replaced sprintf() with snprintf() to prevent possible buffer overflow * DOCBparser.c HTMLparser.c debugXML.c encoding.c nanoftp.c nanohttp.c parser.c tree.c uri.c xmlIO.c xmllint.c xpath.c: replaced sprintf() with snprintf() to prevent possible buffer overflow (the bug was pointed out by Anju Premachandran)

commit: 49cc97565fbe2928388a1e437c44429097a504ae [log] [tgz]
author: Aleksey Sanin <aleksey@src.gnome.org> Fri Jun 14 17:07:10 2002 +0000
committer: Aleksey Sanin <aleksey@src.gnome.org> Fri Jun 14 17:07:10 2002 +0000
tree: e96c37456485dd61090411351595f4fb820c73b0
parent: e059b891efee0c1834c8a02358eb57cca6587177 [diff] [blame]
diff --git a/xpath.c b/xpath.c
index f4f79b3..8ad2f10 100644
--- a/xpath.c
+++ b/xpath.c

@@ -1135,18 +1135,18 @@
     switch (xmlXPathIsInf(number)) {
     case 1:
 	if (buffersize > (int)sizeof("Infinity"))
-	    sprintf(buffer, "Infinity");
+	    snprintf(buffer, buffersize, "Infinity");
 	break;
     case -1:
 	if (buffersize > (int)sizeof("-Infinity"))
-	    sprintf(buffer, "-Infinity");
+	    snprintf(buffer, buffersize, "-Infinity");
 	break;
     default:
 	if (xmlXPathIsNaN(number)) {
 	    if (buffersize > (int)sizeof("NaN"))
-		sprintf(buffer, "NaN");
+		snprintf(buffer, buffersize, "NaN");
 	} else if (number == 0 && xmlXPathGetSign(number) != 0) {
-	    sprintf(buffer, "0");
+	    snprintf(buffer, buffersize, "0");
 	} else if (number == ((int) number)) {
 	    char work[30];
 	    char *ptr, *cur;
commit	49cc97565fbe2928388a1e437c44429097a504ae	[log] [tgz]
author	Aleksey Sanin <aleksey@src.gnome.org>	Fri Jun 14 17:07:10 2002 +0000
committer	Aleksey Sanin <aleksey@src.gnome.org>	Fri Jun 14 17:07:10 2002 +0000
tree	e96c37456485dd61090411351595f4fb820c73b0
parent	e059b891efee0c1834c8a02358eb57cca6587177 [diff] [blame]