[rrd-developers] fix str{cpy,cat} and sprintf safety warnings

Martin Pelikan martin.pelikan at gmail.com
Mon Aug 13 02:27:29 CEST 2012


2012/8/13, Martin Pelikan <martin.pelikan at gmail.com>:
> @@ -1527,14 +1519,10 @@
>                  i++;
>              } else {    /* There is already such a name, suppose a mutiple
> field */
>                  cp = ++esp;
> -                len =
> -                    (strlen(result[k]->value) + (ip - esp) +
> -                     2) * sizeof(char);
> -                if ((sptr = (char *) malloc(len)) == NULL)
> +                len = strlen(result[k]->value) + (ip - esp) + 2;
> +                if ((sptr = (char *) calloc(len, sizeof(char))) == NULL)
>                      return NULL;
> -                memset(sptr, 0, len);
> -                sprintf(sptr, "%s\n", result[k]->value);
> -                strncat(sptr, cp, ip - esp);
> +                snprintf(sptr, len, "%s%s\n", result[k]->value, cp);
>                  free(result[k]->value);
>                  result[k]->value = rrdcgiDecodeString(sptr);
>              }

Sorry everyone, this format string should obviously look like "%s\n%s".

-- 
Martin Pelikan



More information about the rrd-developers mailing list