Replace sprintf with snprintf
o9000 mrovi9000@gmail.com
9 files changed,
67 insertions(+),
54 deletions(-)
M
src/execplugin/execplugin.c
→
src/execplugin/execplugin.c
@@ -882,22 +882,22 @@ }
return FALSE; } -const char *time_to_string(int seconds, char *buffer) +const char *time_to_string(int seconds, char *buffer, size_t buffer_size) { if (seconds < 60) { - sprintf(buffer, "%ds", seconds); + snprintf(buffer, buffer_size, "%ds", seconds); } else if (seconds < 60 * 60) { int m = seconds / 60; seconds = seconds % 60; int s = seconds; - sprintf(buffer, "%d:%ds", m, s); + snprintf(buffer, buffer_size, "%d:%ds", m, s); } else { int h = seconds / (60 * 60); seconds = seconds % (60 * 60); int m = seconds / 60; seconds = seconds % 60; int s = seconds; - sprintf(buffer, "%d:%d:%ds", h, m, s); + snprintf(buffer, buffer_size, "%d:%d:%ds", h, m, s); } return buffer; }@@ -923,35 +923,39 @@ // Not executing command
if (execp->backend->last_update_finish_time) { // We updated at least once if (execp->backend->interval > 0) { - sprintf(execp->backend->tooltip_text, - "Last update finished %s ago (took %s). Next update starting in %s.", - time_to_string((int)(now - execp->backend->last_update_finish_time), tmp_buf1), - time_to_string((int)execp->backend->last_update_duration, tmp_buf2), - time_to_string((int)(execp->backend->interval - (now - execp->backend->last_update_finish_time)), - tmp_buf3)); + snprintf(execp->backend->tooltip_text, + sizeof(execp->backend->tooltip_text), + "Last update finished %s ago (took %s). Next update starting in %s.", + time_to_string((int)(now - execp->backend->last_update_finish_time), tmp_buf1, sizeof(tmp_buf1)), + time_to_string((int)execp->backend->last_update_duration, tmp_buf2, sizeof(tmp_buf2)), + time_to_string((int)(execp->backend->interval - (now - execp->backend->last_update_finish_time)), + tmp_buf3, sizeof(tmp_buf3))); } else { - sprintf(execp->backend->tooltip_text, - "Last update finished %s ago (took %s).", - time_to_string((int)(now - execp->backend->last_update_finish_time), tmp_buf1), - time_to_string((int)execp->backend->last_update_duration, tmp_buf2)); + snprintf(execp->backend->tooltip_text, + sizeof(execp->backend->tooltip_text), + "Last update finished %s ago (took %s).", + time_to_string((int)(now - execp->backend->last_update_finish_time), tmp_buf1, sizeof(tmp_buf1)), + time_to_string((int)execp->backend->last_update_duration, tmp_buf2, sizeof(tmp_buf2))); } } else { // we never requested an update - sprintf(execp->backend->tooltip_text, "Never updated. No update scheduled."); + snprintf(execp->backend->tooltip_text, sizeof(execp->backend->tooltip_text), "Never updated. No update scheduled."); } } else { // Currently executing command if (execp->backend->last_update_finish_time) { // we finished updating at least once - sprintf(execp->backend->tooltip_text, - "Last update finished %s ago. Update in progress (started %s ago).", - time_to_string((int)(now - execp->backend->last_update_finish_time), tmp_buf1), - time_to_string((int)(now - execp->backend->last_update_start_time), tmp_buf3)); + snprintf(execp->backend->tooltip_text, + sizeof(execp->backend->tooltip_text), + "Last update finished %s ago. Update in progress (started %s ago).", + time_to_string((int)(now - execp->backend->last_update_finish_time), tmp_buf1, sizeof(tmp_buf1)), + time_to_string((int)(now - execp->backend->last_update_start_time), tmp_buf3, sizeof(tmp_buf3))); } else { // we never finished an update - sprintf(execp->backend->tooltip_text, - "First update in progress (started %s seconds ago).", - time_to_string((int)(now - execp->backend->last_update_start_time), tmp_buf1)); + snprintf(execp->backend->tooltip_text, + sizeof(execp->backend->tooltip_text), + "First update in progress (started %s seconds ago).", + time_to_string((int)(now - execp->backend->last_update_start_time), tmp_buf1, sizeof(tmp_buf1))); } } return strdup(execp->backend->tooltip_text);
M
src/launcher/apps-common.c
→
src/launcher/apps-common.c
@@ -60,9 +60,9 @@ // %i -> --icon Icon
// %c -> Name // %k -> path if (entry->exec) { - char *exec2 = calloc(strlen(entry->exec) + (entry->name ? strlen(entry->name) : 1) + - (entry->icon ? strlen(entry->icon) : 1) + 100, - 1); + size_t buf_size = strlen(entry->exec) + (entry->name ? strlen(entry->name) : 1) + + (entry->icon ? strlen(entry->icon) : 1) + 100; + char *exec2 = calloc(buf_size, 1); char *p, *q; // p will never point to an escaped char for (p = entry->exec, q = exec2; *p; p++, q++) {@@ -82,23 +82,30 @@ p++;
if (!*p) break; if (*p == 'i' && entry->icon != NULL) { - sprintf(q, "--icon '%s'", entry->icon); + snprintf(q, buf_size, "--icon '%s'", entry->icon); + char *old = q; q += strlen("--icon ''"); q += strlen(entry->icon); + buf_size -= (size_t)(q - old); q--; // To balance the q++ in the for } else if (*p == 'c' && entry->name != NULL) { - sprintf(q, "'%s'", entry->name); + snprintf(q, buf_size, "'%s'", entry->name); + char *old = q; q += strlen("''"); q += strlen(entry->name); + buf_size -= (size_t)(q - old); q--; // To balance the q++ in the for } else if (*p == 'c') { - sprintf(q, "'%s'", path); + snprintf(q, buf_size, "'%s'", path); + char *old = q; q += strlen("''"); q += strlen(path); + buf_size -= (size_t)(q - old); q--; // To balance the q++ in the for } else if (*p == 'f' || *p == 'F') { - sprintf(q, "%c%c", '%', *p); + snprintf(q, buf_size, "%c%c", '%', *p); q += 2; + buf_size -= 2; q--; // To balance the q++ in the for } else { // We don't care about other expansions
M
src/launcher/icon-theme-common.c
→
src/launcher/icon-theme-common.c
@@ -621,7 +621,7 @@ file_name = realloc(file_name, file_name_size);
} file_name[0] = 0; // filename = directory/$(themename)/subdirectory/iconname.extension - sprintf(file_name, "%s/%s/%s/%s%s", base_name, theme_name, dir_name, icon_name, extension); + snprintf(file_name, (size_t)file_name_size, "%s/%s/%s/%s%s", base_name, theme_name, dir_name, icon_name, extension); if (debug_icons) fprintf(stderr, "tint2: Checking %s\n", file_name); if (g_file_test(file_name, G_FILE_TEST_EXISTS)) {@@ -679,9 +679,10 @@ for (const GSList *base = basenames; base; base = g_slist_next(base)) {
for (GSList *ext = extensions; ext; ext = g_slist_next(ext)) { char *base_name = (char *)base->data; char *extension = (char *)ext->data; - file_name = calloc(strlen(base_name) + strlen(icon_name) + strlen(extension) + 100, 1); + size_t file_name_size = strlen(base_name) + strlen(icon_name) + strlen(extension) + 100; + file_name = calloc(file_name_size, 1); // filename = directory/iconname.extension - sprintf(file_name, "%s/%s%s", base_name, icon_name, extension); + snprintf(file_name, file_name_size, "%s/%s%s", base_name, icon_name, extension); if (debug_icons) fprintf(stderr, "tint2: Checking %s\n", file_name); if (g_file_test(file_name, G_FILE_TEST_EXISTS)) {
M
src/launcher/launcher.c
→
src/launcher/launcher.c
@@ -470,7 +470,7 @@ launcherIcon->area._draw_foreground = draw_launcher_icon;
launcherIcon->area.size_mode = LAYOUT_FIXED; launcherIcon->area._resize = NULL; launcherIcon->area._compute_desired_size = launcher_icon_compute_desired_size; - sprintf(launcherIcon->area.name, "LauncherIcon %d", index); + snprintf(launcherIcon->area.name, sizeof(launcherIcon->area.name), "LauncherIcon %d", index); launcherIcon->area.resize_needed = 0; launcherIcon->area.has_mouse_over_effect = panel_config.mouse_effects; launcherIcon->area.has_mouse_press_effect = launcherIcon->area.has_mouse_over_effect;
M
src/main.c
→
src/main.c
@@ -723,7 +723,7 @@ }
if (debug_frames) { for (int i = 0; i < num_panels; i++) { char path[256]; - sprintf(path, "tint2-%d-panel-%d-frame-%d.png", getpid(), i, frame); + snprintf(path, sizeof(path), "tint2-%d-panel-%d-frame-%d.png", getpid(), i, frame); save_panel_screenshot(&panels[i], path); } }
M
src/tint2conf/properties.c
→
src/tint2conf/properties.c
@@ -1312,19 +1312,19 @@ name = _("Free space");
} else if (v == ':') { separator_index++; buffer[0] = 0; - sprintf(buffer, "%s %d", _("Separator"), separator_index + 1); + snprintf(buffer, sizeof(buffer), "%s %d", _("Separator"), separator_index + 1); name = buffer; value = ":"; } else if (v == 'E') { execp_index++; buffer[0] = 0; - sprintf(buffer, "%s %d", _("Executor"), execp_index + 1); + snprintf(buffer, sizeof(buffer), "%s %d", _("Executor"), execp_index + 1); name = buffer; value = "E"; } else if (v == 'P') { button_index++; buffer[0] = 0; - sprintf(buffer, "%s %d", _("Button"), button_index + 1); + snprintf(buffer, sizeof(buffer), "%s %d", _("Button"), button_index + 1); name = buffer; value = "P"; } else {@@ -4097,7 +4097,7 @@ int row, col;
Separator *separator = &g_array_index(separators, Separator, i); separator->name[0] = 0; - sprintf(separator->name, "%s %d", _("Separator"), i + 1); + snprintf(separator->name, sizeof(separator->name), "%s %d", _("Separator"), i + 1); separator->page_label = gtk_label_new(separator->name); gtk_widget_show(separator->page_label); separator->page_separator = gtk_vbox_new(FALSE, DEFAULT_HOR_SPACING);@@ -4223,7 +4223,7 @@
Executor *executor = &g_array_index(executors, Executor, i); executor->name[0] = 0; - sprintf(executor->name, "%s %d", _("Executor"), i + 1); + snprintf(executor->name, sizeof(executor->name), "%s %d", _("Executor"), i + 1); executor->page_label = gtk_label_new(executor->name); gtk_widget_show(executor->page_label); executor->page_execp = gtk_vbox_new(FALSE, DEFAULT_HOR_SPACING);@@ -4644,7 +4644,7 @@
Button *button = &g_array_index(buttons, Button, i); button->name[0] = 0; - sprintf(button->name, "%s %d", _("Button"), i + 1); + snprintf(button->name, sizeof(button->name), "%s %d", _("Button"), i + 1); button->page_label = gtk_label_new(button->name); gtk_widget_show(button->page_label); button->page_button = gtk_vbox_new(FALSE, DEFAULT_HOR_SPACING);@@ -5033,7 +5033,7 @@ void separator_update_indices()
{ for (int i = 0; i < separators->len; i++) { Separator *separator = &g_array_index(separators, Separator, i); - sprintf(separator->name, "%s %d", _("Separator"), i + 1); + snprintf(separator->name, sizeof(separator->name), "%s %d", _("Separator"), i + 1); gtk_label_set_text(GTK_LABEL(separator->page_label), separator->name); }@@ -5051,7 +5051,7 @@ if (g_str_equal(value, ":")) {
separator_index++; char buffer[256]; buffer[0] = 0; - sprintf(buffer, "%s %d", _("Separator"), separator_index + 1); + snprintf(buffer, sizeof(buffer), "%s %d", _("Separator"), separator_index + 1); gtk_list_store_set(panel_items, &iter, itemsColName, buffer, -1); }@@ -5065,7 +5065,7 @@ void execp_update_indices()
{ for (int i = 0; i < executors->len; i++) { Executor *executor = &g_array_index(executors, Executor, i); - sprintf(executor->name, "%s %d", _("Executor"), i + 1); + snprintf(executor->name, sizeof(executor->name), "%s %d", _("Executor"), i + 1); gtk_label_set_text(GTK_LABEL(executor->page_label), executor->name); }@@ -5083,7 +5083,7 @@ if (g_str_equal(value, "E")) {
execp_index++; char buffer[256]; buffer[0] = 0; - sprintf(buffer, "%s %d", _("Executor"), execp_index + 1); + snprintf(buffer, sizeof(buffer), "%s %d", _("Executor"), execp_index + 1); gtk_list_store_set(panel_items, &iter, itemsColName, buffer, -1); }@@ -5097,7 +5097,7 @@ void button_update_indices()
{ for (int i = 0; i < buttons->len; i++) { Button *button = &g_array_index(buttons, Button, i); - sprintf(button->name, "%s %d", _("Button"), i + 1); + snprintf(button->name, sizeof(button->name), "%s %d", _("Button"), i + 1); gtk_label_set_text(GTK_LABEL(button->page_label), button->name); }@@ -5115,7 +5115,7 @@ if (g_str_equal(value, "P")) {
button_index++; char buffer[256]; buffer[0] = 0; - sprintf(buffer, "%s %d", _("Button"), button_index + 1); + snprintf(buffer, sizeof(buffer), "%s %d", _("Button"), button_index + 1); gtk_list_store_set(panel_items, &iter, itemsColName, buffer, -1); }
M
src/tint2conf/properties_rw.c
→
src/tint2conf/properties_rw.c
@@ -478,7 +478,7 @@ {
GdkColor color; gtk_color_button_get_color(GTK_COLOR_BUTTON(task_color), &color); char full_name[128]; - sprintf(full_name, "task%s_font_color", name); + snprintf(full_name, sizeof(full_name), "task%s_font_color", name); config_write_color(fp, full_name, color, gtk_color_button_get_alpha(GTK_COLOR_BUTTON(task_color)) * 100 / 0xffff); }@@ -489,7 +489,7 @@ GtkWidget *widget_saturation,
GtkWidget *widget_brightness) { char full_name[128]; - sprintf(full_name, "task%s_icon_asb", name); + snprintf(full_name, sizeof(full_name), "task%s_icon_asb", name); fprintf(fp, "%s = %d %d %d\n", full_name,@@ -501,7 +501,7 @@
void config_write_task_background(FILE *fp, char *name, GtkWidget *task_background) { char full_name[128]; - sprintf(full_name, "task%s_background_id", name); + snprintf(full_name, sizeof(full_name), "task%s_background_id", name); fprintf(fp, "%s = %d\n", full_name, gtk_combo_box_get_active(GTK_COMBO_BOX(task_background))); }
M
src/util/common.c
→
src/util/common.c
@@ -191,7 +191,7 @@ case SIGSYS:
return "SIGSYS: Bad system call."; } static char s[64]; - sprintf(s, "SIG=%d: Unknown", sig); + snprintf(s, sizeof(s), "SIG=%d: Unknown", sig); return s; }@@ -266,7 +266,7 @@
int setenvd(const char *name, const int value) { char buf[256]; - sprintf(buf, "%d", value); + snprintf(buf, sizeof(buf), "%d", value); return setenv(name, buf, 1); }@@ -793,7 +793,7 @@ image = imlib_load_image_immediately_without_cache(path);
} if (!image && g_str_has_suffix(path, ".svg")) { char tmp_filename[128]; - sprintf(tmp_filename, "/tmp/tint2-%d.png", (int)getpid()); + snprintf(tmp_filename, sizeof(tmp_filename), "/tmp/tint2-%d.png", (int)getpid()); int fd = open(tmp_filename, O_CREAT | O_EXCL, 0600); if (fd >= 0) { // We fork here because librsvg allocates memory like crazy
M
src/util/tracing.c
→
src/util/tracing.c
@@ -49,8 +49,9 @@ char *result = strdup(strings[0] ? strings[0] : "??");
free(strings); return result; #else - char *result = (char*) calloc(32, 1); - sprintf(result, "%p", func); + const size_t buf_size = 32; + char *result = (char*) calloc(buf_size, 1); + snprintf(result, buf_size, "%p", func); return result; #endif }