diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2019-08-03 18:19:11 -0700 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2019-08-03 19:31:14 -0700 |
commit | 2178c7445a3464bd69637ad91a2dd0320a60e0df (patch) | |
tree | f8859af93eafcf4e321ab8170567070bcf00c057 /src | |
parent | d4c941ea8b1dc07a14efce656bff58d31a14c985 (diff) |
Use bounds checking string functions everywhere
Replace strcpy, strcat, sprintf with strlcpy, strlcat, snprintf
everywhere, even where there were already bounds checks in place,
to reduce time spent checking static analysis results.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/FreeType/ftenc.c | 4 | ||||
-rw-r--r-- | src/FreeType/ftfuncs.c | 31 | ||||
-rw-r--r-- | src/bitmap/bitscale.c | 2 | ||||
-rw-r--r-- | src/fc/fserve.c | 6 | ||||
-rw-r--r-- | src/fontfile/dirfile.c | 29 | ||||
-rw-r--r-- | src/fontfile/fontdir.c | 9 | ||||
-rw-r--r-- | src/fontfile/fontfile.c | 25 | ||||
-rw-r--r-- | src/util/fontxlfd.c | 127 |
8 files changed, 131 insertions, 102 deletions
diff --git a/src/FreeType/ftenc.c b/src/FreeType/ftenc.c index dfa5cab..5b02993 100644 --- a/src/FreeType/ftenc.c +++ b/src/FreeType/ftenc.c @@ -90,9 +90,7 @@ FTPickMapping(char *xlfd, int length, char *filename, FT_Face face, currently only work for BDFs. */ if(strlen(enc) + strlen(reg) > 18) goto native; - strcpy(buf, enc); - strcat(buf, "-"); - strcat(buf, reg); + snprintf(buf, sizeof(buf), "%s-%s", enc, reg); ErrorF("%s %s\n", buf, encoding_name); if(strcasecmp(buf, "iso10646-1") != 0) { if(strcasecmp(buf, encoding_name) == 0) diff --git a/src/FreeType/ftfuncs.c b/src/FreeType/ftfuncs.c index e7c8026..bc41bdf 100644 --- a/src/FreeType/ftfuncs.c +++ b/src/FreeType/ftfuncs.c @@ -31,6 +31,7 @@ THE SOFTWARE. #endif #include "libxfontint.h" #include <X11/fonts/fontmisc.h> +#include "src/util/replace.h" #include <string.h> #include <math.h> @@ -1604,7 +1605,7 @@ FreeTypeAddProperties(FTFontPtr font, FontScalablePtr vals, FontInfoPtr info, info->nprops = 0; /* in case we abort */ - strcpy(val, fontname); + strlcpy(val, fontname, sizeof(val)); if(FontParseXLFDName(val, vals, FONT_XLFD_REPLACE_VALUE)) { xlfdProps = 1; } else { @@ -2199,15 +2200,16 @@ FreeTypeSetUpTTCap( char *fileName, FontScalablePtr vals, /* colon exist in the right side of slash. */ int dirLen = p1-fileName; int baseLen = fileName+len - p2 -1; + int fullLen = dirLen+baseLen+1; - *dynStrRealFileName = malloc(dirLen+baseLen+1); + *dynStrRealFileName = malloc(fullLen); if( *dynStrRealFileName == NULL ) { result = AllocError; goto quit; } if ( 0 < dirLen ) memcpy(*dynStrRealFileName, fileName, dirLen); - strcpy(*dynStrRealFileName+dirLen, p2+1); + strlcpy(*dynStrRealFileName+dirLen, p2+1, fullLen - dirLen); capHead = p1; } else { *dynStrRealFileName = strdup(fileName); @@ -2269,8 +2271,9 @@ FreeTypeSetUpTTCap( char *fileName, FontScalablePtr vals, } if( beginptr && 0 < *face_number ) { char *slash; - *dynStrFTFileName = /* add -> ':'+strlen0+':'+strlen1+'\0' */ - malloc(1+strlen(beginptr)+1+strlen(*dynStrRealFileName)+1); + size_t dsftlen = /* add -> ':'+strlen0+':'+strlen1+'\0' */ + 1 + strlen(beginptr) + 1 + strlen(*dynStrRealFileName) + 1; + *dynStrFTFileName = malloc(dsftlen); if( *dynStrFTFileName == NULL ){ result = AllocError; goto quit; @@ -2279,19 +2282,19 @@ FreeTypeSetUpTTCap( char *fileName, FontScalablePtr vals, slash = strrchr(*dynStrRealFileName,'/'); if( slash ) { char *p; - strcat(*dynStrFTFileName,*dynStrRealFileName); + strlcat(*dynStrFTFileName, *dynStrRealFileName, dsftlen); p = strrchr(*dynStrFTFileName,'/'); p[1] = '\0'; - strcat(*dynStrFTFileName,":"); - strcat(*dynStrFTFileName,beginptr); - strcat(*dynStrFTFileName,":"); - strcat(*dynStrFTFileName,slash+1); + strlcat(*dynStrFTFileName, ":", dsftlen); + strlcat(*dynStrFTFileName, beginptr, dsftlen); + strlcat(*dynStrFTFileName, ":", dsftlen); + strlcat(*dynStrFTFileName, slash+1, dsftlen); } else{ - strcat(*dynStrFTFileName,":"); - strcat(*dynStrFTFileName,beginptr); - strcat(*dynStrFTFileName,":"); - strcat(*dynStrFTFileName,*dynStrRealFileName); + strlcat(*dynStrFTFileName, ":", dsftlen); + strlcat(*dynStrFTFileName, beginptr, dsftlen); + strlcat(*dynStrFTFileName, ":", dsftlen); + strlcat(*dynStrFTFileName, *dynStrRealFileName, dsftlen); } } else{ diff --git a/src/bitmap/bitscale.c b/src/bitmap/bitscale.c index 00adcc6..5f77635 100644 --- a/src/bitmap/bitscale.c +++ b/src/bitmap/bitscale.c @@ -1596,7 +1596,7 @@ BitmapOpenScalable (FontPathElementPtr fpe, /* Prepare font properties for the new font */ - strcpy (fontName, scaleFrom->name.name); + strlcpy (fontName, scaleFrom->name.name, sizeof(fontName)); FontParseXLFDName (fontName, vals, FONT_XLFD_REPLACE_VALUE); propCount = ComputeScaledProperties(&sourceFont->info, fontName, vals, diff --git a/src/fc/fserve.c b/src/fc/fserve.c index acea577..46f100e 100644 --- a/src/fc/fserve.c +++ b/src/fc/fserve.c @@ -54,6 +54,7 @@ in this Software without prior written authorization from The Open Group. #include <config.h> #endif #include "libxfontint.h" +#include "src/util/replace.h" #ifdef WIN32 #define _WILLWINSOCK_ @@ -3369,8 +3370,9 @@ static FSFpePtr _fs_init_conn (const char *servername, FontPathElementPtr fpe) { FSFpePtr conn; + size_t snlen = strlen (servername) + 1; - conn = calloc (1, sizeof (FSFpeRec) + strlen (servername) + 1); + conn = calloc (1, sizeof (FSFpeRec) + snlen); if (!conn) return 0; if (!_fs_io_init (conn)) @@ -3382,7 +3384,7 @@ _fs_init_conn (const char *servername, FontPathElementPtr fpe) conn->fs_conn_state = FS_CONN_UNCONNECTED; conn->fs_fd = -1; conn->fpe = fpe; - strcpy (conn->servername, servername); + strlcpy (conn->servername, servername, snlen); return conn; } diff --git a/src/fontfile/dirfile.c b/src/fontfile/dirfile.c index 2802980..58ca491 100644 --- a/src/fontfile/dirfile.c +++ b/src/fontfile/dirfile.c @@ -45,6 +45,7 @@ in this Software without prior written authorization from The Open Group. #include <fcntl.h> #include <errno.h> #include <limits.h> +#include "src/util/replace.h" static Bool AddFileNameAliases ( FontDirectoryPtr dir ); static int ReadFontAlias ( char *directory, Bool isFile, @@ -88,12 +89,12 @@ FontFileReadDirectory (const char *directory, FontDirectoryPtr *pdir) strncpy(dir_path, directory, ptr - directory); dir_path[ptr - directory] = '\0'; } else { - strcpy(dir_path, directory); + strlcpy(dir_path, directory, sizeof(dir_path)); } - strcpy(dir_file, dir_path); + strlcpy(dir_file, dir_path, sizeof(dir_file)); if (dir_file[strlen(dir_file) - 1] != '/') - strcat(dir_file, "/"); - strcat(dir_file, FontDirFile); + strlcat(dir_file, "/", sizeof(dir_file)); + strlcat(dir_file, FontDirFile, sizeof(dir_file)); #ifndef WIN32 file_fd = open(dir_file, O_RDONLY | O_NOFOLLOW); if (file_fd >= 0) { @@ -124,8 +125,8 @@ FontFileReadDirectory (const char *directory, FontDirectoryPtr *pdir) } dir->dir_mtime = statb.st_mtime; if (format[0] == '\0') - sprintf(format, "%%%ds %%%d[^\n]\n", - MAXFONTFILENAMELEN-1, MAXFONTNAMELEN-1); + snprintf(format, sizeof(format), "%%%ds %%%d[^\n]\n", + MAXFONTFILENAMELEN-1, MAXFONTNAMELEN-1); while ((count = fscanf(file, format, file_name, font_name)) != EOF) { #if defined(WIN32) @@ -176,8 +177,8 @@ FontFileDirectoryChanged(FontDirectoryPtr dir) if (strlen(dir->directory) + sizeof(FontDirFile) > sizeof(dir_file)) return FALSE; - strcpy (dir_file, dir->directory); - strcat (dir_file, FontDirFile); + strlcpy (dir_file, dir->directory, sizeof(dir_file)); + strlcat (dir_file, FontDirFile, sizeof(dir_file)); if (stat (dir_file, &statb) == -1) { if (errno != ENOENT || dir->dir_mtime != 0) @@ -189,8 +190,8 @@ FontFileDirectoryChanged(FontDirectoryPtr dir) if ((strlen(dir->directory) + sizeof(FontAliasFile)) > sizeof(dir_file)) return FALSE; - strcpy (dir_file, dir->directory); - strcat (dir_file, FontAliasFile); + strlcpy (dir_file, dir->directory, sizeof(dir_file)); + strlcat (dir_file, FontAliasFile, sizeof(dir_file)); if (stat (dir_file, &statb) == -1) { if (errno != ENOENT || dir->alias_mtime != 0) @@ -282,13 +283,13 @@ ReadFontAlias(char *directory, Bool isFile, FontDirectoryPtr *pdir) if (strlen(directory) >= sizeof(alias_file)) return BadFontPath; dir = *pdir; - strcpy(alias_file, directory); + strlcpy(alias_file, directory, sizeof(alias_file)); if (!isFile) { if (strlen(directory) + 1 + sizeof(FontAliasFile) > sizeof(alias_file)) return BadFontPath; if (directory[strlen(directory) - 1] != '/') - strcat(alias_file, "/"); - strcat(alias_file, FontAliasFile); + strlcat(alias_file, "/", sizeof(alias_file)); + strlcat(alias_file, FontAliasFile, sizeof(alias_file)); } #ifndef WIN32 @@ -335,7 +336,7 @@ ReadFontAlias(char *directory, Bool isFile, FontDirectoryPtr *pdir) status = BadFontPath; break; } - strcpy(alias, lexToken); + strlcpy(alias, lexToken, sizeof(alias)); token = lexAlias(file, &lexToken); switch (token) { case NEWLINE: diff --git a/src/fontfile/fontdir.c b/src/fontfile/fontdir.c index 996b7d1..2cc97b4 100644 --- a/src/fontfile/fontdir.c +++ b/src/fontfile/fontdir.c @@ -34,6 +34,7 @@ in this Software without prior written authorization from The Open Group. #include "libxfontint.h" #include <X11/fonts/fntfilst.h> #include <X11/keysym.h> +#include "src/util/replace.h" #if HAVE_STDINT_H #include <stdint.h> @@ -152,11 +153,11 @@ FontFileMakeDir(const char *dirName, int size) else dir->attributes = NULL; strncpy(dir->directory, dirName, dirlen); - dir->directory[dirlen] = '\0'; - if (dir->attributes) - strcpy(dir->attributes, attrib); if (needslash) - strcat(dir->directory, "/"); + dir->directory[dirlen] = '/'; + dir->directory[dirlen + needslash] = '\0'; + if (dir->attributes) + strlcpy(dir->attributes, attrib, attriblen + 1); return dir; } diff --git a/src/fontfile/fontfile.c b/src/fontfile/fontfile.c index b2f1a6f..d36bbc0 100644 --- a/src/fontfile/fontfile.c +++ b/src/fontfile/fontfile.c @@ -37,6 +37,7 @@ in this Software without prior written authorization from The Open Group. #ifdef WIN32 #include <ctype.h> #endif +#include "src/util/replace.h" static unsigned char ISOLatin1ToLower(unsigned char source) @@ -354,7 +355,7 @@ FontFileOpenFont (pointer client, FontPathElementPtr fpe, Mask flags, entry = FontFileFindNameInScalableDir (&dir->scalable, &tmpName, &vals); if (entry) { - strcpy(lowerName, entry->name.name); + strlcpy(lowerName, entry->name.name, sizeof(lowerName)); tmpName.name = lowerName; tmpName.length = entry->name.length; tmpName.ndashes = entry->name.ndashes; @@ -442,8 +443,8 @@ FontFileOpenFont (pointer client, FontPathElementPtr fpe, Mask flags, sizeof(fileName)) { ret = BadFontName; } else { - strcpy (fileName, dir->directory); - strcat (fileName, scalable->fileName); + strlcpy (fileName, dir->directory, sizeof(fileName)); + strlcat (fileName, scalable->fileName, sizeof(fileName)); if (scalable->renderer->OpenScalable) { ret = (*scalable->renderer->OpenScalable) (fpe, pFont, flags, entry, fileName, &vals, format, fmask, @@ -527,8 +528,8 @@ FontFileOpenBitmapNCF (FontPathElementPtr fpe, FontPtr *pFont, return BadFontName; if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName)) return BadFontName; - strcpy (fileName, dir->directory); - strcat (fileName, bitmap->fileName); + strlcpy (fileName, dir->directory, sizeof(fileName)); + strlcat (fileName, bitmap->fileName, sizeof(fileName)); ret = (*bitmap->renderer->OpenBitmap) (fpe, pFont, flags, entry, fileName, format, fmask, non_cachable_font); @@ -564,8 +565,8 @@ FontFileGetInfoBitmap (FontPathElementPtr fpe, FontInfoPtr pFontInfo, return BadFontName; if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName)) return BadFontName; - strcpy (fileName, dir->directory); - strcat (fileName, bitmap->fileName); + strlcpy (fileName, dir->directory, sizeof(fileName)); + strlcat (fileName, bitmap->fileName, sizeof(fileName)); ret = (*bitmap->renderer->GetInfoBitmap) (fpe, pFontInfo, entry, fileName); return ret; } @@ -590,7 +591,7 @@ _FontFileAddScalableNames(FontNamesPtr names, FontNamesPtr scaleNames, { --*max; - strcpy (nameChars, scaleNames->names[i]); + strlcpy (nameChars, scaleNames->names[i], sizeof(nameChars)); if ((vals->values_supplied & PIXELSIZE_MASK) || !(vals->values_supplied & PIXELSIZE_WILDCARD) || vals->y == 0) @@ -713,7 +714,7 @@ _FontFileListFonts (pointer client, FontPathElementPtr fpe, /* Match XLFD patterns */ - strcpy (zeroChars, lowerChars); + strlcpy (zeroChars, lowerChars, sizeof(zeroChars)); if (lowerName.ndashes == 14 && FontParseXLFDName (zeroChars, &vals, FONT_XLFD_REPLACE_ZERO)) { @@ -940,7 +941,7 @@ FontFileListOneFontWithInfo (pointer client, FontPathElementPtr fpe, entry = FontFileFindNameInScalableDir (&dir->scalable, &tmpName, &vals); if (entry) { - strcpy(lowerName, entry->name.name); + strlcpy(lowerName, entry->name.name, sizeof(lowerName)); tmpName.name = lowerName; tmpName.length = entry->name.length; tmpName.ndashes = entry->name.ndashes; @@ -1008,8 +1009,8 @@ FontFileListOneFontWithInfo (pointer client, FontPathElementPtr fpe, sizeof(fileName)) { ret = BadFontName; } else { - strcpy (fileName, dir->directory); - strcat (fileName, scalable->fileName); + strlcpy (fileName, dir->directory, sizeof(fileName)); + strlcat (fileName, scalable->fileName, sizeof(fileName)); if (scalable->renderer->GetInfoScalable) ret = (*scalable->renderer->GetInfoScalable) (fpe, *pFontInfo, entry, &tmpName, fileName, diff --git a/src/util/fontxlfd.c b/src/util/fontxlfd.c index 0bd1140..141a564 100644 --- a/src/util/fontxlfd.c +++ b/src/util/fontxlfd.c @@ -38,6 +38,7 @@ from The Open Group. #include <X11/fonts/fontstruct.h> #include <X11/fonts/fontxlfd.h> #include <X11/fonts/fontutil.h> +#include <X11/fonts/fntfilst.h> /* for MAXFONTNAMELEN */ #include <X11/Xos.h> #include <math.h> #include <stdlib.h> @@ -49,6 +50,7 @@ from The Open Group. #endif #include <ctype.h> #include <stdio.h> /* for sprintf() */ +#include "src/util/replace.h" static char * GetInt(char *ptr, int *val) @@ -114,11 +116,14 @@ readreal(char *ptr, double *result) return (p1 == buffer) ? (char *)0 : (ptr + (p1 - buffer)); } +#define XLFD_DOUBLE_TO_TEXT_BUF_SIZE 80 + static char * xlfd_double_to_text(double value, char *buffer, int space_required) { register char *p1; int ndigits, exponent; + const size_t buflen = XLFD_DOUBLE_TO_TEXT_BUF_SIZE; #ifndef NO_LOCALE if (!locale) @@ -137,7 +142,7 @@ xlfd_double_to_text(double value, char *buffer, int space_required) *buffer++ = ' '; /* Render the number using printf's idea of formatting */ - sprintf(buffer, "%.*le", XLFD_NDIGITS, value); + snprintf(buffer, buflen, "%.*le", XLFD_NDIGITS, value); /* Find and read the exponent value */ for (p1 = buffer + strlen(buffer); @@ -154,14 +159,14 @@ xlfd_double_to_text(double value, char *buffer, int space_required) if (exponent >= XLFD_NDIGITS || ndigits - exponent > XLFD_NDIGITS + 1) { /* Scientific */ - sprintf(buffer, "%.*le", ndigits - 1, value); + snprintf(buffer, buflen, "%.*le", ndigits - 1, value); } else { /* Fixed */ ndigits -= exponent + 1; if (ndigits < 0) ndigits = 0; - sprintf(buffer, "%.*lf", ndigits, value); + snprintf(buffer, buflen, "%.*lf", ndigits, value); if (exponent < 0) { p1 = buffer; @@ -263,7 +268,7 @@ xlfd_round_double(double x) char buffer[40]; - sprintf(buffer, "%.*lg", XLFD_NDIGITS, x); + snprintf(buffer, sizeof(buffer), "%.*lg", XLFD_NDIGITS, x); return atof(buffer); } } @@ -347,26 +352,28 @@ GetMatrix(char *ptr, FontScalablePtr vals, int which) static void -append_ranges(char *fname, int nranges, fsRange *ranges) +append_ranges(char *fname, size_t fnamelen, int nranges, fsRange *ranges) { if (nranges) { int i; - strcat(fname, "["); + strlcat(fname, "[", fnamelen); for (i = 0; i < nranges && strlen(fname) < 1010; i++) { - if (i) strcat(fname, " "); - sprintf(fname + strlen(fname), "%d", - minchar(ranges[i])); + size_t curlen; + if (i) strlcat(fname, " ", fnamelen); + curlen = strlen(fname); + snprintf(fname + curlen, fnamelen - curlen, "%d", + minchar(ranges[i])); if (ranges[i].min_char_low == ranges[i].max_char_low && ranges[i].min_char_high == ranges[i].max_char_high) continue; - sprintf(fname + strlen(fname), "_%d", - maxchar(ranges[i])); + snprintf(fname + curlen, fnamelen - curlen, "_%d", + maxchar(ranges[i])); } - strcat(fname, "]"); + strlcat(fname, "]", fnamelen); } } @@ -382,6 +389,8 @@ FontParseXLFDName(char *fname, FontScalablePtr vals, int subst) FontScalableRec tmpvals; char replaceChar = '0'; char tmpBuf[1024]; + size_t tlen; + size_t fnamelen = MAXFONTNAMELEN; /* assumed for now */ int spacingLen; int l; char *p; @@ -440,7 +449,7 @@ FontParseXLFDName(char *fname, FontScalablePtr vals, int subst) case FONT_XLFD_REPLACE_STAR: replaceChar = '*'; case FONT_XLFD_REPLACE_ZERO: - strcpy(tmpBuf, ptr2); + strlcpy(tmpBuf, ptr2, sizeof(tmpBuf)); ptr5 = tmpBuf + (ptr5 - ptr2); ptr3 = tmpBuf + (ptr3 - ptr2); ptr2 = tmpBuf; @@ -472,7 +481,7 @@ FontParseXLFDName(char *fname, FontScalablePtr vals, int subst) *ptr++ = '-'; } *ptr++ = replaceChar; - strcpy(ptr, ptr5); + strlcpy(ptr, ptr5, fnamelen - (ptr - fname)); *vals = tmpvals; break; case FONT_XLFD_REPLACE_VALUE: @@ -508,68 +517,82 @@ FontParseXLFDName(char *fname, FontScalablePtr vals, int subst) p = ptr1 + 1; /* weight field */ l = strchr(p, '-') - p; - sprintf(tmpBuf, "%*.*s", l, l, p); + snprintf(tmpBuf, sizeof(tmpBuf), "%*.*s", l, l, p); p += l + 1; /* slant field */ l = strchr(p, '-') - p; - sprintf(tmpBuf + strlen(tmpBuf), "-%*.*s", l, l, p); + tlen = strlen(tmpBuf); + snprintf(tmpBuf + tlen, sizeof(tmpBuf) - tlen, "-%*.*s", l, l, p); p += l + 1; /* setwidth_name */ l = strchr(p, '-') - p; - sprintf(tmpBuf + strlen(tmpBuf), "-%*.*s", l, l, p); + tlen = strlen(tmpBuf); + snprintf(tmpBuf + tlen, sizeof(tmpBuf) - tlen, "-%*.*s", l, l, p); p += l + 1; /* add_style_name field */ l = strchr(p, '-') - p; - sprintf(tmpBuf + strlen(tmpBuf), "-%*.*s", l, l, p); + tlen = strlen(tmpBuf); + snprintf(tmpBuf + tlen, sizeof(tmpBuf) - tlen, "-%*.*s", l, l, p); - strcat(tmpBuf, "-"); + strlcat(tmpBuf, "-", sizeof(tmpBuf)); if ((tmpvals.values_supplied & PIXELSIZE_MASK) == PIXELSIZE_ARRAY) { - char buffer[80]; - strcat(tmpBuf, "["); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.pixel_matrix[0], - buffer, 0)); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.pixel_matrix[1], - buffer, 1)); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.pixel_matrix[2], - buffer, 1)); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.pixel_matrix[3], - buffer, 1)); - strcat(tmpBuf, "]"); + char buffer[XLFD_DOUBLE_TO_TEXT_BUF_SIZE]; + strlcat(tmpBuf, "[", sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.pixel_matrix[0], buffer, 0), + sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.pixel_matrix[1], buffer, 1), + sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.pixel_matrix[2], buffer, 1), + sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.pixel_matrix[3], buffer, 1), + sizeof(tmpBuf)); + strlcat(tmpBuf, "]", sizeof(tmpBuf)); } else { - sprintf(tmpBuf + strlen(tmpBuf), "%d", - (int)(tmpvals.pixel_matrix[3] + .5)); + tlen = strlen(tmpBuf); + snprintf(tmpBuf + tlen, sizeof(tmpBuf) - tlen, "%d", + (int)(tmpvals.pixel_matrix[3] + .5)); } - strcat(tmpBuf, "-"); + strlcat(tmpBuf, "-", sizeof(tmpBuf)); if ((tmpvals.values_supplied & POINTSIZE_MASK) == POINTSIZE_ARRAY) { - char buffer[80]; - strcat(tmpBuf, "["); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.point_matrix[0], - buffer, 0)); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.point_matrix[1], - buffer, 1)); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.point_matrix[2], - buffer, 1)); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.point_matrix[3], - buffer, 1)); - strcat(tmpBuf, "]"); + char buffer[XLFD_DOUBLE_TO_TEXT_BUF_SIZE]; + strlcat(tmpBuf, "[", sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.point_matrix[0], buffer, 0), + sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.point_matrix[1], buffer, 1), + sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.point_matrix[2], buffer, 1), + sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.point_matrix[3], buffer, 1), + sizeof(tmpBuf)); + strlcat(tmpBuf, "]", sizeof(tmpBuf)); } else { - sprintf(tmpBuf + strlen(tmpBuf), "%d", - (int)(tmpvals.point_matrix[3] * 10.0 + .5)); + tlen = strlen(tmpBuf); + snprintf(tmpBuf + tlen, sizeof(tmpBuf) - tlen, "%d", + (int)(tmpvals.point_matrix[3] * 10.0 + .5)); } - sprintf(tmpBuf + strlen(tmpBuf), "-%d-%d%*.*s%d%s", - tmpvals.x, tmpvals.y, - spacingLen, spacingLen, ptr3, tmpvals.width, ptr5); - strcpy(ptr1 + 1, tmpBuf); + tlen = strlen(tmpBuf); + snprintf(tmpBuf + tlen, sizeof(tmpBuf) - tlen, "-%d-%d%*.*s%d%s", + tmpvals.x, tmpvals.y, + spacingLen, spacingLen, ptr3, tmpvals.width, ptr5); + strlcpy(ptr1 + 1, tmpBuf, fnamelen - (ptr1 - fname)); if ((vals->values_supplied & CHARSUBSET_SPECIFIED) && !vals->nranges) - strcat(fname, "[]"); + strlcat(fname, "[]", fnamelen); else - append_ranges(fname, vals->nranges, vals->ranges); + append_ranges(fname, fnamelen, vals->nranges, vals->ranges); break; } return TRUE; |