18 lines
659 B
Text
18 lines
659 B
Text
Switch from sprintf(3) to snprintf(3) for cases involving strings that
|
|
come from the user, at least. They already use assert(3) in the code
|
|
so I just followed along.
|
|
|
|
--- tree.c.orig Tue Oct 8 22:39:24 2013
|
|
+++ tree.c Fri Jan 2 14:31:43 2015
|
|
@@ -140,8 +140,10 @@ Node *makeAction(char *text)
|
|
{
|
|
Node *node= newNode(Action);
|
|
char name[1024];
|
|
+ size_t n;
|
|
assert(thisRule);
|
|
- sprintf(name, "_%d_%s", ++actionCount, thisRule->rule.name);
|
|
+ n = snprintf(name,sizeof(name),"_%d_%s",++actionCount,thisRule->rule.name);
|
|
+ assert(n < sizeof(name));
|
|
node->action.name= strdup(name);
|
|
node->action.text= strdup(text);
|
|
node->action.list= actions;
|