf));
else {
for (r = rerrs; r->code >= 0; r++)
if (r->code == target)
@@ -84,7 +84,7 @@
if (r->code >= 0)
(void) strncpy(convbuf, r->name, 50);
else
- sprintf(convbuf, "REG_0x%x", target);
+ snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target);
assert(strlen(convbuf) < sizeof(convbuf));
s = convbuf;
} else
@@ -106,12 +106,13 @@
/*
- regatoi - internal routine to implement REG_ATOI
- == static char *regatoi(const regex_t *preg, char *localbuf);
+ == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
*/
static char *
-regatoi(preg, localbuf)
+regatoi(preg, localbuf, bufsize)
const regex_t *preg;
char *localbuf;
+int bufsize;
{
register const struct rerr *r;
@@ -121,6 +122,6 @@
if (r->code < 0)
return("0");
- sprintf(localbuf, "%d", r->code);
+ snprintf(localbuf, bufsize, "%d", r->code);
return(localbuf);
}
Modified: php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.ih
===================================================================
--- php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.ih 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_4/ext/ereg/regex/regerror.ih 2011-08-09 12:16:58 UTC (rev 314641)
@@ -4,7 +4,7 @@
#endif
/* === regerror.c === */
-static char *regatoi(const regex_t *preg, char *localbuf);
+static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
#ifdef __cplusplus
}
Modified: php/php-src/branches/PHP_5_4/ext/standard/crypt.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/standard/crypt.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_4/ext/standard/crypt.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -170,10 +170,10 @@
/* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */
if (!*salt) {
#if PHP_MD5_CRYPT
- strcpy(salt, "$1$");
+ strncpy(salt, "$1$", PHP_MAX_SALT_LEN);
php_to64(&salt[3], PHP_CRYPT_RAND, 4);
php_to64(&salt[7], PHP_CRYPT_RAND, 4);
- strcpy(&salt[11], "$");
+ strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11);
#elif PHP_STD_DES_CRYPT
php_to64(&salt[0], PHP_CRYPT_RAND, 2);
salt[2] = '\0';
Modified: php/php-src/branches/PHP_5_4/ext/standard/http_fopen_wrapper.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/standard/http_fopen_wrapper.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_4/ext/standard/http_fopen_wrapper.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -330,7 +330,7 @@
scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
scratch = emalloc(scratch_len);
strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1);
- strcat(scratch, " ");
+ strncat(scratch, " ", 1);
}
}
}
@@ -344,7 +344,7 @@
if (!scratch) {
scratch_len = strlen(path) + 29 + protocol_version_len;
scratch = emalloc(scratch_len);
- strcpy(scratch, "GET ");
+ strncpy(scratch, "GET ", scratch_len);
}
/* Should we send the entire path in the request line, default to no. */
Modified: php/php-src/branches/PHP_5_4/ext/standard/proc_open.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/standard/proc_open.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_4/ext/standard/proc_open.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -155,8 +155,8 @@
l = string_length + el_len + 1;
memcpy(p, string_key, string_length);
- strcat(p, "=");
- strcat(p, data);
+ strncat(p, "=", 1);
+ strncat(p, data, el_len);
#ifndef PHP_WIN32
*ep = p;
Modified: php/php-src/branches/PHP_5_4/ext/standard/user_filters.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/standard/user_filters.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_4/ext/standard/user_filters.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -311,7 +311,7 @@
period = wildcard + (period - filtername);
while (period) {
*period = '\0';
- strcat(wildcard, ".*");
+ strncat(wildcard, ".*", 2);
if (SUCCESS == zend_hash_find(BG(user_filter_map), wildcard, strlen(wildcard) + 1, (void**)&fdat)) {
period = NULL;
} else {
Modified: php/php-src/branches/PHP_5_4/ext/xml/xml.c
===================================================================
--- php/php-src/branches/PHP_5_4/ext/xml/xml.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_4/ext/xml/xml.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -950,7 +950,7 @@
if (zend_hash_find(Z_ARRVAL_PP(parser->ctag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
int newlen = Z_STRLEN_PP(myval) + decoded_len;
Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
- strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+ strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
Z_STRLEN_PP(myval) += decoded_len;
efree(decoded_value);
} else {
@@ -970,7 +970,7 @@
if (zend_hash_find(Z_ARRVAL_PP(curtag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
int newlen = Z_STRLEN_PP(myval) + decoded_len;
Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
- strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+ strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
Z_STRLEN_PP(myval) += decoded_len;
efree(decoded_value);
return;
Modified: php/php-src/branches/PHP_5_4/main/fopen_wrappers.c
===================================================================
--- php/php-src/branches/PHP_5_4/main/fopen_wrappers.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_4/main/fopen_wrappers.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -410,7 +410,8 @@
#endif
if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) &&
IS_ABSOLUTE_PATH(PG(doc_root), length)) {
- filename = emalloc(length + strlen(path_info) + 2);
+ int path_len = strlen(path_info);
+ filename = emalloc(length + path_len + 2);
if (filename) {
memcpy(filename, PG(doc_root), length);
if (!IS_SLASH(filename[length - 1])) { /* length is never 0 */
@@ -419,7 +420,7 @@
if (IS_SLASH(path_info[0])) {
length--;
}
- strcpy(filename + length, path_info);
+ strncpy(filename + length, path_info, path_len + 1);
}
} else {
filename = SG(request_info).path_translated;
Modified: php/php-src/branches/PHP_5_4/main/streams/filter.c
===================================================================
--- php/php-src/branches/PHP_5_4/main/streams/filter.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/branches/PHP_5_4/main/streams/filter.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -270,7 +270,7 @@
period = wildname + (period - filtername);
while (period && !filter) {
*period = '\0';
- strcat(wildname, ".*");
+ strncat(wildname, ".*", 2);
if (SUCCESS == zend_hash_find(filter_hash, wildname, strlen(wildname) + 1, (void**)&factory)) {
filter = factory->create_filter(filtername, filterparams, persistent TSRMLS_CC);
}
Modified: php/php-src/trunk/ext/ereg/regex/regerror.c
===================================================================
--- php/php-src/trunk/ext/ereg/regex/regerror.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/trunk/ext/ereg/regex/regerror.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -74,7 +74,7 @@
char convbuf[50];
if (errcode == REG_ATOI)
- s = regatoi(preg, convbuf);
+ s = regatoi(preg, convbuf, sizeof(convbuf));
else {
for (r = rerrs; r->code >= 0; r++)
if (r->code == target)
@@ -84,7 +84,7 @@
if (r->code >= 0)
(void) strncpy(convbuf, r->name, 50);
else
- sprintf(convbuf, "REG_0x%x", target);
+ snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target);
assert(strlen(convbuf) < sizeof(convbuf));
s = convbuf;
} else
@@ -106,12 +106,13 @@
/*
- regatoi - internal routine to implement REG_ATOI
- == static char *regatoi(const regex_t *preg, char *localbuf);
+ == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
*/
static char *
-regatoi(preg, localbuf)
+regatoi(preg, localbuf, bufsize)
const regex_t *preg;
char *localbuf;
+int bufsize;
{
register const struct rerr *r;
@@ -121,6 +122,6 @@
if (r->code < 0)
return("0");
- sprintf(localbuf, "%d", r->code);
+ snprintf(localbuf, bufsize, "%d", r->code);
return(localbuf);
}
Modified: php/php-src/trunk/ext/ereg/regex/regerror.ih
===================================================================
--- php/php-src/trunk/ext/ereg/regex/regerror.ih 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/trunk/ext/ereg/regex/regerror.ih 2011-08-09 12:16:58 UTC (rev 314641)
@@ -4,7 +4,7 @@
#endif
/* === regerror.c === */
-static char *regatoi(const regex_t *preg, char *localbuf);
+static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
#ifdef __cplusplus
}
Modified: php/php-src/trunk/ext/ereg/regex.patch
===================================================================
--- php/php-src/trunk/ext/ereg/regex.patch 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/trunk/ext/ereg/regex.patch 2011-08-09 12:16:58 UTC (rev 314641)
@@ -1,12 +1,62 @@
+Only in regex: regcomp.lo
+Only in regex: regcomp.o
diff -u regex.orig/regerror.c regex/regerror.c
---- regex.orig/regerror.c 2011-08-09 17:31:11.000000000 +0800
-+++ regex/regerror.c 2011-08-09 17:29:53.000000000 +0800
-@@ -82,7 +82,7 @@
+--- regex.orig/regerror.c 2011-08-09 19:49:30.000000000 +0800
++++ regex/regerror.c 2011-08-09 19:46:15.000000000 +0800
+@@ -74,7 +74,7 @@
+ char convbuf[50];
+
+ if (errcode == REG_ATOI)
+- s = regatoi(preg, convbuf);
++ s = regatoi(preg, convbuf, sizeof(convbuf));
+ else {
+ for (r = rerrs; r->code >= 0; r++)
+ if (r->code == target)
+@@ -82,9 +82,9 @@
if (errcode®_ITOA) {
if (r->code >= 0)
- (void) strcpy(convbuf, r->name);
+ (void) strncpy(convbuf, r->name, 50);
else
- sprintf(convbuf, "REG_0x%x", target);
+- sprintf(convbuf, "REG_0x%x", target);
++ snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target);
assert(strlen(convbuf) < sizeof(convbuf));
+ s = convbuf;
+ } else
+@@ -106,12 +106,13 @@
+
+ /*
+ - regatoi - internal routine to implement REG_ATOI
+- == static char *regatoi(const regex_t *preg, char *localbuf);
++ == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
+ */
+ static char *
+-regatoi(preg, localbuf)
++regatoi(preg, localbuf, bufsize)
+ const regex_t *preg;
+ char *localbuf;
++int bufsize;
+ {
+ register const struct rerr *r;
+
+@@ -121,6 +122,6 @@
+ if (r->code < 0)
+ return("0");
+
+- sprintf(localbuf, "%d", r->code);
++ snprintf(localbuf, bufsize, "%d", r->code);
+ return(localbuf);
+ }
+diff -u regex.orig/regerror.ih regex/regerror.ih
+--- regex.orig/regerror.ih 2011-08-09 19:49:00.000000000 +0800
++++ regex/regerror.ih 2011-08-09 19:41:07.000000000 +0800
+@@ -4,7 +4,7 @@
+ #endif
+
+ /* === regerror.c === */
+-static char *regatoi(const regex_t *preg, char *localbuf);
++static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
+
+ #ifdef __cplusplus
+ }
Modified: php/php-src/trunk/ext/standard/crypt.c
===================================================================
--- php/php-src/trunk/ext/standard/crypt.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/trunk/ext/standard/crypt.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -170,10 +170,10 @@
/* The automatic salt generation covers standard DES, md5-crypt and Blowfish (simple) */
if (!*salt) {
#if PHP_MD5_CRYPT
- strcpy(salt, "$1$");
+ strncpy(salt, "$1$", PHP_MAX_SALT_LEN);
php_to64(&salt[3], PHP_CRYPT_RAND, 4);
php_to64(&salt[7], PHP_CRYPT_RAND, 4);
- strcpy(&salt[11], "$");
+ strncpy(&salt[11], "$", PHP_MAX_SALT_LEN - 11);
#elif PHP_STD_DES_CRYPT
php_to64(&salt[0], PHP_CRYPT_RAND, 2);
salt[2] = '\0';
Modified: php/php-src/trunk/ext/standard/http_fopen_wrapper.c
===================================================================
--- php/php-src/trunk/ext/standard/http_fopen_wrapper.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/trunk/ext/standard/http_fopen_wrapper.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -330,7 +330,7 @@
scratch_len = strlen(path) + 29 + Z_STRLEN_PP(tmpzval);
scratch = emalloc(scratch_len);
strlcpy(scratch, Z_STRVAL_PP(tmpzval), Z_STRLEN_PP(tmpzval) + 1);
- strcat(scratch, " ");
+ strncat(scratch, " ", 1);
}
}
}
@@ -344,7 +344,7 @@
if (!scratch) {
scratch_len = strlen(path) + 29 + protocol_version_len;
scratch = emalloc(scratch_len);
- strcpy(scratch, "GET ");
+ strncpy(scratch, "GET ", scratch_len);
}
/* Should we send the entire path in the request line, default to no. */
Modified: php/php-src/trunk/ext/standard/proc_open.c
===================================================================
--- php/php-src/trunk/ext/standard/proc_open.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/trunk/ext/standard/proc_open.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -155,8 +155,8 @@
l = string_length + el_len + 1;
memcpy(p, string_key, string_length);
- strcat(p, "=");
- strcat(p, data);
+ strncat(p, "=", 1);
+ strncat(p, data, el_len);
#ifndef PHP_WIN32
*ep = p;
Modified: php/php-src/trunk/ext/standard/user_filters.c
===================================================================
--- php/php-src/trunk/ext/standard/user_filters.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/trunk/ext/standard/user_filters.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -311,7 +311,7 @@
period = wildcard + (period - filtername);
while (period) {
*period = '\0';
- strcat(wildcard, ".*");
+ strncat(wildcard, ".*", 2);
if (SUCCESS == zend_hash_find(BG(user_filter_map), wildcard, strlen(wildcard) + 1, (void**)&fdat)) {
period = NULL;
} else {
Modified: php/php-src/trunk/ext/xml/xml.c
===================================================================
--- php/php-src/trunk/ext/xml/xml.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/trunk/ext/xml/xml.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -950,7 +950,7 @@
if (zend_hash_find(Z_ARRVAL_PP(parser->ctag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
int newlen = Z_STRLEN_PP(myval) + decoded_len;
Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
- strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+ strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
Z_STRLEN_PP(myval) += decoded_len;
efree(decoded_value);
} else {
@@ -970,7 +970,7 @@
if (zend_hash_find(Z_ARRVAL_PP(curtag),"value",sizeof("value"),(void **) &myval) == SUCCESS) {
int newlen = Z_STRLEN_PP(myval) + decoded_len;
Z_STRVAL_PP(myval) = erealloc(Z_STRVAL_PP(myval),newlen+1);
- strcpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval),decoded_value);
+ strncpy(Z_STRVAL_PP(myval) + Z_STRLEN_PP(myval), decoded_value, decoded_len + 1);
Z_STRLEN_PP(myval) += decoded_len;
efree(decoded_value);
return;
Modified: php/php-src/trunk/main/fopen_wrappers.c
===================================================================
--- php/php-src/trunk/main/fopen_wrappers.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/trunk/main/fopen_wrappers.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -410,7 +410,8 @@
#endif
if (PG(doc_root) && path_info && (length = strlen(PG(doc_root))) &&
IS_ABSOLUTE_PATH(PG(doc_root), length)) {
- filename = emalloc(length + strlen(path_info) + 2);
+ int path_len = strlen(path_info);
+ filename = emalloc(length + path_len + 2);
if (filename) {
memcpy(filename, PG(doc_root), length);
if (!IS_SLASH(filename[length - 1])) { /* length is never 0 */
@@ -419,7 +420,7 @@
if (IS_SLASH(path_info[0])) {
length--;
}
- strcpy(filename + length, path_info);
+ strncpy(filename + length, path_info, path_len + 1);
}
} else {
filename = SG(request_info).path_translated;
Modified: php/php-src/trunk/main/streams/filter.c
===================================================================
--- php/php-src/trunk/main/streams/filter.c 2011-08-09 12:16:32 UTC (rev 314640)
+++ php/php-src/trunk/main/streams/filter.c 2011-08-09 12:16:58 UTC (rev 314641)
@@ -270,7 +270,7 @@
period = wildname + (period - filtername);
while (period && !filter) {
*period = '\0';
- strcat(wildname, ".*");
+ strncat(wildname, ".*", 2);
if (SUCCESS == zend_hash_find(filter_hash, wildname, strlen(wildname) + 1, (void**)&factory)) {
filter = factory->create_filter(filtername, filterparams, persistent TSRMLS_CC);
}
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
