diff --git a/inst/include/hlrmisc.h b/inst/include/hlrmisc.h index c7b6bc6..594c9ba 100644 --- a/inst/include/hlrmisc.h +++ b/inst/include/hlrmisc.h @@ -116,6 +116,8 @@ extern char *hlr_strdups (char *s1); */ #define hlr_strdup0(s) ((s) ? hlr_strdup(s) : NULL) +/// The maximum amount of memory meeded to to store an int +#define HLR_ITOA_SIZE 21 /** Convert an integer into a string.
Usage:
@@ -126,9 +128,7 @@ extern char *hlr_strdups (char *s1); the result can be up to 20 bytes
(see ULONG_MAX in limits.h)
*/ -#define hlr_itoa(s,i) sprintf(s,"%d",i) -/// The maximum amount of memory meeded to to store an int -#define HLR_ITOA_SIZE 21 +#define hlr_itoa(s,i) snprintf(s,HLR_ITOA_SIZE,"%d",i) /// Define MIN only if not defined by C library #ifndef MIN diff --git a/src/format.c b/src/format.c index db86d90..2369ab4 100644 --- a/src/format.c +++ b/src/format.c @@ -516,7 +516,7 @@ int stringPrintf (Stringa str,const char *format,...) { va_end (args); array (str,maxlength + 1,char) = '\0'; // allocate space va_start (args,format); - resultLen = vsprintf (string (str),format,args); + resultLen = vsnprintf (string (str),maxlength + 1,format,args); va_end (args); if (resultLen > maxlength || resultLen < 0) die ("stringPrintf(): result length prediction failed. Memory corrupted. Abort for safety. Possible cause: %%f specified and printed representation of numeric value requires more then deflength = 18 bytes. Possible fix: use %%g as format string."); @@ -539,7 +539,7 @@ int stringAppendf (Stringa str,const char *format,...) { va_end (args); array (str,len + maxlength + 1,char) = '\0'; // allocate space va_start (args,format); - resultLen = vsprintf (string (str)+len,format,args); + resultLen = vsnprintf (string (str)+len,maxlength + 1,format,args); va_end (args); if (resultLen > maxlength || resultLen < 0) die ("stringAppendf(): oops"); @@ -572,7 +572,7 @@ char *stringPrintBuf (const char *format,...) { va_end (args); array (str,maxlength + 1,char) = '\0'; // allocate space va_start (args,format); - resultLen = vsprintf (string (str),format,args); + resultLen = vsnprintf (string (str),maxlength + 1,format,args); va_end (args); if (resultLen > maxlength || resultLen < 0) die ("stringPrintBuf(): oops"); diff --git a/src/html.c b/src/html.c index 3d16c66..ee20180 100644 --- a/src/html.c +++ b/src/html.c @@ -211,7 +211,7 @@ void cgiHeader (char *mimeType) { a reload */ struct tm *gmt = gmtime (&t); strftime (date,39,"%a, %d %b %Y %T GMT",gmt); - sprintf (exp,"\r\nExpires: %.40s",date); + snprintf (exp,sizeof exp,"\r\nExpires: %.40s",date); } else exp[0] = '\0'; @@ -632,7 +632,7 @@ void cgiEncodeWord (char *s,Stringa a) { stringClear (a); while ((c = *++cp) != '\0') { if (!isalnum(c) && c != '_' && c != '-' && c != '.' && c != ':') { - sprintf (hex,"%02X",c); + snprintf (hex,sizeof hex,"%02X",c); stringCatChar (a,'%'); stringCatChar (a,hex[0]); stringCatChar (a,hex[1]); @@ -818,7 +818,7 @@ void cgiURLCreate (char *host,int port,char *program) { stringCat (cgiurl,host); if (port != 0) { stringCat (cgiurl,":"); - sprintf (portStr,"%d",port); + snprintf (portStr,sizeof portStr,"%d",port); stringCat (cgiurl,portStr); } if (program[0] != '/') diff --git a/src/log.c b/src/log.c index c197167..dd293a1 100644 --- a/src/log.c +++ b/src/log.c @@ -235,7 +235,7 @@ void print_msg(const char *x, const char* prefix, va_list args) { fflush(NULL); char msg[4096]; REprintf(prefix); - vsprintf(msg, x, args); + vsnprintf(msg, sizeof msg, x, args); REprintf(msg); va_end(args); REprintf("\n"); @@ -509,7 +509,7 @@ void warnAdd (char *source,char *msg) { free (gSources[WARNMAX-1]); free (gMsgs[WARNMAX-1]); gSources[WARNMAX-1] = strdup ("warnAdd"); - sprintf (s,"Warning buffer overflow. Last %d warning(s) discarded.", + snprintf (s, sizeof s, "Warning buffer overflow. Last %d warning(s) discarded.", gWarnCnt - WARNMAX); gMsgs[WARNMAX-1] = strdup(s); } diff --git a/src/sequenceAlignment.c b/src/sequenceAlignment.c index 50991b2..0cd6f9b 100644 --- a/src/sequenceAlignment.c +++ b/src/sequenceAlignment.c @@ -193,9 +193,9 @@ static void printName (char *name) { char line[NAME_LENGTH+1]; if (name == NULL) - sprintf (line,"%*s",NAME_LENGTH,""); + snprintf (line,sizeof line,"%*s",NAME_LENGTH,""); else - sprintf (line,"%-*.*s",NAME_LENGTH,NAME_LENGTH-1,name); + snprintf (line,sizeof line,"%-*.*s",NAME_LENGTH,NAME_LENGTH-1,name); Rprintf ("%s",line); }