1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
Description: Use snprintf
Use snprintf() when converting dates to strings to make completely sure we
can't overrun the buffer.
Author: Olly Betts <olly@survex.com>
Forwarded: no
Last-Update: 2018-11-29
--- antiword-0.37.orig/summary.c
+++ antiword-0.37/summary.c
@@ -729,7 +729,7 @@ szGetLastSaveDtm(void)
if (pTime == NULL) {
return NULL;
}
- sprintf(szTime, "%04d-%02d-%02d",
+ snprintf(szTime, sizeof(szTime), "%04d-%02d-%02d",
pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday);
return szTime;
} /* end of szGetLastSaveDtm */
@@ -750,7 +750,7 @@ szGetModDate(void)
if (pTime == NULL) {
return NULL;
}
- sprintf(szTime, "D:%04d%02d%02d%02d%02d",
+ snprintf(szTime, sizeof(szTime), "D:%04d%02d%02d%02d%02d",
pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday,
pTime->tm_hour, pTime->tm_min);
return szTime;
@@ -772,7 +772,7 @@ szGetCreationDate(void)
if (pTime == NULL) {
return NULL;
}
- sprintf(szTime, "D:%04d%02d%02d%02d%02d",
+ snprintf(szTime, sizeof(szTime), "D:%04d%02d%02d%02d%02d",
pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday,
pTime->tm_hour, pTime->tm_min);
return szTime;
|
