From 5becf993572d060a171ab69989ce83a8b8a92b1b Mon Sep 17 00:00:00 2001 From: Sean McBride Date: Tue, 30 Jan 2024 21:27:34 -0500 Subject: [PATCH] Replaced various sprintf with snprintf snprintf is safer because the buffer length is specified, so can't be overrun. --- src/mat73.c | 4 ++-- tools/matdump.c | 8 ++++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/mat73.c b/src/mat73.c index 3a66ec41..f83366e5 100644 --- a/src/mat73.c +++ b/src/mat73.c @@ -1401,11 +1401,11 @@ Mat_VarWriteRef(hid_t id, matvar_t *matvar, enum matio_compression compression, err = MATIO_E_BAD_ARGUMENT; } else { char obj_name[64]; - sprintf(obj_name, "%llu", (unsigned long long)group_info.nlinks); + snprintf(obj_name, sizeof(obj_name), "%llu", (unsigned long long)group_info.nlinks); if ( NULL != matvar ) matvar->compression = compression; err = Mat_VarWriteNext73(*refs_id, matvar, obj_name, refs_id); - sprintf(obj_name, "/#refs#/%llu", (unsigned long long)group_info.nlinks); + snprintf(obj_name, sizeof(obj_name), "/#refs#/%llu", (unsigned long long)group_info.nlinks); H5Rcreate(ref, id, obj_name, H5R_OBJECT, -1); } return err; diff --git a/tools/matdump.c b/tools/matdump.c index 3154ff86..2c54afd6 100644 --- a/tools/matdump.c +++ b/tools/matdump.c @@ -538,8 +538,12 @@ print_whos(matvar_t *matvar) int cnt = 0; printf("%8" SIZE_T_FMTSTR, matvar->dims[0]); for ( i = 1; i < matvar->rank; i++ ) { - if ( ceil(log10((double)matvar->dims[i])) + 1 < 32 ) - cnt += sprintf(size + cnt, "x%" SIZE_T_FMTSTR, matvar->dims[i]); + if ( ceil(log10((double)matvar->dims[i])) + 1 < 32 ) { + cnt += snprintf(size + cnt, sizeof(size) - cnt, "x%" SIZE_T_FMTSTR, matvar->dims[i]); + if (cnt >= sizeof(size)) { + break; + } + } } printf("%-10s", size); } else {