From 03feba8cc1a68da8882bfc90d182365308a00743 Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Tue, 17 Feb 2015 22:13:35 +0100
Subject: [125678kqv][cl]: fix sprint() and strcpy() buffer overflows

---
 sys/src/cmd/ql/pass.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'sys/src/cmd/ql/pass.c')

diff --git a/sys/src/cmd/ql/pass.c b/sys/src/cmd/ql/pass.c
index 1a4fc7b0b..70b3aab09 100644
--- a/sys/src/cmd/ql/pass.c
+++ b/sys/src/cmd/ql/pass.c
@@ -131,9 +131,9 @@ dodata(void)
 				continue;
 			/* size should be 19 max */
 			if(strlen(s->name) >= 10)	/* has loader address */ 
-				sprint(literal, "$%p.%lux", s, p->from.offset);
+				snprint(literal, sizeof literal, "$%p.%lux", s, p->from.offset);
 			else
-				sprint(literal, "$%s.%d.%lux", s->name, s->version, p->from.offset);
+				snprint(literal, sizeof literal, "$%s.%d.%lux", s->name, s->version, p->from.offset);
 		} else {
 			if(p->from.name != D_NONE)
 				continue;
@@ -147,7 +147,7 @@ dodata(void)
 			if(v)
 				continue;	/* quicker to build it than load it */
 			/* size should be 9 max */
-			sprint(literal, "$%lux", v);
+			snprint(literal, sizeof literal, "$%lux", v);
 		}
 		s = lookup(literal, 0);
 		if(s->type == 0) {
-- 
cgit v1.2.3