From c58f7ab28d5fc346032592414055db4edcc18050 Mon Sep 17 00:00:00 2001 From: Mark Adler Date: Wed, 2 May 2012 23:18:38 -0700 Subject: Replace use of unsafe string functions with snprintf if available. This avoids warnings in OpenBSD that apparently can't be turned off whenever you link strcpy, strcat, or sprintf. When snprintf isn't available, the use of the "unsafe" string functions has always in fact been safe, since the lengths are all checked before those functions are called. We do not use strlcpy or strlcat, since they are not (yet) found on all systems. snprintf on the other hand is part of the C standard library and is very common. --- gzlib.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'gzlib.c') diff --git a/gzlib.c b/gzlib.c index ca55c6e..b021372 100644 --- a/gzlib.c +++ b/gzlib.c @@ -208,7 +208,11 @@ local gzFile gz_open(path, fd, mode) *(state->path) = 0; else #endif +#if !defined(NO_snprintf) && !defined(NO_vsnprintf) + snprintf(state->path, len + 1, "%s", (const char *)path); +#else strcpy(state->path, path); +#endif /* compute the flags for open() */ oflag = @@ -284,7 +288,11 @@ gzFile ZEXPORT gzdopen(fd, mode) if (fd == -1 || (path = malloc(7 + 3 * sizeof(int))) == NULL) return NULL; +#if !defined(NO_snprintf) && !defined(NO_vsnprintf) + snprintf(path, 7 + 3 * sizeof(int), "", fd); /* for debugging */ +#else sprintf(path, "", fd); /* for debugging */ +#endif gz = gz_open(path, fd, mode); free(path); return gz; @@ -594,9 +602,14 @@ void ZLIB_INTERNAL gz_error(state, err, msg) state->msg = (char *)"out of memory"; return; } +#if !defined(NO_snprintf) && !defined(NO_vsnprintf) + snprintf(state->msg, strlen(state->path) + strlen(msg) + 3, + "%s%s%s", state->path, ": ", msg); +#else strcpy(state->msg, state->path); strcat(state->msg, ": "); strcat(state->msg, msg); +#endif return; } -- cgit v1.2.3-55-g6feb