replaced sprintf() with snprintf() to prevent possible buffer overflow
* DOCBparser.c HTMLparser.c debugXML.c encoding.c
nanoftp.c nanohttp.c parser.c tree.c uri.c xmlIO.c
xmllint.c xpath.c: replaced sprintf() with snprintf()
to prevent possible buffer overflow (the bug was pointed
out by Anju Premachandran)
diff --git a/debugXML.c b/debugXML.c
index fcfa57f..22bbb56 100644
--- a/debugXML.c
+++ b/debugXML.c
@@ -1980,11 +1980,11 @@
#endif /* LIBXML_XPATH_ENABLED */
while (1) {
if (ctxt->node == (xmlNodePtr) ctxt->doc)
- sprintf(prompt, "%s > ", "/");
+ snprintf(prompt, sizeof(prompt), "%s > ", "/");
else if (ctxt->node->name)
snprintf(prompt, sizeof(prompt), "%s > ", ctxt->node->name);
else
- sprintf(prompt, "? > ");
+ snprintf(prompt, sizeof(prompt), "? > ");
prompt[sizeof(prompt) - 1] = 0;
/*