[125678kqv][cl]: fix sprint() and strcpy() buffer overflows

author: cinap_lenrek <cinap_lenrek@felloff.net> 2015-02-17 22:13:35 +0100
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2015-02-17 22:13:35 +0100
commit: 03feba8cc1a68da8882bfc90d182365308a00743 (patch)
tree: 7abec9fa0987ffd70ae30dffb7496d34d1d32241 /sys/src/cmd/ql/obj.c
parent: fdeea811b7f309e1bd542a0a23fd382e332b2c2e (diff)
1 files changed, 9 insertions, 11 deletions
diff --git a/sys/src/cmd/ql/obj.c b/sys/src/cmd/ql/obj.c
index 8026a0def..9e4dcf02e 100644
--- a/sys/src/cmd/ql/obj.c
+++ b/sys/src/cmd/ql/obj.c
@@ -327,11 +327,9 @@ objfile(char *file)
 
 	if(file[0] == '-' && file[1] == 'l') {
 		if(debug['9'])
-			sprint(name, "/%s/lib/lib", thestring);
+			snprint(name, sizeof name, "/%s/lib/lib%s.a", thestring, file+2);
 		else
-			sprint(name, "/usr/%clib/lib", thechar);
-		strcat(name, file+2);
-		strcat(name, ".a");
+			snprint(name, sizeof name, "/usr/%clib/lib%s.a", thechar, file+2);
 		file = name;
 	}
 	if(debug['v'])
@@ -389,7 +387,7 @@ objfile(char *file)
 			s = lookup(e+5, 0);
 			if(s->type != SXREF)
 				continue;
-			sprint(pname, "%s(%s)", file, s->name);
+			snprint(pname, sizeof pname, "%s(%s)", file, s->name);
 			if(debug['v'])
 				Bprint(&bso, "%5.2f library: %s\n", cputime(), pname);
 			Bflush(&bso);
@@ -523,17 +521,17 @@ addlib(char *obj)
 		return;
 
 	if(histfrog[0]->name[1] == '/') {
-		sprint(name, "");
+		name[0] = 0;
 		i = 1;
 	} else
 	if(histfrog[0]->name[1] == '.') {
-		sprint(name, ".");
+		snprint(name, sizeof name, ".");
 		i = 0;
 	} else {
 		if(debug['9'])
-			sprint(name, "/%s/lib", thestring);
+			snprint(name, sizeof name, "/%s/lib", thestring);
 		else
-			sprint(name, "/usr/%clib", thechar);
+			snprint(name, sizeof name, "/usr/%clib", thechar);
 		i = 0;
 	}
 
@@ -961,7 +959,7 @@ loop:
 
 		if(p->from.type == D_FCONST) {
 			/* size sb 9 max */
-			sprint(literal, "$%lux", ieeedtof(&p->from.ieee));
+			snprint(literal, sizeof literal, "$%lux", ieeedtof(&p->from.ieee));
 			s = lookup(literal, 0);
 			if(s->type == 0) {
 				s->type = SBSS;
@@ -989,7 +987,7 @@ loop:
 			goto casedef;
 		if(p->from.type == D_FCONST) {
 			/* size sb 18 max */
-			sprint(literal, "$%lux.%lux",
+			snprint(literal, sizeof literal, "$%lux.%lux",
 				p->from.ieee.l, p->from.ieee.h);
 			s = lookup(literal, 0);
 			if(s->type == 0) {
author	cinap_lenrek <cinap_lenrek@felloff.net>	2015-02-17 22:13:35 +0100
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2015-02-17 22:13:35 +0100
commit	03feba8cc1a68da8882bfc90d182365308a00743 (patch)
tree	7abec9fa0987ffd70ae30dffb7496d34d1d32241 /sys/src/cmd/ql/obj.c
parent	fdeea811b7f309e1bd542a0a23fd382e332b2c2e (diff)