[rrd-developers] fix str{cpy,cat} and sprintf safety warnings
Martin Pelikan
martin.pelikan at gmail.com
Mon Aug 13 02:27:29 CEST 2012
2012/8/13, Martin Pelikan <martin.pelikan at gmail.com>:
> @@ -1527,14 +1519,10 @@
> i++;
> } else { /* There is already such a name, suppose a mutiple
> field */
> cp = ++esp;
> - len =
> - (strlen(result[k]->value) + (ip - esp) +
> - 2) * sizeof(char);
> - if ((sptr = (char *) malloc(len)) == NULL)
> + len = strlen(result[k]->value) + (ip - esp) + 2;
> + if ((sptr = (char *) calloc(len, sizeof(char))) == NULL)
> return NULL;
> - memset(sptr, 0, len);
> - sprintf(sptr, "%s\n", result[k]->value);
> - strncat(sptr, cp, ip - esp);
> + snprintf(sptr, len, "%s%s\n", result[k]->value, cp);
> free(result[k]->value);
> result[k]->value = rrdcgiDecodeString(sptr);
> }
Sorry everyone, this format string should obviously look like "%s\n%s".
--
Martin Pelikan
More information about the rrd-developers
mailing list