1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36
|
Description: Use snprintf
Use snprintf() when converting dates to strings to make completely sure we
can't overrun the buffer.
Author: Olly Betts <olly@survex.com>
Forwarded: no
Last-Update: 2018-11-29
--- antiword-0.37.orig/summary.c
+++ antiword-0.37/summary.c
@@ -729,7 +729,7 @@ szGetLastSaveDtm(void)
if (pTime == NULL) {
return NULL;
}
- sprintf(szTime, "%04d-%02d-%02d",
+ snprintf(szTime, sizeof(szTime), "%04d-%02d-%02d",
pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday);
return szTime;
} /* end of szGetLastSaveDtm */
@@ -750,7 +750,7 @@ szGetModDate(void)
if (pTime == NULL) {
return NULL;
}
- sprintf(szTime, "D:%04d%02d%02d%02d%02d",
+ snprintf(szTime, sizeof(szTime), "D:%04d%02d%02d%02d%02d",
pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday,
pTime->tm_hour, pTime->tm_min);
return szTime;
@@ -772,7 +772,7 @@ szGetCreationDate(void)
if (pTime == NULL) {
return NULL;
}
- sprintf(szTime, "D:%04d%02d%02d%02d%02d",
+ snprintf(szTime, sizeof(szTime), "D:%04d%02d%02d%02d%02d",
pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday,
pTime->tm_hour, pTime->tm_min);
return szTime;
|