Menu
▾
▴
[Plplot-cvs] SF.net SVN: plplot:[9474] trunk/drivers
|
From: <and...@us...> - 2009-02-08 21:15:46
|
Revision: 9474
http://plplot.svn.sourceforge.net/plplot/?rev=9474&view=rev
Author: andrewross
Date: 2009-02-08 21:15:41 +0000 (Sun, 08 Feb 2009)
Log Message:
-----------
Replace use of sprintf, strcat and strcpy with snprintf, strncat, strncpy to prevent
the possibility of user-supplied data leading to buffer overflows.
Modified Paths:
--------------
trunk/drivers/cairo.c
trunk/drivers/gcw.c
trunk/drivers/get-drv-info.c
trunk/drivers/gnome.c
trunk/drivers/plmeta.c
trunk/drivers/ps.c
trunk/drivers/psttf.cc
trunk/drivers/tk.c
trunk/drivers/wxwidgets.cpp
trunk/drivers/wxwidgets_agg.cpp
trunk/drivers/xwin.c
Modified: trunk/drivers/cairo.c
===================================================================
--- trunk/drivers/cairo.c 2009-02-08 20:44:22 UTC (rev 9473)
+++ trunk/drivers/cairo.c 2009-02-08 21:15:41 UTC (rev 9474)
@@ -495,17 +495,17 @@
switch(ucs4[i])
{
case 38:
- strcat(pangoMarkupString, "&");
+ strncat(pangoMarkupString, "&", MAX_MARKUP_LEN);
break;
case 60:
- strcat(pangoMarkupString, "<");
+ strncat(pangoMarkupString, "<", MAX_MARKUP_LEN);
break;
case 62:
- strcat(pangoMarkupString, ">");
+ strncat(pangoMarkupString, ">", MAX_MARKUP_LEN);
break;
default:
ucs4_to_utf8(ucs4[i],utf8);
- strcat(pangoMarkupString, utf8);
+ strncat(pangoMarkupString, utf8, MAX_MARKUP_LEN);
break;
}
i++;
@@ -514,24 +514,24 @@
i++;
if (ucs4[i] == (PLUNICODE)plplotEsc){ /* a escape character to display */
ucs4_to_utf8(ucs4[i],utf8);
- strcat(pangoMarkupString, utf8);
+ strncat(pangoMarkupString, utf8, MAX_MARKUP_LEN);
i++;
continue;
}
else {
if(ucs4[i] == (PLUNICODE)'u'){ /* Superscript */
if(upDown < 0){
- strcat(pangoMarkupString, "</sub>");
+ strncat(pangoMarkupString, "</sub>", MAX_MARKUP_LEN);
} else {
- strcat(pangoMarkupString, "<sup>");
+ strncat(pangoMarkupString, "<sup>", MAX_MARKUP_LEN);
}
upDown++;
}
if(ucs4[i] == (PLUNICODE)'d'){ /* Subscript */
if(upDown > 0){
- strcat(pangoMarkupString, "</sup>");
+ strncat(pangoMarkupString, "</sup>", MAX_MARKUP_LEN);
} else {
- strcat(pangoMarkupString, "<sub>");
+ strncat(pangoMarkupString, "<sub>", MAX_MARKUP_LEN);
}
upDown--;
}
@@ -573,25 +573,25 @@
plP_fci2hex(fci, &fontFamily, PL_FCI_FAMILY);
plP_fci2hex(fci, &fontStyle, PL_FCI_STYLE);
plP_fci2hex(fci, &fontWeight, PL_FCI_WEIGHT);
- sprintf(openTag, "<span font_desc=\"%s %.2f\" ", familyLookup[fontFamily], fontSize);
- strcat(pangoMarkupString, openTag);
+ snprintf(openTag, 200, "<span font_desc=\"%s %.2f\" ", familyLookup[fontFamily], fontSize);
+ strncat(pangoMarkupString, openTag, MAX_MARKUP_LEN);
- sprintf(openTag, "style=\"%s\" ", styleLookup[fontStyle]);
- strcat(pangoMarkupString, openTag);
+ snprintf(openTag, 200, "style=\"%s\" ", styleLookup[fontStyle]);
+ strncat(pangoMarkupString, openTag, MAX_MARKUP_LEN);
- sprintf(openTag, "weight=\"%s\">", weightLookup[fontWeight]);
- strcat(pangoMarkupString, openTag);
+ snprintf(openTag, 200, "weight=\"%s\">", weightLookup[fontWeight]);
+ strncat(pangoMarkupString, openTag, MAX_MARKUP_LEN);
/* Move to the right sub/super-script level */
if(upDown > 0){
while(upDown > 0){
- strcat(pangoMarkupString, "<sup>");
+ strncat(pangoMarkupString, "<sup>", MAX_MARKUP_LEN);
upDown--;
}
}
if(upDown < 0){
while(upDown < 0){
- strcat(pangoMarkupString, "<sub>");
+ strncat(pangoMarkupString, "<sub>", MAX_MARKUP_LEN);
upDown++;
}
}
@@ -607,18 +607,18 @@
{
if(upDown > 0){
while(upDown > 0){
- strcat(pangoMarkupString, "</sup>");
+ strncat(pangoMarkupString, "</sup>", MAX_MARKUP_LEN);
upDown--;
}
}
if(upDown < 0){
while(upDown < 0){
- strcat(pangoMarkupString, "</sub>");
+ strncat(pangoMarkupString, "</sub>", MAX_MARKUP_LEN);
upDown++;
}
}
- strcat(pangoMarkupString, "</span>");
+ strncat(pangoMarkupString, "</span>", MAX_MARKUP_LEN);
}
/*---------------------------------------------------------------------
@@ -686,10 +686,10 @@
This was copied from the psttf driver. */
for(i=0;i<NPANGOLOOKUP;i++){
if((a = getenv(envFamilyLookup[i])) != NULL){
- strcpy(familyLookup[i],a);
+ strncpy(familyLookup[i],a,1024);
}
else {
- strcpy(familyLookup[i],defaultFamilyLookup[i]);
+ strncpy(familyLookup[i],defaultFamilyLookup[i],1024);
}
}
Modified: trunk/drivers/gcw.c
===================================================================
--- trunk/drivers/gcw.c 2009-02-08 20:44:22 UTC (rev 9473)
+++ trunk/drivers/gcw.c 2009-02-08 21:15:41 UTC (rev 9474)
@@ -726,7 +726,7 @@
else if(op==PLSTATE_CMAP0) strcpy(opname,"PLSTATE_CMAP0");
else if(op==PLSTATE_CMAP1) strcpy(opname,"PLSTATE_CMAP1");
else strcpy(opname,"unknown");
- sprintf(msg,"<plD_state_gcw />: %s\n",opname);
+ snprintf(msg,100,"<plD_state_gcw />: %s\n",opname);
gcw_debug(msg);
#endif
@@ -1186,7 +1186,7 @@
else if(op==PLESC_HAS_TEXT) strcpy(opname,"PLESC_HAS_TEXT");
else if(op==PLESC_GRAPH) strcpy(opname,"PLESC_GRAPH");
else strcpy(opname,"unknown");
- sprintf(msg,"<plD_esc_gcw />: %s\n",opname);
+ snprintf(msg,100,"<plD_esc_gcw />: %s\n",opname);
gcw_debug(msg);
#endif
Modified: trunk/drivers/get-drv-info.c
===================================================================
--- trunk/drivers/get-drv-info.c 2009-02-08 20:44:22 UTC (rev 9473)
+++ trunk/drivers/get-drv-info.c 2009-02-08 21:15:41 UTC (rev 9474)
@@ -53,9 +53,9 @@
lt_dlinit ();
#ifdef LTDL_WIN32
- sprintf( drvspec, "%s", drvnam );
+ snprintf( drvspec, 400, "%s", drvnam );
#else
- sprintf( drvspec, "%s/%s", plGetDrvDir (), drvnam );
+ snprintf( drvspec, 400, "%s/%s", plGetDrvDir (), drvnam );
#endif /* LTDL_WIN32 */
dlhand = lt_dlopenext (drvspec);
if (dlhand == NULL) {
@@ -63,7 +63,7 @@
"libltdl error: %s\n", drvspec, lt_dlerror ());
return 1;
}
- sprintf (sym, "plD_DEVICE_INFO_%s", drvnam);
+ snprintf (sym, 300, "plD_DEVICE_INFO_%s", drvnam);
info = (char **) lt_dlsym (dlhand, sym);
if (info != NULL) {
printf ("%s", *info);
Modified: trunk/drivers/gnome.c
===================================================================
--- trunk/drivers/gnome.c 2009-02-08 20:44:22 UTC (rev 9473)
+++ trunk/drivers/gnome.c 2009-02-08 21:15:41 UTC (rev 9474)
@@ -342,13 +342,13 @@
plTranslateCursor (gin);
if (color == NULL)
- sprintf (buffer, "");
+ buffer[0] = '\0';
else
if (color->cmap == 0)
- sprintf (buffer, " x = %f y = %f color = %d (cmap0)",
+ snprintf (buffer, 128, " x = %f y = %f color = %d (cmap0)",
gin->wX, gin->wY, (int) color->color);
else
- sprintf (buffer, " x = %f y = %f color = %f (cmap1)",
+ snprintf (buffer, 128, " x = %f y = %f color = %f (cmap1)",
gin->wX, gin->wY, color->color);
/*// FIXME : Terrible global variable hack*/
@@ -700,7 +700,7 @@
gtk_notebook_set_show_tabs (dev->notebook, (np > 0));
- sprintf (buffer, "Page %d", np+1);
+ snprintf (buffer, 32, "Page %d", np+1);
gtk_notebook_append_page (dev->notebook, GTK_WIDGET (page->sw),
gtk_label_new (buffer));
Modified: trunk/drivers/plmeta.c
===================================================================
--- trunk/drivers/plmeta.c 2009-02-08 20:44:22 UTC (rev 9473)
+++ trunk/drivers/plmeta.c 2009-02-08 21:15:41 UTC (rev 9474)
@@ -410,7 +410,7 @@
/* The forward byte offset is located exactly 7 bytes after the BOP */
fwbyte_offset = dev->lp_offset + 7;
if (pl_fsetpos(file, &fwbyte_offset)) {
- sprintf(buffer, "UpdatePrevPagehdr (plmeta.c): fsetpos to fwbyte_offset (%d) failed",
+ snprintf(buffer, 256, "UpdatePrevPagehdr (plmeta.c): fsetpos to fwbyte_offset (%d) failed",
(int) fwbyte_offset);
plexit(buffer);
}
@@ -435,7 +435,7 @@
#ifdef DEBUG
if (pl_fsetpos(file, &fwbyte_offset)) {
- sprintf(buffer, "UpdatePrevPagehdr (plmeta.c): fsetpos to fwbyte_offset (%d) failed",
+ snprintf(buffer, 256, "UpdatePrevPagehdr (plmeta.c): fsetpos to fwbyte_offset (%d) failed",
(int) fwbyte_offset);
plexit(buffer);
}
@@ -450,7 +450,7 @@
/* Return to current page offset */
if (pl_fsetpos(file, &cp_offset)) {
- sprintf(buffer, "UpdatePrevPagehdr (plmeta.c): fsetpos to cp_offset (%d) failed",
+ snprintf(buffer, 256, "UpdatePrevPagehdr (plmeta.c): fsetpos to cp_offset (%d) failed",
(int) cp_offset);
plexit(buffer);
}
@@ -478,7 +478,7 @@
(int) cp_offset, (int) dev->lp_offset);
if (pl_fsetpos(file, &dev->index_offset)) {
- sprintf(buffer, "UpdateIndex (plmeta.c): fsetpos to index_offset (%d) failed",
+ snprintf(buffer, 256, "UpdateIndex (plmeta.c): fsetpos to index_offset (%d) failed",
(int) dev->index_offset);
plexit(buffer);
}
@@ -490,7 +490,7 @@
(int) dev->lp_offset, (int) cp_offset);
if (pl_fsetpos(file, &cp_offset)) {
- sprintf(buffer, "UpdateIndex (plmeta.c): fsetpos to cp_offset (%d) failed",
+ snprintf(buffer, 256, "UpdateIndex (plmeta.c): fsetpos to cp_offset (%d) failed",
(int) cp_offset);
plexit(buffer);
}
Modified: trunk/drivers/ps.c
===================================================================
--- trunk/drivers/ps.c 2009-02-08 20:44:22 UTC (rev 9473)
+++ trunk/drivers/ps.c 2009-02-08 21:15:41 UTC (rev 9474)
@@ -408,7 +408,7 @@
else
putc(' ', OF);
- sprintf(outbuf, "%d %d D", x2, y2);
+ snprintf(outbuf, 128, "%d %d D", x2, y2);
dev->ptcnt++;
pls->linepos += 12;
}
@@ -417,9 +417,9 @@
pls->linepos = 0;
if (x1 == x2 && y1 == y2) /* must be a single dot, draw a circle */
- sprintf(outbuf, "%d %d A", x1, y1);
+ snprintf(outbuf, 128, "%d %d A", x1, y1);
else
- sprintf(outbuf, "%d %d M %d %d D", x1, y1, x2, y2);
+ snprintf(outbuf, 128, "%d %d M %d %d D", x1, y1, x2, y2);
dev->llx = MIN(dev->llx, x1);
dev->lly = MIN(dev->lly, y1);
dev->urx = MAX(dev->urx, x1);
@@ -657,7 +657,7 @@
/* First time through start with a x y moveto */
if (n == 0) {
- sprintf(outbuf, "N %d %d M", x, y);
+ snprintf(outbuf, 128, "N %d %d M", x, y);
dev->llx = MIN(dev->llx, x);
dev->lly = MIN(dev->lly, y);
dev->urx = MAX(dev->urx, x);
@@ -676,7 +676,7 @@
pls->bytecnt++;
- sprintf(outbuf, "%d %d D", x, y);
+ snprintf(outbuf, 128, "%d %d D", x, y);
dev->llx = MIN(dev->llx, x);
dev->lly = MIN(dev->lly, y);
dev->urx = MAX(dev->urx, x);
Modified: trunk/drivers/psttf.cc
===================================================================
--- trunk/drivers/psttf.cc 2009-02-08 20:44:22 UTC (rev 9473)
+++ trunk/drivers/psttf.cc 2009-02-08 21:15:41 UTC (rev 9474)
@@ -283,10 +283,10 @@
// or defaults.
for (i=0;i<N_Pango_Lookup;i++) {
if ( (a = getenv(EnvFamilyLookup[i])) != NULL ) {
- strcpy(FamilyLookup[i],a);
+ strncpy(FamilyLookup[i],a,1024);
}
else {
- strcpy(FamilyLookup[i],DefaultFamilyLookup[i]);
+ strncpy(FamilyLookup[i],DefaultFamilyLookup[i],1024);
}
}
@@ -471,7 +471,7 @@
else
doc->osBody() << ' ';
- sprintf(outbuf, "%d %d D", x2, y2);
+ snprintf(outbuf, 128, "%d %d D", x2, y2);
dev->ptcnt++;
pls->linepos += 12;
}
@@ -480,9 +480,9 @@
pls->linepos = 0;
if (x1 == x2 && y1 == y2) /* must be a single dot, draw a circle */
- sprintf(outbuf, "%d %d A", x1, y1);
+ snprintf(outbuf, 128, "%d %d A", x1, y1);
else
- sprintf(outbuf, "%d %d M %d %d D", x1, y1, x2, y2);
+ snprintf(outbuf, 128, "%d %d M %d %d D", x1, y1, x2, y2);
dev->llx = MIN(dev->llx, x1);
dev->lly = MIN(dev->lly, y1);
dev->urx = MAX(dev->urx, x1);
@@ -734,7 +734,7 @@
/* First time through start with a x y moveto */
if (n == 0) {
- sprintf(outbuf, "N %d %d M", x, y);
+ snprintf(outbuf, 128, "N %d %d M", x, y);
dev->llx = MIN(dev->llx, x);
dev->lly = MIN(dev->lly, y);
dev->urx = MAX(dev->urx, x);
@@ -753,7 +753,7 @@
pls->bytecnt++;
- sprintf(outbuf, "%d %d D", x, y);
+ snprintf(outbuf, 128, "%d %d D", x, y);
dev->llx = MIN(dev->llx, x);
dev->lly = MIN(dev->lly, y);
dev->urx = MAX(dev->urx, x);
Modified: trunk/drivers/tk.c
===================================================================
--- trunk/drivers/tk.c 2009-02-08 20:44:22 UTC (rev 9473)
+++ trunk/drivers/tk.c 2009-02-08 21:15:41 UTC (rev 9474)
@@ -659,7 +659,7 @@
/* Change orientation */
if (pls->difilt & PLDI_ORI) {
- sprintf(str, "%f", pls->diorot);
+ snprintf(str, 10, "%f", pls->diorot);
Tcl_SetVar(dev->interp, "rot", str, 0);
server_cmd( pls, "$plwidget cmd plsetopt -ori $rot", 1 );
@@ -669,13 +669,13 @@
/* Change window into plot space */
if (pls->difilt & PLDI_PLT) {
- sprintf(str, "%f", pls->dipxmin);
+ snprintf(str, 10, "%f", pls->dipxmin);
Tcl_SetVar(dev->interp, "xl", str, 0);
- sprintf(str, "%f", pls->dipymin);
+ snprintf(str, 10, "%f", pls->dipymin);
Tcl_SetVar(dev->interp, "yl", str, 0);
- sprintf(str, "%f", pls->dipxmax);
+ snprintf(str, 10, "%f", pls->dipxmax);
Tcl_SetVar(dev->interp, "xr", str, 0);
- sprintf(str, "%f", pls->dipymax);
+ snprintf(str, 10, "%f", pls->dipymax);
Tcl_SetVar(dev->interp, "yr", str, 0);
server_cmd( pls, "$plwidget cmd plsetopt -wplt $xl,$yl,$xr,$yr", 1 );
@@ -685,13 +685,13 @@
/* Change window into device space */
if (pls->difilt & PLDI_DEV) {
- sprintf(str, "%f", pls->mar);
+ snprintf(str, 10, "%f", pls->mar);
Tcl_SetVar(dev->interp, "mar", str, 0);
- sprintf(str, "%f", pls->aspect);
+ snprintf(str, 10, "%f", pls->aspect);
Tcl_SetVar(dev->interp, "aspect", str, 0);
- sprintf(str, "%f", pls->jx);
+ snprintf(str, 10, "%f", pls->jx);
Tcl_SetVar(dev->interp, "jx", str, 0);
- sprintf(str, "%f", pls->jy);
+ snprintf(str, 10, "%f", pls->jy);
Tcl_SetVar(dev->interp, "jy", str, 0);
server_cmd( pls, "$plwidget cmd plsetopt -mar $mar", 1 );
@@ -1346,7 +1346,7 @@
bg = pls->cmap0[0].b | (pls->cmap0[0].g << 8) | (pls->cmap0[0].r << 16);
if (bg > 0) {
- sprintf(command, "$plwidget configure -plbg #%06x", bg);
+ snprintf(command, 100, "$plwidget configure -plbg #%06x", bg);
server_cmd( pls, command, 0 );
}
@@ -1368,12 +1368,12 @@
/* color map options */
if (pls->ncol0) {
- sprintf(command, "$plwidget cmd plsetopt -ncol0 %d", pls->ncol0);
+ snprintf(command, 100, "$plwidget cmd plsetopt -ncol0 %d", pls->ncol0);
server_cmd( pls, command, 0 );
}
if (pls->ncol1) {
- sprintf(command, "$plwidget cmd plsetopt -ncol1 %d", pls->ncol1);
+ snprintf(command, 100, "$plwidget cmd plsetopt -ncol1 %d", pls->ncol1);
server_cmd( pls, command, 0 );
}
@@ -1393,7 +1393,7 @@
set_windowname(PLStream *pls)
{
const char *pname;
- int i;
+ int i, maxlen;
/* Set to "plclient" if not initialized via plargs or otherwise */
@@ -1409,14 +1409,15 @@
pname = pls->program;
if (pls->plwindow == NULL) { /* dont override -plwindow cmd line option */
- pls->plwindow = (char *) malloc(10+(strlen(pname)) * sizeof(char));
+ maxlen = strlen(pname) + 10;
+ pls->plwindow = (char *) malloc(maxlen * sizeof(char));
/* Allow for multiple widgets created by multiple streams */
if (pls->ipls == 0)
- sprintf(pls->plwindow, ".%s", pname);
+ snprintf(pls->plwindow, maxlen, ".%s", pname);
else
- sprintf(pls->plwindow, ".%s_%d", pname, (int) pls->ipls);
+ snprintf(pls->plwindow, maxlen, ".%s_%d", pname, (int) pls->ipls);
/* Replace any ' 's with '_'s to avoid quoting problems. */
/* Replace any '.'s (except leading) with '_'s to avoid bad window names. */
Modified: trunk/drivers/wxwidgets.cpp
===================================================================
--- trunk/drivers/wxwidgets.cpp 2009-02-08 20:44:22 UTC (rev 9473)
+++ trunk/drivers/wxwidgets.cpp 2009-02-08 21:15:41 UTC (rev 9474)
@@ -212,14 +212,14 @@
if( ucs4[i] < PL_FCI_MARK ) { /* not a font change */
if( ucs4[i] != (PLUNICODE)plplotEsc ) { /* a character to display */
ucs4_to_utf8( ucs4[i], utf8 );
- strcat( utf8_string, utf8 );
+ strncat( utf8_string, utf8, max_string_length );
i++;
continue;
}
i++;
if( ucs4[i] == (PLUNICODE)plplotEsc ) { /* a escape character to display */
ucs4_to_utf8( ucs4[i], utf8 );
- strcat( utf8_string, utf8 );
+ strncat( utf8_string, utf8, max_string_length );
i++;
continue;
} else {
Modified: trunk/drivers/wxwidgets_agg.cpp
===================================================================
--- trunk/drivers/wxwidgets_agg.cpp 2009-02-08 20:44:22 UTC (rev 9473)
+++ trunk/drivers/wxwidgets_agg.cpp 2009-02-08 21:15:41 UTC (rev 9474)
@@ -107,7 +107,7 @@
char WINDIR_PATH[255];
char *b;
b=getenv("WINDIR");
- strcpy(WINDIR_PATH,b);*/
+ strncpy(WINDIR_PATH,b,255);*/
/*
* Work out if we have Win95+ or Win3.?... sort of.
@@ -129,7 +129,7 @@
}
else
{
- strcat(WINDIR_PATH,"\\fonts\\arial.ttf");
+ strncat(WINDIR_PATH,"\\fonts\\arial.ttf",255);
if (access(WINDIR_PATH, F_OK)==0)
{
b=strrchr(WINDIR_PATH,'\\');
Modified: trunk/drivers/xwin.c
===================================================================
--- trunk/drivers/xwin.c 2009-02-08 20:44:22 UTC (rev 9473)
+++ trunk/drivers/xwin.c 2009-02-08 21:15:41 UTC (rev 9474)
@@ -1129,13 +1129,13 @@
/* Window title */
if (pls->plwindow){ /* allow -plwindow to specify wm decoration name */
- sprintf(header, "%s", pls->plwindow);
+ strncpy(header, pls->plwindow, 1024);
}
else if(pls->program) {
- sprintf(header, "%s", pls->program); /* else program name */
+ strncpy(header, pls->program, 1024); /* else program name */
}
else
- sprintf(header,"%s","Plplot");
+ strncpy(header,"Plplot",1024);
/* Window creation */
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
