Menu
▾
▴
[Plplot-cvs] SF.net SVN: plplot:[9473] trunk/src
|
From: <and...@us...> - 2009-02-08 20:44:33
|
Revision: 9473
http://plplot.svn.sourceforge.net/plplot/?rev=9473&view=rev
Author: andrewross
Date: 2009-02-08 20:44:22 +0000 (Sun, 08 Feb 2009)
Log Message:
-----------
Replace use of sprintf, strcat and strcpy with snprintf, strncat, strncpy to prevent
the possibility of user-supplied data leading to buffer overflows.
Modified Paths:
--------------
trunk/src/plbox.c
trunk/src/plbuf.c
trunk/src/plcont.c
trunk/src/plcore.c
trunk/src/plctrl.c
trunk/src/plfreetype.c
trunk/src/plgridd.c
trunk/src/plmap.c
Modified: trunk/src/plbox.c
===================================================================
--- trunk/src/plbox.c 2009-02-08 00:31:05 UTC (rev 9472)
+++ trunk/src/plbox.c 2009-02-08 20:44:22 UTC (rev 9473)
@@ -52,7 +52,7 @@
PLFLT wy2, PLFLT disp, PLFLT pos, PLFLT just, const char *text);
static void
-plform(PLFLT value, PLINT scale, PLINT prec, char *result, PLINT ll, PLINT lf);
+plform(PLFLT value, PLINT scale, PLINT prec, char *result, PLINT len, PLINT ll, PLINT lf);
static void
grid_box(const char *xopt, PLFLT xtick1, PLINT nxsub1,
@@ -773,7 +773,7 @@
tp = tick1 * (1. + floor(vmin / tick1));
for (tn = tp; BETW(tn, vmin, vmax); tn += tick1) {
if(BETW(tn, vmin+tcrit, vmax-tcrit)) {
- plform(tn, scale, prec, string, ll, lf);
+ plform(tn, scale, prec, string, 40, ll, lf);
pos = (vmax_in > vmin_in)?
(tn - vmin) / (vmax - vmin):
(vmax - tn) / (vmax - vmin);
@@ -782,7 +782,7 @@
}
*digits = 2;
if (!ll && mode) {
- sprintf(string, "(x10#u%d#d)", (int) scale);
+ snprintf(string, 40, "(x10#u%d#d)", (int) scale);
plxytx(wx1, wy1, wx2, wy2, height, 1.0, 0.5, string);
}
}
@@ -989,7 +989,7 @@
*digits = 0;
tp = tick1 * floor(vmin / tick1);
for (tn = tp + tick1; BETW(tn, vmin, vmax); tn += tick1) {
- plform(tn, scale, prec, string, ll, lf);
+ plform(tn, scale, prec, string, 40, ll, lf);
pos = (vmax_in > vmin_in)?
(tn - vmin) / (vmax - vmin):
(vmax - tn) / (vmax - vmin);
@@ -1003,7 +1003,7 @@
*digits = MAX(*digits, lstring);
}
if (!ll && mode) {
- sprintf(string, "(x10#u%d#d)", (int) scale);
+ snprintf(string, 40, "(x10#u%d#d)", (int) scale);
pos = 1.15;
height = 0.5;
if (ln && !right) {
@@ -1252,7 +1252,7 @@
strfMJD(string, 40, timefmt, &tm, 0);
}
else {
- plform(tn, xscale, xprec, string, llx, lfx);
+ plform(tn, xscale, xprec, string, 40, llx, lfx);
}
height = lix ? 1.75 : 1.5;
pos = (vpwxmax > vpwxmin)?
@@ -1271,7 +1271,7 @@
if (!llx && !ldx && xmode) {
pos = 1.0;
height = 3.2;
- sprintf(string, "(x10#u%d#d)", (int) xscale);
+ snprintf(string, 40, "(x10#u%d#d)", (int) xscale);
if (lnx)
plmtex("b", height, pos, 0.5, string);
if (lmx)
@@ -1301,7 +1301,7 @@
strfMJD(string, 40, timefmt, &tm, 0);
}
else {
- plform(tn, yscale, yprec, string, lly, lfy);
+ plform(tn, yscale, yprec, string, 40, lly, lfy);
}
pos = (vpwymax > vpwymin)?
(tn - vpwymi) / (vpwyma - vpwymi):
@@ -1334,7 +1334,7 @@
/* Write separate exponential label if mode = 1. */
if (!lly && !ldy && ymode) {
- sprintf(string, "(x10#u%d#d)", (int) yscale);
+ snprintf(string, 40, "(x10#u%d#d)", (int) yscale);
offset = 0.02;
height = 2.0;
if (lny) {
@@ -1372,7 +1372,7 @@
\*--------------------------------------------------------------------------*/
static void
-plform(PLFLT value, PLINT scale, PLINT prec, char *string, PLINT ll, PLINT lf)
+plform(PLFLT value, PLINT scale, PLINT prec, char *string, PLINT len, PLINT ll, PLINT lf)
{
if (ll) {
@@ -1387,18 +1387,18 @@
value = pow(10.0, exponent);
if (exponent < 0) {
char form[10];
- sprintf(form, "%%.%df", ABS(exponent));
- sprintf(string, form, value);
+ snprintf(form, 10, "%%.%df", ABS(exponent));
+ snprintf(string, len, form, value);
}
else {
- sprintf(string, "%d", (int) value);
+ snprintf(string, len, "%d", (int) value);
}
}
else {
/* Exponential, i.e. 10^-1, 10^0, 10^1, etc */
- sprintf(string, "10#u%d", (int) ROUND(value));
+ snprintf(string, len, "10#u%d", (int) ROUND(value));
}
}
else {
@@ -1422,8 +1422,8 @@
scale2 = pow(10., prec);
value = floor((value * scale2) + .5) / scale2;
- sprintf(form, "%%.%df", (int) prec);
- sprintf(temp, form, value);
- strcpy(string, temp);
+ snprintf(form, 10, "%%.%df", (int) prec);
+ snprintf(temp, 30, form, value);
+ strncpy(string, temp, len);
}
}
Modified: trunk/src/plbuf.c
===================================================================
--- trunk/src/plbuf.c 2009-02-08 00:31:05 UTC (rev 9472)
+++ trunk/src/plbuf.c 2009-02-08 20:44:22 UTC (rev 9473)
@@ -508,7 +508,7 @@
else {
if ((int) icol0 >= pls->ncol0) {
char buffer[256];
- sprintf(buffer, "rdbuf_state: Invalid color map entry: %d", (int) icol0);
+ snprintf(buffer, 256, "rdbuf_state: Invalid color map entry: %d", (int) icol0);
plabort(buffer);
return;
}
Modified: trunk/src/plcont.c
===================================================================
--- trunk/src/plcont.c 2009-02-08 00:31:05 UTC (rev 9472)
+++ trunk/src/plcont.c 2009-02-08 20:44:22 UTC (rev 9473)
@@ -51,7 +51,7 @@
PLPointer pltr_data);
static void
-plfloatlabel(PLFLT value, char *string);
+plfloatlabel(PLFLT value, char *string, PLINT len);
static PLFLT
plP_pcwcx(PLINT x);
@@ -306,7 +306,7 @@
* print the label
*/
-static void plfloatlabel(PLFLT value, char *string)
+static void plfloatlabel(PLFLT value, char *string, PLINT len)
{
PLINT setpre, precis;
/* form[10] gives enough space for all non-malicious formats.
@@ -349,10 +349,10 @@
if (mant != 0.0)
mant = (int )(mant*pow(10.0, prec-1) + 0.5*mant/fabs(mant))/pow(10.0, prec-1);
- sprintf(form, "%%.%df", prec-1);
- sprintf(string, form, mant);
- sprintf(tmpstring, "#(229)10#u%d", exponent);
- strcat(string, tmpstring);
+ snprintf(form, 10, "%%.%df", prec-1);
+ snprintf(string, len, form, mant);
+ snprintf(tmpstring, 15, "#(229)10#u%d", exponent);
+ strncat(string, tmpstring, len);
if (abs(exponent) < limexp || value == 0.0) {
value = pow(10.0, exponent) * mant;
@@ -365,8 +365,8 @@
if (prec < 0)
prec = 0;
- sprintf(form, "%%.%df", (int) prec);
- sprintf(string, form, value);
+ snprintf(form, 10, "%%.%df", (int) prec);
+ snprintf(string, len, form, value);
}
}
@@ -588,7 +588,7 @@
cont_new_store(flev);
/* format contour label for plptex and define the font height of the labels */
- plfloatlabel(flev, flabel);
+ plfloatlabel(flev, flabel, 30);
plschr(0.0, contlabel_size);
/* Clear array for traversed squares */
Modified: trunk/src/plcore.c
===================================================================
--- trunk/src/plcore.c 2009-02-08 00:31:05 UTC (rev 9472)
+++ trunk/src/plcore.c 2009-02-08 20:44:22 UTC (rev 9473)
@@ -400,7 +400,7 @@
*num = strtoul(text,&endptr,0);
if (end != endptr[0]) {
- sprintf(msgbuf,"text2num: invalid control string detected - %c expected",end);
+ snprintf(msgbuf,80,"text2num: invalid control string detected - %c expected",end);
plwarn(msgbuf);
}
@@ -679,7 +679,7 @@
if (ptr == NULL) {
char buf[80];
strncpy (buf, string, 30);
- sprintf (buf, "UTF-8 string is malformed: %s%s",
+ snprintf (buf, 80, "UTF-8 string is malformed: %s%s",
buf, strlen (string) > 30 ? "[...]" : "");
plabort (buf);
return;
@@ -2258,10 +2258,10 @@
FILE* fd;
/* Open the driver's info file */
- sprintf (path, "%s/%s", drvdir, name);
+ snprintf (path, 300, "%s/%s", drvdir, name);
fd = fopen (path, "r");
if (fd == NULL) {
- sprintf (buf,
+ snprintf (buf, 300,
"plInitDispatchTable: Could not open driver info file %s\n",
name);
plabort (buf);
@@ -2554,9 +2554,9 @@
{
char drvspec[ 400 ];
#ifdef LTDL_WIN32
- sprintf( drvspec, "%s", driver->drvnam );
+ snprintf( drvspec, 400, "%s", driver->drvnam );
#else
- sprintf( drvspec, "%s/%s", plGetDrvDir (), driver->drvnam );
+ snprintf( drvspec, 400, "%s/%s", plGetDrvDir (), driver->drvnam );
#endif /* LTDL_WIN32 */
pldebug("plLoadDriver", "Trying to load %s on %s\n",
@@ -2577,7 +2577,7 @@
/* Now we are ready to ask the driver's device dispatch init function to
initialize the entries in the dispatch table. */
- sprintf( sym, "plD_dispatch_init_%s", tag );
+ snprintf( sym, 60, "plD_dispatch_init_%s", tag );
{
PLDispatchInit dispatch_init = (PLDispatchInit) lt_dlsym( driver->dlhand, sym );
if (!dispatch_init)
Modified: trunk/src/plctrl.c
===================================================================
--- trunk/src/plctrl.c 2009-02-08 00:31:05 UTC (rev 9472)
+++ trunk/src/plctrl.c 2009-02-08 20:44:22 UTC (rev 9473)
@@ -121,7 +121,7 @@
}
if (icol0 < 0 || icol0 >= plsc->ncol0) {
char buffer[256];
- sprintf(buffer, "plcol0: Invalid color map entry: %d", (int) icol0);
+ snprintf(buffer, 256, "plcol0: Invalid color map entry: %d", (int) icol0);
plabort(buffer);
return;
}
@@ -153,7 +153,7 @@
}
if (col1 < 0 || col1 > 1) {
char buffer[256];
- sprintf(buffer, "plcol1: Invalid color map position: %f", (PLFLT) col1);
+ snprintf(buffer, 256, "plcol1: Invalid color map position: %f", (PLFLT) col1);
plabort(buffer);
return;
}
@@ -233,13 +233,13 @@
plscmap0n(0);
if (icol0 < 0 || icol0 >= plsc->ncol0) {
char buffer[256];
- sprintf(buffer, "plscol0: Illegal color table value: %d", (int) icol0);
+ snprintf(buffer, 256, "plscol0: Illegal color table value: %d", (int) icol0);
plabort(buffer);
return;
}
if ((r < 0 || r > 255) || (g < 0 || g > 255) || (b < 0 || b > 255)) {
char buffer[256];
- sprintf(buffer, "plscol0: Invalid RGB color: %d, %d, %d",
+ snprintf(buffer, 256, "plscol0: Invalid RGB color: %d, %d, %d",
(int) r, (int) g, (int) b);
plabort(buffer);
return;
@@ -262,13 +262,13 @@
plscmap0n(0);
if (icol0 < 0 || icol0 >= plsc->ncol0) {
char buffer[256];
- sprintf(buffer, "plscol0a: Illegal color table value: %d", (int) icol0);
+ snprintf(buffer, 256, "plscol0a: Illegal color table value: %d", (int) icol0);
plabort(buffer);
return;
}
if ((r < 0 || r > 255) || (g < 0 || g > 255) || (b < 0 || b > 255) || (a < 0 || a > 1.0)) {
char buffer[256];
- sprintf(buffer, "plscol0a: Invalid RGB color: %d, %d, %d, %f",
+ snprintf(buffer, 256, "plscol0a: Invalid RGB color: %d, %d, %d, %f",
(int) r, (int) g, (int) b, (double) a);
plabort(buffer);
return;
@@ -302,7 +302,7 @@
if (icol0 < 0 || icol0 > plsc->ncol0) {
char buffer[256];
- sprintf(buffer, "plgcol0: Invalid color index: %d", (int) icol0);
+ snprintf(buffer, 256, "plgcol0: Invalid color index: %d", (int) icol0);
plabort(buffer);
return;
}
@@ -334,7 +334,7 @@
if (icol0 < 0 || icol0 > plsc->ncol0) {
char buffer[256];
- sprintf(buffer, "plgcol0: Invalid color index: %d", (int) icol0);
+ snprintf(buffer, 256, "plgcol0: Invalid color index: %d", (int) icol0);
plabort(buffer);
return;
}
@@ -367,7 +367,7 @@
(b[i] < 0 || b[i] > 255)) {
char buffer[256];
- sprintf(buffer, "plscmap0: Invalid RGB color: %d, %d, %d",
+ snprintf(buffer, 256, "plscmap0: Invalid RGB color: %d, %d, %d",
(int) r[i], (int) g[i], (int) b[i]);
plabort(buffer);
return;
@@ -404,7 +404,7 @@
(a[i] < 0.0 || a[i] > 1.0)) {
char buffer[256];
- sprintf(buffer, "plscmap0a: Invalid RGB color: %d, %d, %d, %f",
+ snprintf(buffer, 256, "plscmap0a: Invalid RGB color: %d, %d, %d, %f",
(int) r[i], (int) g[i], (int) b[i], (double) a[i]);
plabort(buffer);
return;
@@ -440,7 +440,7 @@
(b[i] < 0 || b[i] > 255)) {
char buffer[256];
- sprintf(buffer, "plscmap1: Invalid RGB color: %d, %d, %d",
+ snprintf(buffer, 256, "plscmap1: Invalid RGB color: %d, %d, %d",
(int) r[i], (int) g[i], (int) b[i]);
plabort(buffer);
return;
@@ -476,7 +476,7 @@
(a[i] < 0.0 || a[i] > 1.0)) {
char buffer[256];
- sprintf(buffer, "plscmap1a: Invalid RGB color: %d, %d, %d, %f",
+ snprintf(buffer, 256, "plscmap1a: Invalid RGB color: %d, %d, %d, %f",
(int) r[i], (int) g[i], (int) b[i], (double) a[i]);
plabort(buffer);
return;
@@ -1838,11 +1838,13 @@
char tmp[256];
char prefix[256];
char* suffix;
- char num[12];
+ char num[256];
+ int maxlen;
+ maxlen = strlen(pls->BaseName) + 10;
if (pls->FileName == NULL)
{
- if ((pls->FileName = (char *) malloc(10 + strlen(pls->BaseName)))==NULL)
+ if ((pls->FileName = (char *) malloc(maxlen))==NULL)
{
plexit("plP_getmember: Insufficient memory");
}
@@ -1850,15 +1852,15 @@
suffix = strstr (pls->BaseName, "%n");
- sprintf(tmp, "%%0%1ii", (int) pls->fflen);
- sprintf(num, tmp, pls->member);
+ snprintf(tmp, 256, "%%0%1ii", (int) pls->fflen);
+ snprintf(num, 256, tmp, pls->member);
if (suffix == NULL)
- sprintf (pls->FileName, "%s.%s", pls->BaseName, num);
+ snprintf (pls->FileName, maxlen, "%s.%s", pls->BaseName, num);
else {
strncpy (prefix, pls->BaseName, 256);
prefix [suffix - pls->BaseName] = 0;
- sprintf (pls->FileName, "%s%s%s", prefix, num, suffix + 2);
+ snprintf (pls->FileName, maxlen, "%s%s%s", prefix, num, suffix + 2);
}
}
@@ -1875,12 +1877,14 @@
{
char prefix[256];
char* suffix;
+ int maxlen;
pls->OutFile = NULL;
if (pls->FileName != NULL)
free((void *) pls->FileName);
- if ((pls->FileName = (char *) malloc(10 + strlen(fnam)))==NULL)
+ maxlen = 10 + strlen(fnam);
+ if ((pls->FileName = (char *) malloc(maxlen))==NULL)
{
plexit("plP_sfnam: Insufficient memory");
}
@@ -1888,22 +1892,22 @@
suffix = strstr (fnam, "%n");
if (suffix == NULL)
- strcpy(pls->FileName, fnam);
+ strncpy(pls->FileName, fnam, maxlen);
else {
strncpy (prefix, fnam, 256);
prefix [suffix - fnam] = 0;
- sprintf (pls->FileName, "%s%s", prefix, suffix + 2);
+ snprintf (pls->FileName, maxlen, "%s%s", prefix, suffix + 2);
}
if (pls->BaseName != NULL)
free((void *) pls->BaseName);
- if ((pls->BaseName = (char *) malloc(10 + strlen(fnam)))==NULL)
+ if ((pls->BaseName = (char *) malloc(maxlen))==NULL)
{
plexit("plP_sfnam: Insufficient memory");
}
- strcpy(pls->BaseName, fnam);
+ strncpy(pls->BaseName, fnam, maxlen);
}
/*--------------------------------------------------------------------------*\
Modified: trunk/src/plfreetype.c
===================================================================
--- trunk/src/plfreetype.c 2009-02-08 00:31:05 UTC (rev 9472)
+++ trunk/src/plfreetype.c 2009-02-08 20:44:22 UTC (rev 9473)
@@ -600,7 +600,7 @@
char WINDIR_PATH[255];
char *b;
b=getenv("WINDIR");
- strcpy(WINDIR_PATH,b);
+ strncpy(WINDIR_PATH,b,255);
#else
const char *default_unix_font_dir=PL_FREETYPE_FONT_DIR;
#endif
@@ -647,7 +647,7 @@
}
else
{
- strcat(WINDIR_PATH,"\\fonts\\arial.ttf");
+ strncat(WINDIR_PATH,"\\fonts\\arial.ttf",255);
if (access(WINDIR_PATH, F_OK)==0)
{
b=strrchr(WINDIR_PATH,'\\');
@@ -672,9 +672,9 @@
*/
if ((a = getenv("PLPLOT_FREETYPE_FONT_DIR")) != NULL)
- strcpy(font_dir,a);
+ strncpy(font_dir,a,1024);
else
- strcpy(font_dir,default_unix_font_dir);
+ strncpy(font_dir,default_unix_font_dir,1024);
#endif
@@ -701,23 +701,23 @@
#else
if ((a[0]=='/')||(a[0]=='~')) /* check for unix abs path */
#endif
- strcpy(FT->font_name[i],a);
+ strncpy(FT->font_name[i],a,1024);
else {
- strcpy(FT->font_name[i],font_dir);
- strcat(FT->font_name[i],a);
+ strncpy(FT->font_name[i],font_dir,1024);
+ strncat(FT->font_name[i],a,1024);
}
} else {
- strcpy(FT->font_name[i],font_dir);
- strcat(FT->font_name[i],(char *)TrueTypeLookup[i].pfont);
+ strncpy(FT->font_name[i],font_dir,1024);
+ strncat(FT->font_name[i],(char *)TrueTypeLookup[i].pfont,1024);
}
{
FILE *infile ;
if ( (infile=fopen(FT->font_name[i], "r"))==NULL) {
char msgbuf[1024];
- sprintf(msgbuf,
+ snprintf(msgbuf, 1024,
"plD_FreeType_init: Could not find the freetype compatible font:\n %s",
FT->font_name[i]);
plwarn(msgbuf);
Modified: trunk/src/plgridd.c
===================================================================
--- trunk/src/plgridd.c 2009-02-08 00:31:05 UTC (rev 9472)
+++ trunk/src/plgridd.c 2009-02-08 20:44:22 UTC (rev 9473)
@@ -759,7 +759,7 @@
/* Could pass extra args to qhull through the 'data' argument of
plgriddata() */
- sprintf(flags, "qhull d Qbb Qt");
+ strcpy(flags, "qhull d Qbb Qt", 250);
if ((points = (coordT *) malloc(npts * (dim+1) * sizeof(coordT)))==NULL)
{
Modified: trunk/src/plmap.c
===================================================================
--- trunk/src/plmap.c 2009-02-08 00:31:05 UTC (rev 9472)
+++ trunk/src/plmap.c 2009-02-08 20:44:22 UTC (rev 9473)
@@ -103,8 +103,8 @@
/*
* read map outline
*/
- strcpy(filename,type);
- strcat(filename,MAP_FILE);
+ strncpy(filename,type,100);
+ strncat(filename,MAP_FILE,100);
if ((in = plLibOpenPdfstrm(filename)) == NULL)
return;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|