Bug 758202 – Replace sprintf with snprintf

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 758202 - Replace sprintf with snprintf


Summary:	Replace sprintf with snprintf


Status:	RESOLVED FIXED

Product:	libxslt
Classification:	Platform
Component:	general
Version:	1.1.x
Hardware:	Other All

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Daniel Veillard
QA Contact:	libxml QA maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2015-11-16 23:50 UTC by David Kilzer
Modified:	2016-02-25 14:11 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Patch (5.13 KB, application/mbox) 2015-11-16 23:50 UTC, David Kilzer		Details
Patch (fixed paths) (4.58 KB, patch) 2015-11-16 23:57 UTC, David Kilzer	none	Details \| Review

Description David Kilzer 2015-11-16 23:50:04 UTC

Created attachment 315715 [details]
Patch

Replace sprintf with snprintf for security hardening in case user-controlled values are passed into sprintf.

These are all straightforward additions of the sizeof() macro when changing the method, but if you're compiling on Windows with an older version of Visual Studio, see Bug 756691 (Substitution of _snprintf for snprintf in Windows may cause buffer overruns).

Comment 1 David Kilzer 2015-11-16 23:57:36 UTC

Created attachment 315716 [details] [review]
Patch (fixed paths)

Comment 2 Nick Wellnhofer 2016-02-25 14:11:12 UTC

Fixed in master:
https://git.gnome.org/browse/libxslt/commit/?id=a48c1a861052511f964495347af9e1cbe23d4609