The hotkey parser was generating a string with sprintf and data it got
from the controller socket (ie data which can have an arbitrary
length). Using sprintf there is a bad idea, replace it with snprintf.
---
client/hot_keys.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/client/hot_keys.cpp b/client/hot_keys.cpp
index f98a4bb..2d0b9db 100644
--- a/client/hot_keys.cpp
+++ b/client/hot_keys.cpp
@@ -140,7 +140,7 @@ void HotKeysParser::add_hotkey(const std::string& hotkey,
const CommandsMap& com
if (commands_map.find(command_name) == commands_map.end()) {
char buf[1000];
- sprintf(buf, "invalid action bname %s", command_name.c_str());
+ snprintf(buf, sizeof(buf), "invalid action bname %s",
command_name.c_str());
THROW(buf);
}
int command_id = commands_map.find(command_name)->second;
--
1.7.9.3
_______________________________________________
Spice-devel mailing list
Spice-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/spice-devel
