From: Kevin M. Rosenberg <kevin@rosenberg.net>
Date: Mon, 12 Feb 2018 18:02:24 +0000 (-0700)
Subject: Change sprintf to snprintf for buffer overflow protection
X-Git-Url: http://git.kpe.io/?p=snark14.git;a=commitdiff_plain;h=655b8062715746e7734a01c5a58d7d01e93caf94

Change sprintf to snprintf for buffer overflow protection
---

diff --git a/tools/Display/SnarkDisplay.cpp b/tools/Display/SnarkDisplay.cpp
index 2962ce9..a492c39 100644
--- a/tools/Display/SnarkDisplay.cpp
+++ b/tools/Display/SnarkDisplay.cpp
@@ -49,7 +49,7 @@
 #include <qmessagebox.h>
 #include <qregexp.h> 
 
-char *myTag = "sd140707";
+const char *myTag = "sd140707";
 
 /* 
  *  Constructs a SnarkDisplay which is a child of 'parent', with the 
@@ -170,14 +170,14 @@ void SnarkDisplay::openRecfilFile() {
         freeDisplaywindows(numimages);
     }
     if (!recfilfilename.isEmpty()) {
-        sprintf(name, "%s", recfilfilename.latin1());
+        snprintf(name, sizeof(name)-1, "%s", recfilfilename.latin1());
         if (digrecfil.Open(name) != 0) {
             s.sprintf("Error!\nUnable to open file:\n%s\n", recfilfilename.latin1());
             QMessageBox::information(this, "SnarkDisplay", s);
             digrecfil.Close();
             return;
         } else {
-            sprintf(oldname, "%s", name);
+          snprintf(oldname, sizeof(oldname)-1, "%s", name);
             phantomexists = false;
             if (digrecfil.GetDimensions(&Dimensions) != 0) {
                 s.sprintf("%s is not a snark14 recfil\n", recfilfilename.latin1());
@@ -249,7 +249,7 @@ void SnarkDisplay::openRecfilFile() {
                         itname.sprintf("_");
                     else
                         itname.sprintf("%-40s", namephantom);
-                    sprintf(imagetitles[ni], "%s", itname.latin1());
+                    snprintf(imagetitles[ni], sizeof(imagetitles[ni])-1, "%s", itname.latin1());
                     imageindexes[ni][0] = i;
                     imageindexes[ni][1] = 0;
                     ni++;
@@ -269,7 +269,7 @@ void SnarkDisplay::openRecfilFile() {
                             itname.sprintf("%-*s_%-*s_%s_%04d_r_a", widthproj, nameprojection, widthexec, nameexecution, namealg, j + 1);
                         else
                             itname.sprintf("__%-*s_%4s_%04d_r_a", widthexec, nameexecution, namealg, j + 1);
-                        sprintf(imagetitles[ni], "%s", itname.latin1());
+                        snprintf(imagetitles[ni], sizeof(imagetitles[ni])-1, "%s", itname.latin1());
                         imageindexes[ni][0] = i;
                         imageindexes[ni][1] = j;
                         ni++;
@@ -461,7 +461,7 @@ void SnarkDisplay::openPrjfilFile() {
     fd.setSelection(QDir::currentDirPath());
     if (fd.exec() == QDialog::Accepted) {
         projfilfilename = fd.selectedFile();
-        sprintf(name, "%s", projfilfilename.latin1());
+        snprintf(name, sizeof(name)-1, "%s", projfilfilename.latin1());
         if (openprojfil) //*(JD 1/28/04)
             digprojfil.Close(); //(JD 1/28/04)
         if (digprojfil.Open(name) != 0) {
@@ -511,7 +511,7 @@ void SnarkDisplay::openEvalFile() {
     fd.setSelection(QDir::currentDirPath());
     if (fd.exec() == QDialog::Accepted) {
         evalfilename = fd.selectedFile();
-        sprintf(name, "%s", evalfilename.latin1());
+        snprintf(name, sizeof(name)-1, "%s", evalfilename.latin1());
         if (std::verbose >= 2) printf("\nname of eval file is:\n%s\n", name);
         if ((fp = fopen(name, "r")) == NULL) {
             s.sprintf("Error!\nUnable to open file:\n%s\n", evalfilename.latin1());
diff --git a/tools/Display/displayprojection.cpp b/tools/Display/displayprojection.cpp
index c477393..599ab6e 100644
--- a/tools/Display/displayprojection.cpp
+++ b/tools/Display/displayprojection.cpp
@@ -162,7 +162,7 @@ displayprojection::displayprojection(QWidget* parent, const char* name, bool mod
 
     lowthresh = new QLineEdit(this, "lowthresh");
     lowthresh->setGeometry(QRect(5, 260, 80, 30));
-    char s[16];
+    char s[12];
     snprintf(s,sizeof(s)-1,"%7.4f", minval);
     lowthresh->setText(s);
 
@@ -184,7 +184,7 @@ displayprojection::displayprojection(QWidget* parent, const char* name, bool mod
 
     highthresh = new QLineEdit(this, "highthresh");
     highthresh->setGeometry(QRect(5, 355, 80, 30));
-    sprintf(s, "%7.4f", maxval);
+    snprintf(s, sizeof(s)-1, "%7.4f", maxval);
     highthresh->setText(s);
 
     sethighthreshbutton = new QPushButton(this, "sethighthreshbutton");
@@ -248,16 +248,16 @@ void displayprojection::updateClickedPixel(int cx, int cy) {
 
     ix = cx / zoomval;
     iy = cy / zoomval;
-    sprintf(s, "(%d,%d)", ix, iy);
+    snprintf(s, sizeof(s)-1, "(%d,%d)", ix, iy);
     pixelpos->setText(s);
-    sprintf(s, "%7.4f", proj[ix][iy]);
+    snprintf(s, sizeof(s)-1, "%7.4f", proj[ix][iy]);
     pixelvalue->setText(s);
 }
 
 void displayprojection::updateZoom() {
-    char s[4];
+    char s[7];
     int v = zoomslider->value();
-    sprintf(s, "%d", v);
+    snprintf(s, sizeof(s)-1, "%d", v);
     zoom->setText(s);
     zoomval = v;
     displaywidget->resize(prjnum*zoomval, usrays * zoomval);
@@ -307,7 +307,7 @@ void displayprojection::updateLowthresh() {
     }
     double fv = ((double) v) / 1000;
     lowthreshold = fv;
-    sprintf(s, "%7.4f", fv);
+    snprintf(s, sizeof(s)-1, "%7.4f", fv);
     lowthresh->setText(s);
     resetImage();
 }
@@ -349,7 +349,7 @@ void displayprojection::updateHighthresh() {
     }
     double fv = ((double) v) / 1000;
     highthreshold = fv;
-    sprintf(s, "%7.4f", fv);
+    snprintf(s, sizeof(s)-1, "%7.4f", fv);
     highthresh->setText(s);
     resetImage();
 }