ports/devel/greg/patches/patch-tree_c

Switch from sprintf(3) to snprintf(3) for cases involving strings that
come from the user, at least.  They already use assert(3) in the code
so I just followed along.

--- tree.c.orig	Tue Oct  8 22:39:24 2013
+++ tree.c	Fri Jan  2 14:31:43 2015
@@ -140,8 +140,10 @@ Node *makeAction(char *text)
 {
   Node *node= newNode(Action);
   char name[1024];
+  size_t n;
   assert(thisRule);
-  sprintf(name, "_%d_%s", ++actionCount, thisRule->rule.name);
+  n = snprintf(name,sizeof(name),"_%d_%s",++actionCount,thisRule->rule.name);
+  assert(n < sizeof(name));
   node->action.name= strdup(name);
   node->action.text= strdup(text);
   node->action.list= actions;
SecBSD's official ports repository 2023-08-16 22:26:55 +00:00			`Switch from sprintf(3) to snprintf(3) for cases involving strings that`
			`come from the user, at least. They already use assert(3) in the code`
			`so I just followed along.`

			`--- tree.c.orig Tue Oct 8 22:39:24 2013`
			`+++ tree.c Fri Jan 2 14:31:43 2015`
			`@@ -140,8 +140,10 @@ Node makeAction(char text)`
			`{`
			`Node *node= newNode(Action);`
			`char name[1024];`
			`+ size_t n;`
			`assert(thisRule);`
			`- sprintf(name, "_%d_%s", ++actionCount, thisRule->rule.name);`
			`+ n = snprintf(name,sizeof(name),"_%d_%s",++actionCount,thisRule->rule.name);`
			`+ assert(n < sizeof(name));`
			`node->action.name= strdup(name);`
			`node->action.text= strdup(text);`
			`node->action.list= actions;`