Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_tigervnc / 2dbbd38f8f63594dce29ee4836fadff91392ee59^! / .
commit2dbbd38f8f63594dce29ee4836fadff91392ee59[log] [tgz]
authorPeter Åstrand <astrand@cendio.se>Sun Jan 23 20:00:34 2005 +0000
committerPeter Åstrand <astrand@cendio.se>Sun Jan 23 20:00:34 2005 +0000
tree8822e7508ffb8ec5650b389aca564bd0d1dcd81f
parenteed0650df73d505377198602f644ff490ab86c4e [diff]
Corrected buffer overrun problem with aboutText. Also, replaced all sprintf()s in the UNIX version with snprintf(). This follows the recommendation on http://www.gotw.ca/publications/mill19.htm. Also, snprintf() is, in practice, required when using gettext. Note: since VC6 doesn't have snprintf, only require snprintf in UNIX-only code.


git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/trunk@107 3789f03b-4d11-0410-bbf8-ca57d06f2519

diff --git a/doc/requirements.txt b/doc/requirements.txt
new file mode 100644
index 0000000..4957be3
--- /dev/null
+++ b/doc/requirements.txt

@@ -0,0 +1,2 @@
+
+- The UNIX version requires snprintf(). 

diff --git a/vncviewer_unix/CConn.cxx b/vncviewer_unix/CConn.cxx
index 1c10460..cb084d1 100644
--- a/vncviewer_unix/CConn.cxx
+++ b/vncviewer_unix/CConn.cxx

@@ -198,8 +198,9 @@
 
   const char* secType = secTypeName(getCurrentCSecurity()->getType());
   const char* titlePrefix = "VNC Authentication";
-  CharArray title(strlen(titlePrefix) + strlen(secType) + 4);
-  sprintf(title.buf, "%s [%s]", titlePrefix, secType);
+  unsigned int titleLen = strlen(titlePrefix) + strlen(secType) + 4;
+  CharArray title(titleLen);
+  snprintf(title.buf, titleLen, "%s [%s]", titlePrefix, secType);
   PasswdDialog dlg(dpy, title.buf, !user);
   if (!dlg.show()) return false;
   if (user)
@@ -345,8 +346,9 @@
   menu.addEntry("Ctrl", ID_CTRL);
   menu.addEntry("Alt", ID_ALT);
   CharArray menuKeyStr(menuKey.getData());
-  CharArray sendMenuKey(6+strlen(menuKeyStr.buf));
-  sprintf(sendMenuKey.buf, "Send %s", menuKeyStr.buf);
+  unsigned int sendMenuKeyLen = 6+strlen(menuKeyStr.buf);
+  CharArray sendMenuKey(sendMenuKeyLen);
+  snprintf(sendMenuKey.buf, sendMenuKeyLen, "Send %s", menuKeyStr.buf);
   menu.addEntry(sendMenuKey.buf, ID_F8);
   menu.addEntry("Send Ctrl-Alt-Del", ID_CTRLALTDEL);
   menu.addEntry(0, 0);
@@ -405,7 +407,7 @@
       serverPF.print(spfStr, 100);
       int secType = getCurrentCSecurity()->getType();
       char infoText[1024];
-      sprintf(infoText,
+      snprintf(infoText, sizeof(infoText),
               "Desktop name: %.80s\n"
               "Host: %.80s port: %d\n"
               "Size: %d x %d\n"
@@ -592,7 +594,7 @@
   CharArray windowNameStr(windowName.getData());
   if (!windowNameStr.buf[0]) {
     windowNameStr.replaceBuf(new char[256]);
-    sprintf(windowNameStr.buf,"VNC: %.240s",cp.name());
+    snprintf(windowNameStr.buf, 256, "VNC: %.240s", cp.name());
   }
   viewport->toplevel(windowNameStr.buf, this, argc, argv);
   viewport->setBumpScroll(fullScreen);

diff --git a/vncviewer_unix/vncviewer.cxx b/vncviewer_unix/vncviewer.cxx
index 433ef83..ca04baf 100644
--- a/vncviewer_unix/vncviewer.cxx
+++ b/vncviewer_unix/vncviewer.cxx

@@ -112,7 +112,7 @@
 			  "0 = Low, 9 = High",
 			  6);
 
-char aboutText[256];
+char aboutText[1024];
 char* programName;
 extern char buildtime[];
 
@@ -176,12 +176,13 @@
 
 int main(int argc, char** argv)
 {
-  sprintf(aboutText, "TightVNC viewer for X version 4.0 - built %s\n"
-          "Copyright (C) 2002-2004 RealVNC Ltd.\n"
-	  "Copyright (C) 2000-2004 Constantin Kaplinsky.\n"
-	  "Copyright (C) 2004 Peter Astrand, Cendio AB\n"
-          "See http://www.tightvnc.com for information on TightVNC.",
-          buildtime);
+  snprintf(aboutText, sizeof(aboutText), 
+	   "TightVNC viewer for X version 4.0 - built %s\n"
+	   "Copyright (C) 2002-2004 RealVNC Ltd.\n"
+	   "Copyright (C) 2000-2004 Constantin Kaplinsky.\n"
+	   "Copyright (C) 2004 Peter Astrand, Cendio AB\n"
+	   "See http://www.tightvnc.com for information on TightVNC.",
+	   buildtime);
   fprintf(stderr,"\n%s\n", aboutText);
 
   rfb::initStdIOLoggers();