X-Git-Url: https://ncurses.scripts.mit.edu/?p=ncurses.git;a=blobdiff_plain;f=ncurses%2Fbase%2Fsafe_sprintf.c;h=34abd2f8cf47409bfe9973a1dfba78f96b861f06;hp=283b3291081d4b54894688608454a12c2b19317b;hb=4aaab5e7c855d212deaa53608a08de5648fd86f6;hpb=7a6bbc8cf41c5186d46accc3d08622dc86526b34;ds=sidebyside

diff --git a/ncurses/base/safe_sprintf.c b/ncurses/base/safe_sprintf.c
index 283b3291..34abd2f8 100644
--- a/ncurses/base/safe_sprintf.c
+++ b/ncurses/base/safe_sprintf.c
@@ -1,5 +1,5 @@
 /****************************************************************************
- * Copyright (c) 1998-2007,2009 Free Software Foundation, Inc.              *
+ * Copyright (c) 1998-2012,2013 Free Software Foundation, Inc.              *
  *                                                                          *
  * Permission is hereby granted, free of charge, to any person obtaining a  *
  * copy of this software and associated documentation files (the            *
@@ -27,13 +27,13 @@
  ****************************************************************************/
 
 /****************************************************************************
- *  Author: Thomas E. Dickey <dickey@clark.net> 1997                        *
+ *  Author: Thomas E. Dickey        1997-on                                 *
  ****************************************************************************/
 
 #include <curses.priv.h>
 #include <ctype.h>
 
-MODULE_ID("$Id: safe_sprintf.c,v 1.22 2009/04/18 18:46:46 tom Exp $")
+MODULE_ID("$Id: safe_sprintf.c,v 1.27 2013/01/20 01:04:32 tom Exp $")
 
 #if USE_SAFE_SPRINTF
 
@@ -109,12 +109,16 @@ _nc_printf_length(const char *fmt, va_list ap)
 		    } else if (state == Prec) {
 			prec = ival;
 		    }
-		    sprintf(fmt_arg, "%d", ival);
+		    _nc_SPRINTF(fmt_arg,
+				_nc_SLIMIT(sizeof(fmt_arg))
+				"%d", ival);
 		    fmt_len += strlen(fmt_arg);
 		    if ((format = _nc_doalloc(format, fmt_len)) == 0) {
+			free(buffer);
 			return -1;
 		    }
-		    strcpy(&format[--f], fmt_arg);
+		    --f;
+		    _nc_STRCPY(&format[f], fmt_arg, fmt_len - f);
 		    f = strlen(format);
 		} else if (isalpha(UChar(*fmt))) {
 		    done = TRUE;
@@ -185,13 +189,13 @@ _nc_printf_length(const char *fmt, va_list ap)
 	    format[f] = '\0';
 	    switch (used) {
 	    case 'i':
-		sprintf(buffer, format, ival);
+		_nc_SPRINTF(buffer, _nc_SLIMIT(length) format, ival);
 		break;
 	    case 'f':
-		sprintf(buffer, format, fval);
+		_nc_SPRINTF(buffer, _nc_SLIMIT(length) format, fval);
 		break;
 	    default:
-		sprintf(buffer, format, pval);
+		_nc_SPRINTF(buffer, _nc_SLIMIT(length) format, pval);
 		break;
 	    }
 	    len += (int) strlen(buffer);
@@ -222,7 +226,12 @@ NCURSES_SP_NAME(_nc_printf_string) (NCURSES_SP_DCLx
 
     if (fmt != 0) {
 #if USE_SAFE_SPRINTF
-	int len = _nc_printf_length(fmt, ap);
+	va_list ap2;
+	int len;
+
+	begin_va_copy(ap2, ap);
+	len = _nc_printf_length(fmt, ap2);
+	end_va_copy(ap2);
 
 	if ((int) my_length < len + 1) {
 	    my_length = 2 * (len + 1);
@@ -244,7 +253,7 @@ NCURSES_SP_NAME(_nc_printf_string) (NCURSES_SP_DCLx
 		MyRows = screen_lines(SP_PARM);
 	    if (screen_columns(SP_PARM) > MyCols)
 		MyCols = screen_columns(SP_PARM);
-	    my_length = (MyRows * (MyCols + 1)) + 1;
+	    my_length = (size_t) (MyRows * (MyCols + 1)) + 1;
 	    my_buffer = typeRealloc(char, my_length, my_buffer);
 	}