FIXME: buffer overflow warning

This commit is contained in:
Ali H. Fardan 2016-08-28 16:30:12 +03:00
parent 24c4134df6
commit 25eb9ff35e

View File

@ -78,17 +78,17 @@ setstatus(const char *str)
static char * static char *
smprintf(const char *fmt, ...) smprintf(const char *fmt, ...)
{ {
va_list fmtargs; /* FIXME: This code should have
char tmp[120]; bound checks, it is vulnerable to
buffer overflows */
va_list ap;
char *ret = NULL; char *ret = NULL;
va_start(fmtargs, fmt); va_start(ap, fmt);
snprintf(tmp, sizeof(tmp)-1, fmt, fmtargs); if (vasprintf(&ret, fmt, ap) < 0)
tmp[sizeof(tmp)] = '\0';
if (asprintf(&ret, "%s", tmp) < 0)
return NULL; return NULL;
va_end(fmtargs); va_end(ap);
return ret; return ret;
} }