2
0
Эх сурвалжийг харах

Replaced unsecure printf with snprintf

Marco Bambini 3 жил өмнө
parent
commit
f15ca86358
1 өөрчлөгдсөн 20 нэмэгдсэн , 20 устгасан
  1. 20 20
      src/utils/gravity_json.c

+ 20 - 20
src/utils/gravity_json.c

@@ -626,7 +626,7 @@ json_value * json_parse_ex (json_settings * settings,
          if (flags & flag_string)
          {
             if (!b)
-            {  sprintf (error, "Unexpected EOF in string (at %d:%d)", line_and_col);
+            {  snprintf (error, sizeof(error), "Unexpected EOF in string (at %d:%d)", line_and_col);
                goto e_failed;
             }
 
@@ -652,7 +652,7 @@ json_value * json_parse_ex (json_settings * settings,
                         (uc_b3 = hex_value (*++ state.ptr)) == 0xFF ||
                         (uc_b4 = hex_value (*++ state.ptr)) == 0xFF)
                     {
-                        sprintf (error, "Invalid character value `%c` (at %d:%d)", b, line_and_col);
+                        snprintf (error, sizeof(error), "Invalid character value `%c` (at %d:%d)", b, line_and_col);
                         goto e_failed;
                     }
 
@@ -669,7 +669,7 @@ json_value * json_parse_ex (json_settings * settings,
                             (uc_b3 = hex_value (*++ state.ptr)) == 0xFF ||
                             (uc_b4 = hex_value (*++ state.ptr)) == 0xFF)
                         {
-                            sprintf (error, "Invalid character value `%c` (at %d:%d)", b, line_and_col);
+                            snprintf (error, sizeof(error), "Invalid character value `%c` (at %d:%d)", b, line_and_col);
                             goto e_failed;
                         }
 
@@ -798,7 +798,7 @@ json_value * json_parse_ex (json_settings * settings,
                if (flags & flag_block_comment)
                {
                   if (!b)
-                  {  sprintf (error, "%d:%d: Unexpected EOF in block comment", line_and_col);
+                  {  snprintf (error, sizeof(error), "%d:%d: Unexpected EOF in block comment", line_and_col);
                      goto e_failed;
                   }
 
@@ -814,12 +814,12 @@ json_value * json_parse_ex (json_settings * settings,
             else if (b == '/')
             {
                if (! (flags & (flag_seek_value | flag_done)) && top->type != json_object)
-               {  sprintf (error, "%d:%d: Comment not allowed here", line_and_col);
+               {  snprintf (error, sizeof(error), "%d:%d: Comment not allowed here", line_and_col);
                   goto e_failed;
                }
 
                if (++ state.ptr == end)
-               {  sprintf (error, "%d:%d: EOF unexpected", line_and_col);
+               {  snprintf (error, sizeof(error), "%d:%d: EOF unexpected", line_and_col);
                   goto e_failed;
                }
 
@@ -834,7 +834,7 @@ json_value * json_parse_ex (json_settings * settings,
                      continue;
 
                   default:
-                     sprintf (error, "%d:%d: Unexpected `%c` in comment opening sequence", line_and_col, b);
+                     snprintf (error, sizeof(error), "%d:%d: Unexpected `%c` in comment opening sequence", line_and_col, b);
                      goto e_failed;
                };
             }
@@ -852,7 +852,7 @@ json_value * json_parse_ex (json_settings * settings,
 
                default:
 
-                  sprintf (error, "%d:%d: Trailing garbage: `%c`",
+                  snprintf (error, sizeof(error), "%d:%d: Trailing garbage: `%c`",
                            state.cur_line, state.cur_col, b);
 
                   goto e_failed;
@@ -871,7 +871,7 @@ json_value * json_parse_ex (json_settings * settings,
                   if (top && top->type == json_array)
                      flags = (flags & ~ (flag_need_comma | flag_seek_value)) | flag_next;
                   else
-                  {  sprintf (error, "%d:%d: Unexpected ]", line_and_col);
+                  {  snprintf (error, sizeof(error), "%d:%d: Unexpected ]", line_and_col);
                      goto e_failed;
                   }
 
@@ -887,7 +887,7 @@ json_value * json_parse_ex (json_settings * settings,
                      }
                      else
                      {
-                        sprintf (error, "%d:%d: Expected , before %c",
+                        snprintf (error, sizeof(error), "%d:%d: Expected , before %c",
                                  state.cur_line, state.cur_col, b);
 
                         goto e_failed;
@@ -902,7 +902,7 @@ json_value * json_parse_ex (json_settings * settings,
                      }
                      else
                      {
-                        sprintf (error, "%d:%d: Expected : before %c",
+                        snprintf (error, sizeof(error), "%d:%d: Expected : before %c",
                                  state.cur_line, state.cur_col, b);
 
                         goto e_failed;
@@ -1028,7 +1028,7 @@ json_value * json_parse_ex (json_settings * settings,
                            continue;
                         }
                         else
-                        {  sprintf (error, "%d:%d: Unexpected %c when seeking value", line_and_col, b);
+                        {  snprintf (error, sizeof(error), "%d:%d: Unexpected %c when seeking value", line_and_col, b);
                            goto e_failed;
                         }
                   };
@@ -1048,7 +1048,7 @@ json_value * json_parse_ex (json_settings * settings,
                   case '"':
 
                      if (flags & flag_need_comma)
-                     {  sprintf (error, "%d:%d: Expected , before \"", line_and_col);
+                     {  snprintf (error, sizeof(error), "%d:%d: Expected , before \"", line_and_col);
                         goto e_failed;
                      }
 
@@ -1073,7 +1073,7 @@ json_value * json_parse_ex (json_settings * settings,
                      }
 
                   default:
-                     sprintf (error, "%d:%d: Unexpected `%c` in object", line_and_col, b);
+                     snprintf (error, sizeof(error), "%d:%d: Unexpected `%c` in object", line_and_col, b);
                      goto e_failed;
                };
 
@@ -1091,7 +1091,7 @@ json_value * json_parse_ex (json_settings * settings,
                      if (! (flags & flag_num_e))
                      {
                         if (flags & flag_num_zero)
-                        {  sprintf (error, "%d:%d: Unexpected `0` before `%c`", line_and_col, b);
+                        {  snprintf (error, sizeof(error), "%d:%d: Unexpected `0` before `%c`", line_and_col, b);
                            goto e_failed;
                         }
 
@@ -1128,7 +1128,7 @@ json_value * json_parse_ex (json_settings * settings,
                else if (b == '.' && top->type == json_integer)
                {
                   if (!num_digits)
-                  {  sprintf (error, "%d:%d: Expected digit before `.`", line_and_col);
+                  {  snprintf (error, sizeof(error), "%d:%d: Expected digit before `.`", line_and_col);
                      goto e_failed;
                   }
 
@@ -1144,7 +1144,7 @@ json_value * json_parse_ex (json_settings * settings,
                   if (top->type == json_double)
                   {
                      if (!num_digits)
-                     {  sprintf (error, "%d:%d: Expected digit after `.`", line_and_col);
+                     {  snprintf (error, sizeof(error), "%d:%d: Expected digit after `.`", line_and_col);
                         goto e_failed;
                      }
 
@@ -1170,7 +1170,7 @@ json_value * json_parse_ex (json_settings * settings,
                else
                {
                   if (!num_digits)
-                  {  sprintf (error, "%d:%d: Expected digit after `e`", line_and_col);
+                  {  snprintf (error, sizeof(error), "%d:%d: Expected digit after `e`", line_and_col);
                      goto e_failed;
                   }
 
@@ -1256,7 +1256,7 @@ json_value * json_parse_ex (json_settings * settings,
 
 e_unknown_value:
 
-   sprintf (error, "%d:%d: Unknown value", line_and_col);
+   snprintf (error, sizeof(error), "%d:%d: Unknown value", line_and_col);
    goto e_failed;
 
 e_alloc_failure:
@@ -1266,7 +1266,7 @@ e_alloc_failure:
 
 e_overflow:
 
-   sprintf (error, "%d:%d: Too long (caught overflow)", line_and_col);
+   snprintf (error, sizeof(error), "%d:%d: Too long (caught overflow)", line_and_col);
    goto e_failed;
 
 e_failed: