diff options
| -rw-r--r-- | src/FreeType/ftenc.c | 4 | ||||
| -rw-r--r-- | src/FreeType/ftfuncs.c | 31 | ||||
| -rw-r--r-- | src/bitmap/bitscale.c | 2 | ||||
| -rw-r--r-- | src/fc/fserve.c | 6 | ||||
| -rw-r--r-- | src/fontfile/dirfile.c | 29 | ||||
| -rw-r--r-- | src/fontfile/fontdir.c | 9 | ||||
| -rw-r--r-- | src/fontfile/fontfile.c | 25 | ||||
| -rw-r--r-- | src/util/fontxlfd.c | 127 |
8 files changed, 131 insertions, 102 deletions
diff --git a/src/FreeType/ftenc.c b/src/FreeType/ftenc.c index dfa5cab..5b02993 100644 --- a/src/FreeType/ftenc.c +++ b/src/FreeType/ftenc.c @@ -90,9 +90,7 @@ FTPickMapping(char *xlfd, int length, char *filename, FT_Face face, currently only work for BDFs. */ if(strlen(enc) + strlen(reg) > 18) goto native; - strcpy(buf, enc); - strcat(buf, "-"); - strcat(buf, reg); + snprintf(buf, sizeof(buf), "%s-%s", enc, reg); ErrorF("%s %s\n", buf, encoding_name); if(strcasecmp(buf, "iso10646-1") != 0) { if(strcasecmp(buf, encoding_name) == 0) diff --git a/src/FreeType/ftfuncs.c b/src/FreeType/ftfuncs.c index e7c8026..bc41bdf 100644 --- a/src/FreeType/ftfuncs.c +++ b/src/FreeType/ftfuncs.c @@ -31,6 +31,7 @@ THE SOFTWARE. #endif #include "libxfontint.h" #include <X11/fonts/fontmisc.h> +#include "src/util/replace.h" #include <string.h> #include <math.h> @@ -1604,7 +1605,7 @@ FreeTypeAddProperties(FTFontPtr font, FontScalablePtr vals, FontInfoPtr info, info->nprops = 0; /* in case we abort */ - strcpy(val, fontname); + strlcpy(val, fontname, sizeof(val)); if(FontParseXLFDName(val, vals, FONT_XLFD_REPLACE_VALUE)) { xlfdProps = 1; } else { @@ -2199,15 +2200,16 @@ FreeTypeSetUpTTCap( char *fileName, FontScalablePtr vals, /* colon exist in the right side of slash. */ int dirLen = p1-fileName; int baseLen = fileName+len - p2 -1; + int fullLen = dirLen+baseLen+1; - *dynStrRealFileName = malloc(dirLen+baseLen+1); + *dynStrRealFileName = malloc(fullLen); if( *dynStrRealFileName == NULL ) { result = AllocError; goto quit; } if ( 0 < dirLen ) memcpy(*dynStrRealFileName, fileName, dirLen); - strcpy(*dynStrRealFileName+dirLen, p2+1); + strlcpy(*dynStrRealFileName+dirLen, p2+1, fullLen - dirLen); capHead = p1; } else { *dynStrRealFileName = strdup(fileName); @@ -2269,8 +2271,9 @@ FreeTypeSetUpTTCap( char *fileName, FontScalablePtr vals, } if( beginptr && 0 < *face_number ) { char *slash; - *dynStrFTFileName = /* add -> ':'+strlen0+':'+strlen1+'\0' */ - malloc(1+strlen(beginptr)+1+strlen(*dynStrRealFileName)+1); + size_t dsftlen = /* add -> ':'+strlen0+':'+strlen1+'\0' */ + 1 + strlen(beginptr) + 1 + strlen(*dynStrRealFileName) + 1; + *dynStrFTFileName = malloc(dsftlen); if( *dynStrFTFileName == NULL ){ result = AllocError; goto quit; @@ -2279,19 +2282,19 @@ FreeTypeSetUpTTCap( char *fileName, FontScalablePtr vals, slash = strrchr(*dynStrRealFileName,'/'); if( slash ) { char *p; - strcat(*dynStrFTFileName,*dynStrRealFileName); + strlcat(*dynStrFTFileName, *dynStrRealFileName, dsftlen); p = strrchr(*dynStrFTFileName,'/'); p[1] = '\0'; - strcat(*dynStrFTFileName,":"); - strcat(*dynStrFTFileName,beginptr); - strcat(*dynStrFTFileName,":"); - strcat(*dynStrFTFileName,slash+1); + strlcat(*dynStrFTFileName, ":", dsftlen); + strlcat(*dynStrFTFileName, beginptr, dsftlen); + strlcat(*dynStrFTFileName, ":", dsftlen); + strlcat(*dynStrFTFileName, slash+1, dsftlen); } else{ - strcat(*dynStrFTFileName,":"); - strcat(*dynStrFTFileName,beginptr); - strcat(*dynStrFTFileName,":"); - strcat(*dynStrFTFileName,*dynStrRealFileName); + strlcat(*dynStrFTFileName, ":", dsftlen); + strlcat(*dynStrFTFileName, beginptr, dsftlen); + strlcat(*dynStrFTFileName, ":", dsftlen); + strlcat(*dynStrFTFileName, *dynStrRealFileName, dsftlen); } } else{ diff --git a/src/bitmap/bitscale.c b/src/bitmap/bitscale.c index 00adcc6..5f77635 100644 --- a/src/bitmap/bitscale.c +++ b/src/bitmap/bitscale.c @@ -1596,7 +1596,7 @@ BitmapOpenScalable (FontPathElementPtr fpe, /* Prepare font properties for the new font */ - strcpy (fontName, scaleFrom->name.name); + strlcpy (fontName, scaleFrom->name.name, sizeof(fontName)); FontParseXLFDName (fontName, vals, FONT_XLFD_REPLACE_VALUE); propCount = ComputeScaledProperties(&sourceFont->info, fontName, vals, diff --git a/src/fc/fserve.c b/src/fc/fserve.c index acea577..46f100e 100644 --- a/src/fc/fserve.c +++ b/src/fc/fserve.c @@ -54,6 +54,7 @@ in this Software without prior written authorization from The Open Group. #include <config.h> #endif #include "libxfontint.h" +#include "src/util/replace.h" #ifdef WIN32 #define _WILLWINSOCK_ @@ -3369,8 +3370,9 @@ static FSFpePtr _fs_init_conn (const char *servername, FontPathElementPtr fpe) { FSFpePtr conn; + size_t snlen = strlen (servername) + 1; - conn = calloc (1, sizeof (FSFpeRec) + strlen (servername) + 1); + conn = calloc (1, sizeof (FSFpeRec) + snlen); if (!conn) return 0; if (!_fs_io_init (conn)) @@ -3382,7 +3384,7 @@ _fs_init_conn (const char *servername, FontPathElementPtr fpe) conn->fs_conn_state = FS_CONN_UNCONNECTED; conn->fs_fd = -1; conn->fpe = fpe; - strcpy (conn->servername, servername); + strlcpy (conn->servername, servername, snlen); return conn; } diff --git a/src/fontfile/dirfile.c b/src/fontfile/dirfile.c index 2802980..58ca491 100644 --- a/src/fontfile/dirfile.c +++ b/src/fontfile/dirfile.c @@ -45,6 +45,7 @@ in this Software without prior written authorization from The Open Group. #include <fcntl.h> #include <errno.h> #include <limits.h> +#include "src/util/replace.h" static Bool AddFileNameAliases ( FontDirectoryPtr dir ); static int ReadFontAlias ( char *directory, Bool isFile, @@ -88,12 +89,12 @@ FontFileReadDirectory (const char *directory, FontDirectoryPtr *pdir) strncpy(dir_path, directory, ptr - directory); dir_path[ptr - directory] = '\0'; } else { - strcpy(dir_path, directory); + strlcpy(dir_path, directory, sizeof(dir_path)); } - strcpy(dir_file, dir_path); + strlcpy(dir_file, dir_path, sizeof(dir_file)); if (dir_file[strlen(dir_file) - 1] != '/') - strcat(dir_file, "/"); - strcat(dir_file, FontDirFile); + strlcat(dir_file, "/", sizeof(dir_file)); + strlcat(dir_file, FontDirFile, sizeof(dir_file)); #ifndef WIN32 file_fd = open(dir_file, O_RDONLY | O_NOFOLLOW); if (file_fd >= 0) { @@ -124,8 +125,8 @@ FontFileReadDirectory (const char *directory, FontDirectoryPtr *pdir) } dir->dir_mtime = statb.st_mtime; if (format[0] == '\0') - sprintf(format, "%%%ds %%%d[^\n]\n", - MAXFONTFILENAMELEN-1, MAXFONTNAMELEN-1); + snprintf(format, sizeof(format), "%%%ds %%%d[^\n]\n", + MAXFONTFILENAMELEN-1, MAXFONTNAMELEN-1); while ((count = fscanf(file, format, file_name, font_name)) != EOF) { #if defined(WIN32) @@ -176,8 +177,8 @@ FontFileDirectoryChanged(FontDirectoryPtr dir) if (strlen(dir->directory) + sizeof(FontDirFile) > sizeof(dir_file)) return FALSE; - strcpy (dir_file, dir->directory); - strcat (dir_file, FontDirFile); + strlcpy (dir_file, dir->directory, sizeof(dir_file)); + strlcat (dir_file, FontDirFile, sizeof(dir_file)); if (stat (dir_file, &statb) == -1) { if (errno != ENOENT || dir->dir_mtime != 0) @@ -189,8 +190,8 @@ FontFileDirectoryChanged(FontDirectoryPtr dir) if ((strlen(dir->directory) + sizeof(FontAliasFile)) > sizeof(dir_file)) return FALSE; - strcpy (dir_file, dir->directory); - strcat (dir_file, FontAliasFile); + strlcpy (dir_file, dir->directory, sizeof(dir_file)); + strlcat (dir_file, FontAliasFile, sizeof(dir_file)); if (stat (dir_file, &statb) == -1) { if (errno != ENOENT || dir->alias_mtime != 0) @@ -282,13 +283,13 @@ ReadFontAlias(char *directory, Bool isFile, FontDirectoryPtr *pdir) if (strlen(directory) >= sizeof(alias_file)) return BadFontPath; dir = *pdir; - strcpy(alias_file, directory); + strlcpy(alias_file, directory, sizeof(alias_file)); if (!isFile) { if (strlen(directory) + 1 + sizeof(FontAliasFile) > sizeof(alias_file)) return BadFontPath; if (directory[strlen(directory) - 1] != '/') - strcat(alias_file, "/"); - strcat(alias_file, FontAliasFile); + strlcat(alias_file, "/", sizeof(alias_file)); + strlcat(alias_file, FontAliasFile, sizeof(alias_file)); } #ifndef WIN32 @@ -335,7 +336,7 @@ ReadFontAlias(char *directory, Bool isFile, FontDirectoryPtr *pdir) status = BadFontPath; break; } - strcpy(alias, lexToken); + strlcpy(alias, lexToken, sizeof(alias)); token = lexAlias(file, &lexToken); switch (token) { case NEWLINE: diff --git a/src/fontfile/fontdir.c b/src/fontfile/fontdir.c index 996b7d1..2cc97b4 100644 --- a/src/fontfile/fontdir.c +++ b/src/fontfile/fontdir.c @@ -34,6 +34,7 @@ in this Software without prior written authorization from The Open Group. #include "libxfontint.h" #include <X11/fonts/fntfilst.h> #include <X11/keysym.h> +#include "src/util/replace.h" #if HAVE_STDINT_H #include <stdint.h> @@ -152,11 +153,11 @@ FontFileMakeDir(const char *dirName, int size) else dir->attributes = NULL; strncpy(dir->directory, dirName, dirlen); - dir->directory[dirlen] = '\0'; - if (dir->attributes) - strcpy(dir->attributes, attrib); if (needslash) - strcat(dir->directory, "/"); + dir->directory[dirlen] = '/'; + dir->directory[dirlen + needslash] = '\0'; + if (dir->attributes) + strlcpy(dir->attributes, attrib, attriblen + 1); return dir; } diff --git a/src/fontfile/fontfile.c b/src/fontfile/fontfile.c index b2f1a6f..d36bbc0 100644 --- a/src/fontfile/fontfile.c +++ b/src/fontfile/fontfile.c @@ -37,6 +37,7 @@ in this Software without prior written authorization from The Open Group. #ifdef WIN32 #include <ctype.h> #endif +#include "src/util/replace.h" static unsigned char ISOLatin1ToLower(unsigned char source) @@ -354,7 +355,7 @@ FontFileOpenFont (pointer client, FontPathElementPtr fpe, Mask flags, entry = FontFileFindNameInScalableDir (&dir->scalable, &tmpName, &vals); if (entry) { - strcpy(lowerName, entry->name.name); + strlcpy(lowerName, entry->name.name, sizeof(lowerName)); tmpName.name = lowerName; tmpName.length = entry->name.length; tmpName.ndashes = entry->name.ndashes; @@ -442,8 +443,8 @@ FontFileOpenFont (pointer client, FontPathElementPtr fpe, Mask flags, sizeof(fileName)) { ret = BadFontName; } else { - strcpy (fileName, dir->directory); - strcat (fileName, scalable->fileName); + strlcpy (fileName, dir->directory, sizeof(fileName)); + strlcat (fileName, scalable->fileName, sizeof(fileName)); if (scalable->renderer->OpenScalable) { ret = (*scalable->renderer->OpenScalable) (fpe, pFont, flags, entry, fileName, &vals, format, fmask, @@ -527,8 +528,8 @@ FontFileOpenBitmapNCF (FontPathElementPtr fpe, FontPtr *pFont, return BadFontName; if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName)) return BadFontName; - strcpy (fileName, dir->directory); - strcat (fileName, bitmap->fileName); + strlcpy (fileName, dir->directory, sizeof(fileName)); + strlcat (fileName, bitmap->fileName, sizeof(fileName)); ret = (*bitmap->renderer->OpenBitmap) (fpe, pFont, flags, entry, fileName, format, fmask, non_cachable_font); @@ -564,8 +565,8 @@ FontFileGetInfoBitmap (FontPathElementPtr fpe, FontInfoPtr pFontInfo, return BadFontName; if (strlen(dir->directory) + strlen(bitmap->fileName) >= sizeof(fileName)) return BadFontName; - strcpy (fileName, dir->directory); - strcat (fileName, bitmap->fileName); + strlcpy (fileName, dir->directory, sizeof(fileName)); + strlcat (fileName, bitmap->fileName, sizeof(fileName)); ret = (*bitmap->renderer->GetInfoBitmap) (fpe, pFontInfo, entry, fileName); return ret; } @@ -590,7 +591,7 @@ _FontFileAddScalableNames(FontNamesPtr names, FontNamesPtr scaleNames, { --*max; - strcpy (nameChars, scaleNames->names[i]); + strlcpy (nameChars, scaleNames->names[i], sizeof(nameChars)); if ((vals->values_supplied & PIXELSIZE_MASK) || !(vals->values_supplied & PIXELSIZE_WILDCARD) || vals->y == 0) @@ -713,7 +714,7 @@ _FontFileListFonts (pointer client, FontPathElementPtr fpe, /* Match XLFD patterns */ - strcpy (zeroChars, lowerChars); + strlcpy (zeroChars, lowerChars, sizeof(zeroChars)); if (lowerName.ndashes == 14 && FontParseXLFDName (zeroChars, &vals, FONT_XLFD_REPLACE_ZERO)) { @@ -940,7 +941,7 @@ FontFileListOneFontWithInfo (pointer client, FontPathElementPtr fpe, entry = FontFileFindNameInScalableDir (&dir->scalable, &tmpName, &vals); if (entry) { - strcpy(lowerName, entry->name.name); + strlcpy(lowerName, entry->name.name, sizeof(lowerName)); tmpName.name = lowerName; tmpName.length = entry->name.length; tmpName.ndashes = entry->name.ndashes; @@ -1008,8 +1009,8 @@ FontFileListOneFontWithInfo (pointer client, FontPathElementPtr fpe, sizeof(fileName)) { ret = BadFontName; } else { - strcpy (fileName, dir->directory); - strcat (fileName, scalable->fileName); + strlcpy (fileName, dir->directory, sizeof(fileName)); + strlcat (fileName, scalable->fileName, sizeof(fileName)); if (scalable->renderer->GetInfoScalable) ret = (*scalable->renderer->GetInfoScalable) (fpe, *pFontInfo, entry, &tmpName, fileName, diff --git a/src/util/fontxlfd.c b/src/util/fontxlfd.c index 0bd1140..141a564 100644 --- a/src/util/fontxlfd.c +++ b/src/util/fontxlfd.c @@ -38,6 +38,7 @@ from The Open Group. #include <X11/fonts/fontstruct.h> #include <X11/fonts/fontxlfd.h> #include <X11/fonts/fontutil.h> +#include <X11/fonts/fntfilst.h> /* for MAXFONTNAMELEN */ #include <X11/Xos.h> #include <math.h> #include <stdlib.h> @@ -49,6 +50,7 @@ from The Open Group. #endif #include <ctype.h> #include <stdio.h> /* for sprintf() */ +#include "src/util/replace.h" static char * GetInt(char *ptr, int *val) @@ -114,11 +116,14 @@ readreal(char *ptr, double *result) return (p1 == buffer) ? (char *)0 : (ptr + (p1 - buffer)); } +#define XLFD_DOUBLE_TO_TEXT_BUF_SIZE 80 + static char * xlfd_double_to_text(double value, char *buffer, int space_required) { register char *p1; int ndigits, exponent; + const size_t buflen = XLFD_DOUBLE_TO_TEXT_BUF_SIZE; #ifndef NO_LOCALE if (!locale) @@ -137,7 +142,7 @@ xlfd_double_to_text(double value, char *buffer, int space_required) *buffer++ = ' '; /* Render the number using printf's idea of formatting */ - sprintf(buffer, "%.*le", XLFD_NDIGITS, value); + snprintf(buffer, buflen, "%.*le", XLFD_NDIGITS, value); /* Find and read the exponent value */ for (p1 = buffer + strlen(buffer); @@ -154,14 +159,14 @@ xlfd_double_to_text(double value, char *buffer, int space_required) if (exponent >= XLFD_NDIGITS || ndigits - exponent > XLFD_NDIGITS + 1) { /* Scientific */ - sprintf(buffer, "%.*le", ndigits - 1, value); + snprintf(buffer, buflen, "%.*le", ndigits - 1, value); } else { /* Fixed */ ndigits -= exponent + 1; if (ndigits < 0) ndigits = 0; - sprintf(buffer, "%.*lf", ndigits, value); + snprintf(buffer, buflen, "%.*lf", ndigits, value); if (exponent < 0) { p1 = buffer; @@ -263,7 +268,7 @@ xlfd_round_double(double x) char buffer[40]; - sprintf(buffer, "%.*lg", XLFD_NDIGITS, x); + snprintf(buffer, sizeof(buffer), "%.*lg", XLFD_NDIGITS, x); return atof(buffer); } } @@ -347,26 +352,28 @@ GetMatrix(char *ptr, FontScalablePtr vals, int which) static void -append_ranges(char *fname, int nranges, fsRange *ranges) +append_ranges(char *fname, size_t fnamelen, int nranges, fsRange *ranges) { if (nranges) { int i; - strcat(fname, "["); + strlcat(fname, "[", fnamelen); for (i = 0; i < nranges && strlen(fname) < 1010; i++) { - if (i) strcat(fname, " "); - sprintf(fname + strlen(fname), "%d", - minchar(ranges[i])); + size_t curlen; + if (i) strlcat(fname, " ", fnamelen); + curlen = strlen(fname); + snprintf(fname + curlen, fnamelen - curlen, "%d", + minchar(ranges[i])); if (ranges[i].min_char_low == ranges[i].max_char_low && ranges[i].min_char_high == ranges[i].max_char_high) continue; - sprintf(fname + strlen(fname), "_%d", - maxchar(ranges[i])); + snprintf(fname + curlen, fnamelen - curlen, "_%d", + maxchar(ranges[i])); } - strcat(fname, "]"); + strlcat(fname, "]", fnamelen); } } @@ -382,6 +389,8 @@ FontParseXLFDName(char *fname, FontScalablePtr vals, int subst) FontScalableRec tmpvals; char replaceChar = '0'; char tmpBuf[1024]; + size_t tlen; + size_t fnamelen = MAXFONTNAMELEN; /* assumed for now */ int spacingLen; int l; char *p; @@ -440,7 +449,7 @@ FontParseXLFDName(char *fname, FontScalablePtr vals, int subst) case FONT_XLFD_REPLACE_STAR: replaceChar = '*'; case FONT_XLFD_REPLACE_ZERO: - strcpy(tmpBuf, ptr2); + strlcpy(tmpBuf, ptr2, sizeof(tmpBuf)); ptr5 = tmpBuf + (ptr5 - ptr2); ptr3 = tmpBuf + (ptr3 - ptr2); ptr2 = tmpBuf; @@ -472,7 +481,7 @@ FontParseXLFDName(char *fname, FontScalablePtr vals, int subst) *ptr++ = '-'; } *ptr++ = replaceChar; - strcpy(ptr, ptr5); + strlcpy(ptr, ptr5, fnamelen - (ptr - fname)); *vals = tmpvals; break; case FONT_XLFD_REPLACE_VALUE: @@ -508,68 +517,82 @@ FontParseXLFDName(char *fname, FontScalablePtr vals, int subst) p = ptr1 + 1; /* weight field */ l = strchr(p, '-') - p; - sprintf(tmpBuf, "%*.*s", l, l, p); + snprintf(tmpBuf, sizeof(tmpBuf), "%*.*s", l, l, p); p += l + 1; /* slant field */ l = strchr(p, '-') - p; - sprintf(tmpBuf + strlen(tmpBuf), "-%*.*s", l, l, p); + tlen = strlen(tmpBuf); + snprintf(tmpBuf + tlen, sizeof(tmpBuf) - tlen, "-%*.*s", l, l, p); p += l + 1; /* setwidth_name */ l = strchr(p, '-') - p; - sprintf(tmpBuf + strlen(tmpBuf), "-%*.*s", l, l, p); + tlen = strlen(tmpBuf); + snprintf(tmpBuf + tlen, sizeof(tmpBuf) - tlen, "-%*.*s", l, l, p); p += l + 1; /* add_style_name field */ l = strchr(p, '-') - p; - sprintf(tmpBuf + strlen(tmpBuf), "-%*.*s", l, l, p); + tlen = strlen(tmpBuf); + snprintf(tmpBuf + tlen, sizeof(tmpBuf) - tlen, "-%*.*s", l, l, p); - strcat(tmpBuf, "-"); + strlcat(tmpBuf, "-", sizeof(tmpBuf)); if ((tmpvals.values_supplied & PIXELSIZE_MASK) == PIXELSIZE_ARRAY) { - char buffer[80]; - strcat(tmpBuf, "["); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.pixel_matrix[0], - buffer, 0)); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.pixel_matrix[1], - buffer, 1)); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.pixel_matrix[2], - buffer, 1)); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.pixel_matrix[3], - buffer, 1)); - strcat(tmpBuf, "]"); + char buffer[XLFD_DOUBLE_TO_TEXT_BUF_SIZE]; + strlcat(tmpBuf, "[", sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.pixel_matrix[0], buffer, 0), + sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.pixel_matrix[1], buffer, 1), + sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.pixel_matrix[2], buffer, 1), + sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.pixel_matrix[3], buffer, 1), + sizeof(tmpBuf)); + strlcat(tmpBuf, "]", sizeof(tmpBuf)); } else { - sprintf(tmpBuf + strlen(tmpBuf), "%d", - (int)(tmpvals.pixel_matrix[3] + .5)); + tlen = strlen(tmpBuf); + snprintf(tmpBuf + tlen, sizeof(tmpBuf) - tlen, "%d", + (int)(tmpvals.pixel_matrix[3] + .5)); } - strcat(tmpBuf, "-"); + strlcat(tmpBuf, "-", sizeof(tmpBuf)); if ((tmpvals.values_supplied & POINTSIZE_MASK) == POINTSIZE_ARRAY) { - char buffer[80]; - strcat(tmpBuf, "["); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.point_matrix[0], - buffer, 0)); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.point_matrix[1], - buffer, 1)); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.point_matrix[2], - buffer, 1)); - strcat(tmpBuf, xlfd_double_to_text(tmpvals.point_matrix[3], - buffer, 1)); - strcat(tmpBuf, "]"); + char buffer[XLFD_DOUBLE_TO_TEXT_BUF_SIZE]; + strlcat(tmpBuf, "[", sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.point_matrix[0], buffer, 0), + sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.point_matrix[1], buffer, 1), + sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.point_matrix[2], buffer, 1), + sizeof(tmpBuf)); + strlcat(tmpBuf, + xlfd_double_to_text(tmpvals.point_matrix[3], buffer, 1), + sizeof(tmpBuf)); + strlcat(tmpBuf, "]", sizeof(tmpBuf)); } else { - sprintf(tmpBuf + strlen(tmpBuf), "%d", - (int)(tmpvals.point_matrix[3] * 10.0 + .5)); + tlen = strlen(tmpBuf); + snprintf(tmpBuf + tlen, sizeof(tmpBuf) - tlen, "%d", + (int)(tmpvals.point_matrix[3] * 10.0 + .5)); } - sprintf(tmpBuf + strlen(tmpBuf), "-%d-%d%*.*s%d%s", - tmpvals.x, tmpvals.y, - spacingLen, spacingLen, ptr3, tmpvals.width, ptr5); - strcpy(ptr1 + 1, tmpBuf); + tlen = strlen(tmpBuf); + snprintf(tmpBuf + tlen, sizeof(tmpBuf) - tlen, "-%d-%d%*.*s%d%s", + tmpvals.x, tmpvals.y, + spacingLen, spacingLen, ptr3, tmpvals.width, ptr5); + strlcpy(ptr1 + 1, tmpBuf, fnamelen - (ptr1 - fname)); if ((vals->values_supplied & CHARSUBSET_SPECIFIED) && !vals->nranges) - strcat(fname, "[]"); + strlcat(fname, "[]", fnamelen); else - append_ranges(fname, vals->nranges, vals->ranges); + append_ranges(fname, fnamelen, vals->nranges, vals->ranges); break; } return TRUE; |