From 49cc97565fbe2928388a1e437c44429097a504ae Mon Sep 17 00:00:00 2001
From: Aleksey Sanin <aleksey@src.gnome.org>
Date: Fri, 14 Jun 2002 17:07:10 +0000
Subject: replaced sprintf() with snprintf() to prevent possible buffer
 overflow

* DOCBparser.c HTMLparser.c debugXML.c encoding.c
nanoftp.c nanohttp.c parser.c tree.c uri.c xmlIO.c
xmllint.c xpath.c: replaced sprintf() with snprintf()
to prevent possible buffer overflow (the bug was pointed
out by Anju Premachandran)
---
 tree.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'tree.c')

diff --git a/tree.c b/tree.c
index b4b143b8..f958cb20 100644
--- a/tree.c
+++ b/tree.c
@@ -4599,17 +4599,17 @@ xmlNewReconciliedNs(xmlDocPtr doc, xmlNodePtr tree, xmlNsPtr ns) {
      * Let's strip namespace prefixes longer than 20 chars !
      */
     if (ns->prefix == NULL)
-	sprintf((char *) prefix, "default");
+	snprintf((char *) prefix, sizeof(prefix), "default");
     else
-	sprintf((char *) prefix, "%.20s", ns->prefix);
+	snprintf((char *) prefix, sizeof(prefix), "%.20s", ns->prefix);
 
     def = xmlSearchNs(doc, tree, prefix);
     while (def != NULL) {
         if (counter > 1000) return(NULL);
 	if (ns->prefix == NULL)
-	    sprintf((char *) prefix, "default%d", counter++);
+	    snprintf((char *) prefix, sizeof(prefix), "default%d", counter++);
 	else
-	    sprintf((char *) prefix, "%.20s%d", ns->prefix, counter++);
+	    snprintf((char *) prefix, sizeof(prefix), "%.20s%d", ns->prefix, counter++);
 	def = xmlSearchNs(doc, tree, prefix);
     }
 
-- 
cgit v1.2.1