changed sprintf to more secure snprintf to prevent vulnerability to buffer

overflow exploits.

2 files changed, 3 insertions, 3 deletions

diff --git a/labels.c b/labels.c
index 74222f52..833ad843 100644
--- a/labels.c
+++ b/labels.c
@@ -221,7 +221,7 @@ if (pass0 == 1) {
 	slen += strlen(lpostfix);
 	slen++; /* room for that null char */
 	xsymbol = nasm_malloc(slen);
-	sprintf(xsymbol,"%s%s%s",lprefix,lptr->defn.label,lpostfix);
+	snprintf(xsymbol,slen,"%s%s%s",lprefix,lptr->defn.label,lpostfix);
 
 	ofmt->symdef (xsymbol, segment, offset, exi, 
 		special ? special : lptr->defn.special);
@@ -286,7 +286,7 @@ if (pass0 == 1 || (!is_norm && !isextrn && (segment&1))) {
 	slen += strlen(lpostfix);
 	slen++; /* room for that null char */
 	xsymbol = nasm_malloc(slen);
-	sprintf(xsymbol,"%s%s%s",lprefix,lptr->defn.label,lpostfix);
+	snprintf(xsymbol,slen,"%s%s%s",lprefix,lptr->defn.label,lpostfix);
 
 	ofmt->symdef (xsymbol, segment, offset, exi, 
 		special ? special : lptr->defn.special);
diff --git a/listing.c b/listing.c
index d72450dd..5deea2a5 100644
--- a/listing.c
+++ b/listing.c
@@ -192,7 +192,7 @@ static void list_output (long offset, const void *data, unsigned long type)
     else if (typ == OUT_RESERVE) 
     {
 	char q[20];
-	sprintf(q, "<res %08lX>", size);
+	snprintf(q, sizeof(q), "<res %08lX>", size);
 	list_out (offset, q);
     }
 }