epilectrik
/
pyNgSpice
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Allow tailing '\0' 

Remove potentially user induced buffer overflow by replacing
sprintf by snprintf.
pre-master-46
Holger Vogt 5 years ago
parent
053e8c5a04
commit
2536b78acb
1 changed files with 4 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      src/frontend/inp.c

6
src/frontend/inp.c
View File

@ -475,7 +475,7 @@ inp_spsource(FILE *fp, bool comfile, char *filename, bool intfile)
{
struct card *deck = NULL, *dd, *ld, *prev_param = NULL, *prev_card = NULL;
struct card *realdeck = NULL, *options = NULL, *curr_meas = NULL;
char *tt = NULL, name[BSIZE_SP], *s, *t, *temperature = NULL;
char *tt = NULL, name[BSIZE_SP + 1], *s, *t, *temperature = NULL;
double testemp = 0.0;
bool commands = FALSE;
wordlist *wl = NULL, *end = NULL, *wl_first = NULL;
@ -1621,7 +1621,9 @@ doedit(char *filename)
editor = "/usr/bin/vi";
}
}
sprintf(buf, "%s %s", editor, filename);
int len = snprintf(buf, BSIZE_SP - 1, "%s %s", editor, filename);
if (len > BSIZE_SP - 1)
fprintf(stderr, "Error: the filename is probably tuncated\n");
return (system(buf) ? FALSE : TRUE);
}

Write Preview
Loading…
Cancel
Save