diff options
43 files changed, 314 insertions, 115 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index f882d145..e53133da 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -10,11 +10,9 @@ FreeBSD_task: BS: cmake matrix: freebsd_instance: - image_family: freebsd-13-0 + image_family: freebsd-13-1 freebsd_instance: - image_family: freebsd-12-2 - freebsd_instance: - image_family: freebsd-11-4 + image_family: freebsd-12-3 prepare_script: - ./build/ci/cirrus_ci/ci.sh prepare configure_script: diff --git a/CMakeLists.txt b/CMakeLists.txt index 1e1ff575..df83ed18 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -2024,6 +2024,17 @@ CHECK_CRYPTO("MD5;RMD160;SHA1;SHA256;SHA512" LIBMD) CHECK_CRYPTO_WIN("MD5;SHA1;SHA256;SHA384;SHA512") +# Check visibility annotations +SET(OLD_CMAKE_REQUIRED_FLAGS "${CMAKE_REQUIRED_FLAGS}") +SET(CMAKE_REQUIRED_FLAGS "${CMAKE_REQUIRED_FLAGS} -fvisibility=hidden -Werror") +CHECK_C_SOURCE_COMPILES("void __attribute__((visibility(\"default\"))) foo(void); +int main() { return 0; }" HAVE_VISIBILITY_ATTR) +IF (HAVE_VISIBILITY_ATTR) + SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fvisibility=hidden") + ADD_DEFINITIONS(-D__LIBARCHIVE_ENABLE_VISIBILITY) +ENDIF(HAVE_VISIBILITY_ATTR) +SET(CMAKE_REQUIRED_FLAGS "${OLD_CMAKE_REQUIRED_FLAGS}") + # Generate "config.h" from "build/cmake/config.h.in" CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/build/cmake/config.h.in ${CMAKE_CURRENT_BINARY_DIR}/config.h) diff --git a/Makefile.am b/Makefile.am index 743aaa0d..3fd2fdbf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -513,6 +513,7 @@ libarchive_test_SOURCES= \ libarchive/test/test_read_format_tar_empty_filename.c \ libarchive/test/test_read_format_tar_empty_with_gnulabel.c \ libarchive/test/test_read_format_tar_filename.c \ + libarchive/test/test_read_format_tar_invalid_pax_size.c \ libarchive/test/test_read_format_tbz.c \ libarchive/test/test_read_format_tgz.c \ libarchive/test/test_read_format_tlz.c \ @@ -905,6 +906,7 @@ libarchive_test_EXTRA_DIST=\ libarchive/test/test_read_format_tar_empty_with_gnulabel.tar.uu \ libarchive/test/test_read_format_tar_empty_pax.tar.Z.uu \ libarchive/test/test_read_format_tar_filename_koi8r.tar.Z.uu \ + libarchive/test/test_read_format_tar_invalid_pax_size.tar.uu \ libarchive/test/test_read_format_ustar_filename_cp866.tar.Z.uu \ libarchive/test/test_read_format_ustar_filename_eucjp.tar.Z.uu \ libarchive/test/test_read_format_ustar_filename_koi8r.tar.Z.uu \ diff --git a/build/ci/github_actions/ci.cmd b/build/ci/github_actions/ci.cmd index 9dfc8b1f..a9cb6155 100755 --- a/build/ci/github_actions/ci.cmd +++ b/build/ci/github_actions/ci.cmd @@ -2,6 +2,7 @@ SET ZLIB_VERSION=1.2.12 SET BZIP2_VERSION=1ea1ac188ad4b9cb662e3f8314673c63df95a589 SET XZ_VERSION=5.2.5 +SET ZSTD_VERSION=1.5.2 IF NOT "%BE%"=="mingw-gcc" ( IF NOT "%BE%"=="msvc" ( ECHO Environment variable BE must be mingw-gcc or msvc @@ -43,6 +44,14 @@ IF "%1"=="deplibs" ( echo Unpacking xz-%XZ_VERSION%.zip C:\windows\system32\tar.exe -x -f xz-%XZ_VERSION%.zip || EXIT /b 1 ) + IF NOT EXIST zstd-%ZSTD_VERSION%.zip ( + echo Downloading https://github.com/facebook/zstd/archive/refs/tags/v%ZSTD_VERSION%.zip + curl -L -o zstd-%ZSTD_VERSION%.zip https://github.com/facebook/zstd/archive/refs/tags/v%ZSTD_VERSION%.zip || EXIT /b 1 + ) + IF NOT EXIST zstd-%ZSTD_VERSION% ( + echo Unpacking zstd-%ZSTD_VERSION%.zip + C:\windows\system32\tar.exe -x -f zstd-%ZSTD_VERSION%.zip || EXIT /b 1 + ) CD zlib-%ZLIB_VERSION% IF "%BE%"=="mingw-gcc" ( SET PATH=%MINGWPATH% @@ -82,16 +91,28 @@ IF "%1"=="deplibs" ( cmake --build . --target ALL_BUILD --config Release || EXIT /b 1 cmake --build . --target INSTALL --config Release || EXIT /b 1 ) + CD .. + CD zstd-%ZSTD_VERSION%\build\cmake + IF "%BE%"=="mingw-gcc" ( + SET PATH=%MINGWPATH% + cmake -G "MinGW Makefiles" -D CMAKE_BUILD_TYPE="Release" . || EXIT /b 1 + mingw32-make || EXIT /b 1 + mingw32-make install || EXIT /b 1 + ) ELSE IF "%BE%"=="msvc" ( + cmake -G "Visual Studio 17 2022" -D CMAKE_BUILD_TYPE="Release" . || EXIT /b 1 + cmake --build . --target ALL_BUILD --config Release || EXIT /b 1 + cmake --build . --target INSTALL --config Release || EXIT /b 1 + ) ) ELSE IF "%1%"=="configure" ( IF "%BE%"=="mingw-gcc" ( SET PATH=%MINGWPATH% MKDIR build_ci\cmake CD build_ci\cmake - cmake -G "MinGW Makefiles" -D ZLIB_LIBRARY="C:/Program Files (x86)/zlib/lib/libzlibstatic.a" -D ZLIB_INCLUDE_DIR="C:/Program Files (x86)/zlib/include" -D BZIP2_LIBRARIES="C:/Program Files (x86)/bzip2/lib/libbz2_static.a" -D BZIP2_INCLUDE_DIR="C:/Program Files (x86)/bzip2/include" -D LIBLZMA_LIBRARY="C:/Program Files (x86)/xz/lib/liblzma.a" -D LIBLZMA_INCLUDE_DIR="C:/Program Files (x86)/xz/include" ..\.. || EXIT /b 1 + cmake -G "MinGW Makefiles" -D ZLIB_LIBRARY="C:/Program Files (x86)/zlib/lib/libzlibstatic.a" -D ZLIB_INCLUDE_DIR="C:/Program Files (x86)/zlib/include" -D BZIP2_LIBRARIES="C:/Program Files (x86)/bzip2/lib/libbz2_static.a" -D BZIP2_INCLUDE_DIR="C:/Program Files (x86)/bzip2/include" -D LIBLZMA_LIBRARY="C:/Program Files (x86)/xz/lib/liblzma.a" -D LIBLZMA_INCLUDE_DIR="C:/Program Files (x86)/xz/include" -D ZSTD_LIBRARY="C:/Program Files (x86)/zstd/lib/libzstd.a" -D ZSTD_INCLUDE_DIR="C:/Program Files (x86)/zstd/include" ..\.. || EXIT /b 1 ) ELSE IF "%BE%"=="msvc" ( MKDIR build_ci\cmake CD build_ci\cmake - cmake -G "Visual Studio 17 2022" -D CMAKE_BUILD_TYPE="Release" -D ZLIB_LIBRARY="C:/Program Files (x86)/zlib/lib/zlibstatic.lib" -D ZLIB_INCLUDE_DIR="C:/Program Files (x86)/zlib/include" -D BZIP2_LIBRARIES="C:/Program Files (x86)/bzip2/lib/bz2_static.lib" -D BZIP2_INCLUDE_DIR="C:/Program Files (x86)/bzip2/include" -D LIBLZMA_LIBRARY="C:/Program Files (x86)/xz/lib/liblzma.lib" -D LIBLZMA_INCLUDE_DIR="C:/Program Files (x86)/xz/include" ..\.. || EXIT /b 1 + cmake -G "Visual Studio 17 2022" -D CMAKE_BUILD_TYPE="Release" -D ZLIB_LIBRARY="C:/Program Files (x86)/zlib/lib/zlibstatic.lib" -D ZLIB_INCLUDE_DIR="C:/Program Files (x86)/zlib/include" -D BZIP2_LIBRARIES="C:/Program Files (x86)/bzip2/lib/bz2_static.lib" -D BZIP2_INCLUDE_DIR="C:/Program Files (x86)/bzip2/include" -D LIBLZMA_LIBRARY="C:/Program Files (x86)/xz/lib/liblzma.lib" -D LIBLZMA_INCLUDE_DIR="C:/Program Files (x86)/xz/include" -D ZSTD_LIBRARY="C:/Program Files (x86)/zstd/lib/zstd_static.lib" -D ZSTD_INCLUDE_DIR="C:/Program Files (x86)/zstd/include" ..\.. || EXIT /b 1 ) ) ELSE IF "%1%"=="build" ( IF "%BE%"=="mingw-gcc" ( diff --git a/configure.ac b/configure.ac index b30430d2..cc51badc 100644 --- a/configure.ac +++ b/configure.ac @@ -1247,6 +1247,18 @@ case "$host_os" in ;; esac +dnl Visibility annotations... +saved_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS -fvisibility=hidden -Werror" +AC_MSG_CHECKING(whether compiler supports visibility annotations) +AC_LINK_IFELSE([AC_LANG_PROGRAM([ + int foo( void ) __attribute__((visibility("default"))); + ])], + [CFLAGS="$saved_CFLAGS -fvisibility=hidden -D__LIBARCHIVE_ENABLE_VISIBILITY"; + AC_MSG_RESULT(yes)], + [CFLAGS="$saved_CFLAGS" + AC_MSG_RESULT(no)]) + # Ensure test directories are present if building out-of-tree AC_CONFIG_COMMANDS([mkdirs], [mkdir -p libarchive/test tar/test cat/test cpio/test]) diff --git a/libarchive/CMakeLists.txt b/libarchive/CMakeLists.txt index e1d76a51..ff7ade00 100644 --- a/libarchive/CMakeLists.txt +++ b/libarchive/CMakeLists.txt @@ -5,6 +5,10 @@ # ############################################ +if (ANDROID) + include_directories(${PROJECT_SOURCE_DIR}/contrib/android/include) +endif() + # Public headers SET(include_HEADERS archive.h @@ -78,6 +82,7 @@ SET(libarchive_SOURCES archive_read_set_format.c archive_read_set_options.c archive_read_support_filter_all.c + archive_read_support_filter_by_code.c archive_read_support_filter_bzip2.c archive_read_support_filter_compress.c archive_read_support_filter_gzip.c diff --git a/libarchive/archive.h b/libarchive/archive.h index 7f58a1f2..dcb8b0df 100644 --- a/libarchive/archive.h +++ b/libarchive/archive.h @@ -120,6 +120,8 @@ typedef ssize_t la_ssize_t; # define __LA_DECL __declspec(dllimport) # endif # endif +#elif defined __LIBARCHIVE_ENABLE_VISIBILITY +# define __LA_DECL __attribute__((visibility("default"))) #else /* Static libraries or non-Windows needs no special declaration. */ # define __LA_DECL diff --git a/libarchive/archive_entry.h b/libarchive/archive_entry.h index 450b3cf9..e579e9f3 100644 --- a/libarchive/archive_entry.h +++ b/libarchive/archive_entry.h @@ -122,6 +122,8 @@ typedef ssize_t la_ssize_t; # define __LA_DECL __declspec(dllimport) # endif # endif +#elif defined __LIBARCHIVE_ENABLE_VISIBILITY +# define __LA_DECL __attribute__((visibility("default"))) #else /* Static libraries on all platforms and shared libraries on non-Windows. */ # define __LA_DECL diff --git a/libarchive/archive_platform.h b/libarchive/archive_platform.h index 3426975d..1038932a 100644 --- a/libarchive/archive_platform.h +++ b/libarchive/archive_platform.h @@ -195,8 +195,9 @@ /* * glibc 2.24 deprecates readdir_r + * bionic c deprecates readdir_r too */ -#if defined(HAVE_READDIR_R) && (!defined(__GLIBC__) || !defined(__GLIBC_MINOR__) || __GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 24)) +#if defined(HAVE_READDIR_R) && (!defined(__GLIBC__) || !defined(__GLIBC_MINOR__) || __GLIBC__ < 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ < 24)) && (!defined(__ANDROID__)) #define USE_READDIR_R 1 #else #undef USE_READDIR_R diff --git a/libarchive/archive_read_disk_posix.c b/libarchive/archive_read_disk_posix.c index 2b39e672..a96008db 100644 --- a/libarchive/archive_read_disk_posix.c +++ b/libarchive/archive_read_disk_posix.c @@ -34,9 +34,6 @@ __FBSDID("$FreeBSD$"); #ifdef HAVE_SYS_PARAM_H #include <sys/param.h> #endif -#ifdef HAVE_SYS_MOUNT_H -#include <sys/mount.h> -#endif #ifdef HAVE_SYS_STAT_H #include <sys/stat.h> #endif @@ -54,6 +51,8 @@ __FBSDID("$FreeBSD$"); #endif #ifdef HAVE_LINUX_FS_H #include <linux/fs.h> +#elif HAVE_SYS_MOUNT_H +#include <sys/mount.h> #endif /* * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h. diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c index 564ba514..9142051e 100644 --- a/libarchive/archive_read_support_format_7zip.c +++ b/libarchive/archive_read_support_format_7zip.c @@ -776,7 +776,7 @@ archive_read_format_7zip_read_header(struct archive_read *a, } /* Set up a more descriptive format name. */ - sprintf(zip->format_name, "7-Zip"); + snprintf(zip->format_name, sizeof(zip->format_name), "7-Zip"); a->archive.archive_format_name = zip->format_name; return (ret); diff --git a/libarchive/archive_read_support_format_cab.c b/libarchive/archive_read_support_format_cab.c index 950f3d25..433b5600 100644 --- a/libarchive/archive_read_support_format_cab.c +++ b/libarchive/archive_read_support_format_cab.c @@ -996,7 +996,7 @@ archive_read_format_cab_read_header(struct archive_read *a, cab->end_of_entry_cleanup = cab->end_of_entry = 1; /* Set up a more descriptive format name. */ - sprintf(cab->format_name, "CAB %d.%d (%s)", + snprintf(cab->format_name, sizeof(cab->format_name), "CAB %d.%d (%s)", hd->major, hd->minor, cab->entry_cffolder->compname); a->archive.archive_format_name = cab->format_name; diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c index bff0f01f..6d0b6d2e 100644 --- a/libarchive/archive_read_support_format_lha.c +++ b/libarchive/archive_read_support_format_lha.c @@ -739,7 +739,7 @@ archive_read_format_lha_read_header(struct archive_read *a, if (lha->directory || lha->compsize == 0) lha->end_of_entry = 1; - sprintf(lha->format_name, "lha -%c%c%c-", + snprintf(lha->format_name, sizeof(lha->format_name), "lha -%c%c%c-", lha->method[0], lha->method[1], lha->method[2]); a->archive.archive_format_name = lha->format_name; diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c index a3cfa72e..cc966a51 100644 --- a/libarchive/archive_read_support_format_rar5.c +++ b/libarchive/archive_read_support_format_rar5.c @@ -3911,6 +3911,13 @@ static int do_unpack(struct archive_read* a, struct rar5* rar, case GOOD: /* fallthrough */ case BEST: + /* No data is returned here. But because a sparse-file aware + * caller (like archive_read_data_into_fd) may treat zero-size + * as a sparse file block, we need to update the offset + * accordingly. At this point the decoder doesn't have any + * pending uncompressed data blocks, so the current position in + * the output file should be last_write_ptr. */ + if (offset) *offset = rar->cstate.last_write_ptr; return uncompress_file(a); default: archive_set_error(&a->archive, diff --git a/libarchive/archive_read_support_format_tar.c b/libarchive/archive_read_support_format_tar.c index bfdad7f8..e31f1cc4 100644 --- a/libarchive/archive_read_support_format_tar.c +++ b/libarchive/archive_read_support_format_tar.c @@ -2108,6 +2108,21 @@ pax_attribute(struct archive_read *a, struct tar *tar, /* "size" is the size of the data in the entry. */ tar->entry_bytes_remaining = tar_atol10(value, strlen(value)); + if (tar->entry_bytes_remaining < 0) { + tar->entry_bytes_remaining = 0; + archive_set_error(&a->archive, + ARCHIVE_ERRNO_MISC, + "Tar size attribute is negative"); + return (ARCHIVE_FATAL); + } + if (tar->entry_bytes_remaining == INT64_MAX) { + /* Note: tar_atol returns INT64_MAX on overflow */ + tar->entry_bytes_remaining = 0; + archive_set_error(&a->archive, + ARCHIVE_ERRNO_MISC, + "Tar size attribute overflow"); + return (ARCHIVE_FATAL); + } /* * The "size" pax header keyword always overrides the * "size" field in the tar header. diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c index 66592e82..27626b54 100644 --- a/libarchive/archive_write.c +++ b/libarchive/archive_write.c @@ -201,6 +201,10 @@ __archive_write_allocate_filter(struct archive *_a) struct archive_write_filter *f; f = calloc(1, sizeof(*f)); + + if (f == NULL) + return (NULL); + f->archive = _a; f->state = ARCHIVE_WRITE_FILTER_STATE_NEW; if (a->filter_first == NULL) @@ -548,6 +552,10 @@ archive_write_open2(struct archive *_a, void *client_data, a->client_data = client_data; client_filter = __archive_write_allocate_filter(_a); + + if (client_filter == NULL) + return (ARCHIVE_FATAL); + client_filter->open = archive_write_client_open; client_filter->write = archive_write_client_write; client_filter->close = archive_write_client_close; diff --git a/libarchive/archive_write_set_format_pax.c b/libarchive/archive_write_set_format_pax.c index 52911491..cf1f4770 100644 --- a/libarchive/archive_write_set_format_pax.c +++ b/libarchive/archive_write_set_format_pax.c @@ -1717,7 +1717,7 @@ build_pax_attribute_name(char *dest, const char *src) * to having clients override it. */ #if HAVE_GETPID && 0 /* Disable this for now; see above comment. */ - sprintf(buff, "PaxHeader.%d", getpid()); + snprintf(buff, sizeof(buff), "PaxHeader.%d", getpid()); #else /* If the platform can't fetch the pid, don't include it. */ strcpy(buff, "PaxHeader"); diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt index 23bcc5bb..bbbff223 100644 --- a/libarchive/test/CMakeLists.txt +++ b/libarchive/test/CMakeLists.txt @@ -162,6 +162,7 @@ IF(ENABLE_TEST) test_read_format_tar_empty_with_gnulabel.c test_read_format_tar_empty_pax.c test_read_format_tar_filename.c + test_read_format_tar_invalid_pax_size.c test_read_format_tbz.c test_read_format_tgz.c test_read_format_tlz.c diff --git a/libarchive/test/test_acl_platform_nfs4.c b/libarchive/test/test_acl_platform_nfs4.c index ae4bb5a1..6a5b4394 100644 --- a/libarchive/test/test_acl_platform_nfs4.c +++ b/libarchive/test/test_acl_platform_nfs4.c @@ -907,7 +907,7 @@ DEFINE_TEST(test_acl_platform_nfs4) assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); for (i = 0; i < acls_dir_cnt; ++i) { - sprintf(buff, "dir%d", i); + snprintf(buff, sizeof(buff), "dir%d", i); archive_entry_set_pathname(ae, buff); archive_entry_set_filetype(ae, AE_IFDIR); archive_entry_set_perm(ae, 0654); @@ -960,7 +960,7 @@ DEFINE_TEST(test_acl_platform_nfs4) /* Verify single-permission dirs on disk. */ for (i = 0; i < dircnt; ++i) { - sprintf(buff, "dir%d", i); + snprintf(buff, sizeof(buff), "dir%d", i); assertEqualInt(0, stat(buff, &st)); assertEqualInt(st.st_mtime, 123456 + i); #if ARCHIVE_ACL_SUNOS_NFS4 diff --git a/libarchive/test/test_archive_api_feature.c b/libarchive/test/test_archive_api_feature.c index 60773ad0..d7d1a2d5 100644 --- a/libarchive/test/test_archive_api_feature.c +++ b/libarchive/test/test_archive_api_feature.c @@ -32,7 +32,7 @@ DEFINE_TEST(test_archive_api_feature) /* This is the (hopefully) final versioning API. */ assertEqualInt(ARCHIVE_VERSION_NUMBER, archive_version_number()); - sprintf(buff, "libarchive %d.%d.%d", + snprintf(buff, sizeof(buff), "libarchive %d.%d.%d", archive_version_number() / 1000000, (archive_version_number() / 1000) % 1000, archive_version_number() % 1000); diff --git a/libarchive/test/test_read_format_rar5.c b/libarchive/test/test_read_format_rar5.c index acc90510..0c302897 100644 --- a/libarchive/test/test_read_format_rar5.c +++ b/libarchive/test/test_read_format_rar5.c @@ -1346,4 +1346,27 @@ DEFINE_TEST(test_read_format_rar5_bad_window_size_in_multiarchive_file) while(0 < archive_read_data(a, buf, sizeof(buf))) {} EPILOGUE(); -}
\ No newline at end of file +} + +DEFINE_TEST(test_read_format_rar5_read_data_block_uninitialized_offset) +{ + const void *buf; + size_t size; + la_int64_t offset; + + PROLOGUE("test_read_format_rar5_compressed.rar"); + assertA(0 == archive_read_next_header(a, &ae)); + + /* A real code may pass a pointer to an uninitialized variable as an offset + * output argument. Here we want to check this situation. But because + * relying on a value of an uninitialized variable in a test is not a good + * idea, let's pretend that 0xdeadbeef is a random value of the + * uninitialized variable. */ + offset = 0xdeadbeef; + assertEqualInt(ARCHIVE_OK, archive_read_data_block(a, &buf, &size, &offset)); + /* The test archive doesn't contain a sparse file. And because of that, here + * we assume that the first returned offset should be 0. */ + assertEqualInt(0, offset); + + EPILOGUE(); +} diff --git a/libarchive/test/test_read_format_tar_invalid_pax_size.c b/libarchive/test/test_read_format_tar_invalid_pax_size.c new file mode 100644 index 00000000..0a03cb67 --- /dev/null +++ b/libarchive/test/test_read_format_tar_invalid_pax_size.c @@ -0,0 +1,53 @@ +/*- + * Copyright (c) 2020 Ben Wagner + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "test.h" +__FBSDID("$FreeBSD$"); + +/* + * The pax size attribute can be used to override the size. + * It should be validated the same way the normal size is validated. + * The test data is fuzzer output from + * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=48467 . + */ +DEFINE_TEST(test_read_format_tar_invalid_pax_size) +{ + /* + * An archive that contains a PAX 'size' record with a large negative value. + */ + struct archive_entry *ae; + struct archive *a; + const char *refname = "test_read_format_tar_invalid_pax_size.tar"; + + extract_reference_file(refname); + assert((a = archive_read_new()) != NULL); + assertEqualInt(ARCHIVE_OK, archive_read_support_filter_all(a)); + assertEqualInt(ARCHIVE_OK, archive_read_support_format_all(a)); + assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, refname, 10240)); + /* This assert will pass a normal debug build without the pax size check. */ + /* Run this test with `-fsanitize=undefined` to verify. */ + assertEqualIntA(a, ARCHIVE_FATAL, archive_read_next_header(a, &ae)); + assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); + assertEqualInt(ARCHIVE_OK, archive_read_free(a)); +} diff --git a/libarchive/test/test_read_format_tar_invalid_pax_size.tar.uu b/libarchive/test/test_read_format_tar_invalid_pax_size.tar.uu new file mode 100644 index 00000000..71309eab --- /dev/null +++ b/libarchive/test/test_read_format_tar_invalid_pax_size.tar.uu @@ -0,0 +1,38 @@ +begin 644 test_read_format_tar_invalid_pax_size.tar.uu +M+B]087A(96%D97)S+C$T-#8S+V%A80`````````````````````````````` +M```````````````````````````````````````````````````````````` +M`````````````#`P,#`V-#0`,#`P,#`P,``P,#`P,#`P`#`P,#`P,#`P,S$R +M`#$R-3,Q,30U,S<Q`"`Q,30R,"`@>``````````````````````````````` +M```````````````````````````````````````````````````````````` +M``````````````````````````````````````````!U='-A<@`P,``````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````S,"`@("`@(#T@("`@("`@("`@("`@("`@("`@ +M(`HS,"`@("`@(#T@("`@("`@("`@("`@("`@("`@(`HS,"`@("`@("`]("`@ +M("`@("`@("`@("`@("`@(`HS,"!S:7IE/2TQ.3<V.30Q,3$Q,S8U.3<R-S0S +M-@H@("`@("`@("`@_R`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@ +M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@ +M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@ +M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@ +M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@ +M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@ +M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@____("`@("`@("`@ +M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@ +M("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@("`@(&%A80`````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````P +M,#,P.#$V`#`S-S0U,S0`,#`Q,38Q,``P,#`P,#`P,#`P-P`Q,C4S,3$T-3,W +M,``@,3(P-S$@(#$````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M````=7-T87(`,#!D=GEU:V]V````````````````````````````````96YG +M`````````````````````````/\!````````````````,#`Q`#`P,#`P,#`P +M,#`P````````````````````````````````````````````````````]P`` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +M```````````````````````````````````````````````````````````` +&```````` +` +end diff --git a/libarchive/test/test_read_truncated_filter.c b/libarchive/test/test_read_truncated_filter.c index 532e3eee..f85ccaa1 100644 --- a/libarchive/test/test_read_truncated_filter.c +++ b/libarchive/test/test_read_truncated_filter.c @@ -81,7 +81,7 @@ test_truncation(const char *compression, archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); for (i = 0; i < 100; i++) { - sprintf(path, "%s%d", compression, i); + snprintf(path, sizeof(path), "%s%d", compression, i); archive_entry_copy_pathname(ae, path); failure("%s", path); if (!assertEqualIntA(a, ARCHIVE_OK, @@ -123,7 +123,7 @@ test_truncation(const char *compression, assert(NULL != archive_error_string(a)); break; } - sprintf(path, "%s%d", compression, i); + snprintf(path, sizeof(path), "%s%d", compression, i); assertEqualString(path, archive_entry_pathname(ae)); if (datasize != (size_t)archive_read_data(a, data, datasize)) { failure("Should have non-NULL error message for %s", diff --git a/libarchive/test/test_tar_large.c b/libarchive/test/test_tar_large.c index 626f9f08..0da58aa3 100644 --- a/libarchive/test/test_tar_large.c +++ b/libarchive/test/test_tar_large.c @@ -224,7 +224,7 @@ DEFINE_TEST(test_tar_large) */ for (i = 0; tests[i] != 0; i++) { assert((ae = archive_entry_new()) != NULL); - sprintf(namebuff, "file_%d", i); + snprintf(namebuff, sizeof(namebuff), "file_%d", i); archive_entry_copy_pathname(ae, namebuff); archive_entry_set_mode(ae, S_IFREG | 0755); filesize = tests[i]; @@ -271,7 +271,7 @@ DEFINE_TEST(test_tar_large) */ for (i = 0; tests[i] > 0; i++) { assertEqualIntA(a, 0, archive_read_next_header(a, &ae)); - sprintf(namebuff, "file_%d", i); + snprintf(namebuff, sizeof(namebuff), "file_%d", i); assertEqualString(namebuff, archive_entry_pathname(ae)); assert(tests[i] == archive_entry_size(ae)); } diff --git a/libarchive/test/test_write_disk_secure744.c b/libarchive/test/test_write_disk_secure744.c index 08c725e1..9b12d4cf 100644 --- a/libarchive/test/test_write_disk_secure744.c +++ b/libarchive/test/test_write_disk_secure744.c @@ -75,7 +75,7 @@ DEFINE_TEST(test_write_disk_secure744) archive_entry_free(ae); *p++ = '/'; - sprintf(p, "target%d", n); + snprintf(p, buff_size - (p - buff), "target%d", n); /* Try to create a file through the symlink, should fail. */ assert((ae = archive_entry_new()) != NULL); diff --git a/libarchive/test/test_write_filter_b64encode.c b/libarchive/test/test_write_filter_b64encode.c index 665087b9..5b917e92 100644 --- a/libarchive/test/test_write_filter_b64encode.c +++ b/libarchive/test/test_write_filter_b64encode.c @@ -64,7 +64,7 @@ DEFINE_TEST(test_write_filter_b64encode) assert((ae = archive_entry_new()) != NULL); archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); archive_entry_copy_pathname(ae, path); assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); assertA(datasize @@ -79,7 +79,7 @@ DEFINE_TEST(test_write_filter_b64encode) assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a)); assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used1)); for (i = 0; i < 99; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualIntA(a, 0, archive_read_next_header(a, &ae))) break; assertEqualString(path, archive_entry_pathname(ae)); @@ -111,7 +111,7 @@ DEFINE_TEST(test_write_filter_b64encode) assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < 99; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -128,7 +128,7 @@ DEFINE_TEST(test_write_filter_b64encode) assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a)); assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < 99; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(0, archive_read_next_header(a, &ae))) break; assertEqualString(path, archive_entry_pathname(ae)); diff --git a/libarchive/test/test_write_filter_bzip2.c b/libarchive/test/test_write_filter_bzip2.c index 4f32d28c..9e089c0d 100644 --- a/libarchive/test/test_write_filter_bzip2.c +++ b/libarchive/test/test_write_filter_bzip2.c @@ -83,7 +83,7 @@ DEFINE_TEST(test_write_filter_bzip2) archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); for (i = 0; i < 999; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); archive_entry_copy_pathname(ae, path); assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); assertA(datasize @@ -99,7 +99,7 @@ DEFINE_TEST(test_write_filter_bzip2) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used1)); for (i = 0; i < 999; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(0, archive_read_next_header(a, &ae))) break; assertEqualString(path, archive_entry_pathname(ae)); @@ -133,7 +133,7 @@ DEFINE_TEST(test_write_filter_bzip2) assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < 999; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -160,7 +160,7 @@ DEFINE_TEST(test_write_filter_bzip2) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < 999; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(0, archive_read_next_header(a, &ae))) break; assertEqualString(path, archive_entry_pathname(ae)); @@ -187,7 +187,7 @@ DEFINE_TEST(test_write_filter_bzip2) assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < 999; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -212,7 +212,7 @@ DEFINE_TEST(test_write_filter_bzip2) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < 999; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(0, archive_read_next_header(a, &ae))) break; assertEqualString(path, archive_entry_pathname(ae)); diff --git a/libarchive/test/test_write_filter_compress.c b/libarchive/test/test_write_filter_compress.c index 1b8910e5..5cc0fc80 100644 --- a/libarchive/test/test_write_filter_compress.c +++ b/libarchive/test/test_write_filter_compress.c @@ -59,7 +59,7 @@ DEFINE_TEST(test_write_filter_compress) archive_write_open_memory(a, buff, buffsize, &used)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -83,7 +83,7 @@ DEFINE_TEST(test_write_filter_compress) for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(0, archive_read_next_header(a, &ae))) break; assertEqualString(path, archive_entry_pathname(ae)); diff --git a/libarchive/test/test_write_filter_gzip.c b/libarchive/test/test_write_filter_gzip.c index 935fb51f..2b761627 100644 --- a/libarchive/test/test_write_filter_gzip.c +++ b/libarchive/test/test_write_filter_gzip.c @@ -85,7 +85,7 @@ DEFINE_TEST(test_write_filter_gzip) archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); archive_entry_copy_pathname(ae, path); assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); assertA(datasize @@ -113,7 +113,7 @@ DEFINE_TEST(test_write_filter_gzip) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used1)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; @@ -148,7 +148,7 @@ DEFINE_TEST(test_write_filter_gzip) archive_write_set_options(a, "gzip:compression-level=9")); assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -187,7 +187,7 @@ DEFINE_TEST(test_write_filter_gzip) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; @@ -212,7 +212,7 @@ DEFINE_TEST(test_write_filter_gzip) assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -249,7 +249,7 @@ DEFINE_TEST(test_write_filter_gzip) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; diff --git a/libarchive/test/test_write_filter_lrzip.c b/libarchive/test/test_write_filter_lrzip.c index f28c8358..2efc2ec2 100644 --- a/libarchive/test/test_write_filter_lrzip.c +++ b/libarchive/test/test_write_filter_lrzip.c @@ -68,7 +68,7 @@ DEFINE_TEST(test_write_filter_lrzip) archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); archive_entry_copy_pathname(ae, path); assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); assertA(datasize @@ -84,7 +84,7 @@ DEFINE_TEST(test_write_filter_lrzip) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used1)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; diff --git a/libarchive/test/test_write_filter_lz4.c b/libarchive/test/test_write_filter_lz4.c index 4f2135a3..071fee41 100644 --- a/libarchive/test/test_write_filter_lz4.c +++ b/libarchive/test/test_write_filter_lz4.c @@ -84,7 +84,7 @@ DEFINE_TEST(test_write_filter_lz4) archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); archive_entry_copy_pathname(ae, path); assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); assertA(datasize @@ -107,7 +107,7 @@ DEFINE_TEST(test_write_filter_lz4) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used1)); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; @@ -142,7 +142,7 @@ DEFINE_TEST(test_write_filter_lz4) assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -170,7 +170,7 @@ DEFINE_TEST(test_write_filter_lz4) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; @@ -195,7 +195,7 @@ DEFINE_TEST(test_write_filter_lz4) assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -225,7 +225,7 @@ DEFINE_TEST(test_write_filter_lz4) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; @@ -330,7 +330,7 @@ test_options(const char *options) archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); archive_entry_copy_pathname(ae, path); assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); assertA(datasize @@ -350,7 +350,7 @@ test_options(const char *options) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used1)); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; diff --git a/libarchive/test/test_write_filter_lzip.c b/libarchive/test/test_write_filter_lzip.c index 145a3084..ce70a5d6 100644 --- a/libarchive/test/test_write_filter_lzip.c +++ b/libarchive/test/test_write_filter_lzip.c @@ -81,7 +81,7 @@ DEFINE_TEST(test_write_filter_lzip) archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); archive_entry_copy_pathname(ae, path); assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); assertA(datasize @@ -103,7 +103,7 @@ DEFINE_TEST(test_write_filter_lzip) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used1)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; @@ -133,7 +133,7 @@ DEFINE_TEST(test_write_filter_lzip) archive_write_set_filter_option(a, NULL, "compression-level", "9")); assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -157,7 +157,7 @@ DEFINE_TEST(test_write_filter_lzip) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); failure("Trying to read %s", path); if (!assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae))) @@ -181,7 +181,7 @@ DEFINE_TEST(test_write_filter_lzip) archive_write_set_filter_option(a, NULL, "compression-level", "0")); assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -210,7 +210,7 @@ DEFINE_TEST(test_write_filter_lzip) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; diff --git a/libarchive/test/test_write_filter_lzma.c b/libarchive/test/test_write_filter_lzma.c index 68e48983..d055333a 100644 --- a/libarchive/test/test_write_filter_lzma.c +++ b/libarchive/test/test_write_filter_lzma.c @@ -80,7 +80,7 @@ DEFINE_TEST(test_write_filter_lzma) archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); archive_entry_copy_pathname(ae, path); assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); assertA(datasize @@ -102,7 +102,7 @@ DEFINE_TEST(test_write_filter_lzma) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used1)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; @@ -132,7 +132,7 @@ DEFINE_TEST(test_write_filter_lzma) archive_write_set_filter_option(a, NULL, "compression-level", "9")); assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -156,7 +156,7 @@ DEFINE_TEST(test_write_filter_lzma) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); failure("Trying to read %s", path); if (!assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae))) @@ -180,7 +180,7 @@ DEFINE_TEST(test_write_filter_lzma) archive_write_set_filter_option(a, NULL, "compression-level", "0")); assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -214,7 +214,7 @@ DEFINE_TEST(test_write_filter_lzma) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; diff --git a/libarchive/test/test_write_filter_lzop.c b/libarchive/test/test_write_filter_lzop.c index 92db7bf3..18fc332b 100644 --- a/libarchive/test/test_write_filter_lzop.c +++ b/libarchive/test/test_write_filter_lzop.c @@ -79,7 +79,7 @@ DEFINE_TEST(test_write_filter_lzop) archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); archive_entry_copy_pathname(ae, path); assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); assertA(datasize @@ -99,7 +99,7 @@ DEFINE_TEST(test_write_filter_lzop) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used1)); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; @@ -135,7 +135,7 @@ DEFINE_TEST(test_write_filter_lzop) assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -163,7 +163,7 @@ DEFINE_TEST(test_write_filter_lzop) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; @@ -188,7 +188,7 @@ DEFINE_TEST(test_write_filter_lzop) assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -218,7 +218,7 @@ DEFINE_TEST(test_write_filter_lzop) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; diff --git a/libarchive/test/test_write_filter_uuencode.c b/libarchive/test/test_write_filter_uuencode.c index 57a4b49b..2ce5b893 100644 --- a/libarchive/test/test_write_filter_uuencode.c +++ b/libarchive/test/test_write_filter_uuencode.c @@ -64,7 +64,7 @@ DEFINE_TEST(test_write_filter_uuencode) assert((ae = archive_entry_new()) != NULL); archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); archive_entry_copy_pathname(ae, path); assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); assertA(datasize @@ -79,7 +79,7 @@ DEFINE_TEST(test_write_filter_uuencode) assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a)); assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used1)); for (i = 0; i < 99; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualIntA(a, 0, archive_read_next_header(a, &ae))) break; assertEqualString(path, archive_entry_pathname(ae)); @@ -111,7 +111,7 @@ DEFINE_TEST(test_write_filter_uuencode) assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < 99; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -128,7 +128,7 @@ DEFINE_TEST(test_write_filter_uuencode) assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a)); assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < 99; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(0, archive_read_next_header(a, &ae))) break; assertEqualString(path, archive_entry_pathname(ae)); diff --git a/libarchive/test/test_write_filter_xz.c b/libarchive/test/test_write_filter_xz.c index bf1265c6..e2f1ec82 100644 --- a/libarchive/test/test_write_filter_xz.c +++ b/libarchive/test/test_write_filter_xz.c @@ -80,7 +80,7 @@ DEFINE_TEST(test_write_filter_xz) archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); archive_entry_copy_pathname(ae, path); assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); assertA(datasize @@ -102,7 +102,7 @@ DEFINE_TEST(test_write_filter_xz) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used1)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; @@ -132,7 +132,7 @@ DEFINE_TEST(test_write_filter_xz) archive_write_set_filter_option(a, NULL, "compression-level", "9")); assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -163,7 +163,7 @@ DEFINE_TEST(test_write_filter_xz) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); failure("Trying to read %s", path); if (!assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae))) @@ -187,7 +187,7 @@ DEFINE_TEST(test_write_filter_xz) archive_write_set_filter_option(a, NULL, "compression-level", "0")); assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -220,7 +220,7 @@ DEFINE_TEST(test_write_filter_xz) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; diff --git a/libarchive/test/test_write_filter_zstd.c b/libarchive/test/test_write_filter_zstd.c index 6601e6aa..263cea5b 100644 --- a/libarchive/test/test_write_filter_zstd.c +++ b/libarchive/test/test_write_filter_zstd.c @@ -74,7 +74,7 @@ DEFINE_TEST(test_write_filter_zstd) archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); archive_entry_copy_pathname(ae, path); assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); assertA(datasize @@ -96,7 +96,7 @@ DEFINE_TEST(test_write_filter_zstd) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used1)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); if (!assertEqualInt(ARCHIVE_OK, archive_read_next_header(a, &ae))) break; @@ -135,7 +135,7 @@ DEFINE_TEST(test_write_filter_zstd) archive_write_set_filter_option(a, NULL, "threads", "4")); assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); assert((ae = archive_entry_new()) != NULL); archive_entry_copy_pathname(ae, path); archive_entry_set_size(ae, datasize); @@ -158,7 +158,7 @@ DEFINE_TEST(test_write_filter_zstd) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used2)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); failure("Trying to read %s", path); if (!assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae))) @@ -185,7 +185,7 @@ DEFINE_TEST(test_write_filter_zstd) archive_entry_set_filetype(ae, AE_IFREG); archive_entry_set_size(ae, datasize); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); archive_entry_copy_pathname(ae, path); assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); assertA(datasize == (size_t)archive_write_data(a, data, datasize)); @@ -205,7 +205,7 @@ DEFINE_TEST(test_write_filter_zstd) assertEqualIntA(a, ARCHIVE_OK, archive_read_open_memory(a, buff, used3)); for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); + snprintf(path, sizeof(path), "file%03d", i); failure("Trying to read %s", path); if (!assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae))) diff --git a/libarchive/test/test_write_format_zip_large.c b/libarchive/test/test_write_format_zip_large.c index 2f98c6d4..e3594c97 100644 --- a/libarchive/test/test_write_format_zip_large.c +++ b/libarchive/test/test_write_format_zip_large.c @@ -309,7 +309,7 @@ verify_large_zip(struct archive *a, struct fileblocks *fileblocks) for (i = 0; test_sizes[i] > 0; i++) { assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae)); - sprintf(namebuff, "file_%d", i); + snprintf(namebuff, sizeof(namebuff), "file_%d", i); assertEqualString(namebuff, archive_entry_pathname(ae)); assertEqualInt(test_sizes[i], archive_entry_size(ae)); } @@ -359,7 +359,7 @@ DEFINE_TEST(test_write_format_zip_large) */ for (i = 0; test_sizes[i] != 0; i++) { assert((ae = archive_entry_new()) != NULL); - sprintf(namebuff, "file_%d", i); + snprintf(namebuff, sizeof(namebuff), "file_%d", i); archive_entry_copy_pathname(ae, namebuff); archive_entry_set_mode(ae, S_IFREG | 0755); filesize = test_sizes[i]; diff --git a/tar/bsdtar.1 b/tar/bsdtar.1 index 63774216..b57835ad 100644 --- a/tar/bsdtar.1 +++ b/tar/bsdtar.1 @@ -953,7 +953,7 @@ archives. .Sh ENVIRONMENT The following environment variables affect the execution of .Nm : -.Bl -tag -width ".Ev BLOCKSIZE" +.Bl -tag -width indent .It Ev TAR_READER_OPTIONS The default options for format readers and compression readers. The diff --git a/tar/test/test_copy.c b/tar/test/test_copy.c index d618e45c..b8175c35 100644 --- a/tar/test/test_copy.c +++ b/tar/test/test_copy.c @@ -160,21 +160,21 @@ create_tree(void) failure("Internal sanity check failed: i = %d", i); assert(filenames[i] != NULL); - sprintf(buff, "f/%s", filenames[i]); + snprintf(buff, sizeof(buff), "f/%s", filenames[i]); assertMakeFile(buff, 0777, buff); /* Create a link named "l/abcdef..." to the above. */ - sprintf(buff2, "l/%s", filenames[i]); + snprintf(buff2, sizeof(buff2), "l/%s", filenames[i]); assertMakeHardlink(buff2, buff); /* Create a link named "m/abcdef..." to the above. */ - sprintf(buff2, "m/%s", filenames[i]); + snprintf(buff2, sizeof(buff2), "m/%s", filenames[i]); assertMakeHardlink(buff2, buff); if (canSymlink()) { /* Create a symlink named "s/abcdef..." to the above. */ - sprintf(buff, "s/%s", filenames[i]); - sprintf(buff2, "../f/%s", filenames[i]); + snprintf(buff, sizeof(buff), "s/%s", filenames[i]); + snprintf(buff2, sizeof(buff2), "../f/%s", filenames[i]); failure("buff=\"%s\" buff2=\"%s\"", buff, buff2); assertMakeSymlink(buff, buff2, 0); } @@ -202,13 +202,13 @@ verify_tree(size_t limit) /* Generate the names we know should be there and verify them. */ for (i = 1; i < LOOP_MAX; i++) { /* Verify a file named "f/abcdef..." */ - sprintf(name1, "f/%s", filenames[i]); + snprintf(name1, sizeof(name1), "f/%s", filenames[i]); if (i <= limit) { assertFileExists(name1); assertFileContents(name1, (int)strlen(name1), name1); } - sprintf(name2, "l/%s", filenames[i]); + snprintf(name2, sizeof(name2), "l/%s", filenames[i]); if (i + 2 <= limit) { /* Verify hardlink "l/abcdef..." */ assertIsHardlink(name1, name2); @@ -219,14 +219,14 @@ verify_tree(size_t limit) if (canSymlink()) { /* Verify symlink "s/abcdef..." */ - sprintf(name1, "s/%s", filenames[i]); - sprintf(name2, "../f/%s", filenames[i]); + snprintf(name1, sizeof(name1), "s/%s", filenames[i]); + snprintf(name2, sizeof(name2), "../f/%s", filenames[i]); if (strlen(name2) <= limit) assertIsSymlink(name1, name2, 0); } /* Verify dir "d/abcdef...". */ - sprintf(name1, "d/%s", filenames[i]); + snprintf(name1, sizeof(name1), "d/%s", filenames[i]); if (i + 1 <= limit) { /* +1 for trailing slash */ if (assertIsDir(name1, -1)) { /* TODO: opendir/readdir this @@ -63,7 +63,7 @@ __FBSDID("$FreeBSD: src/usr.bin/tar/util.c,v 1.23 2008/12/15 06:00:25 kientzle E #include "err.h" #include "passphrase.h" -static size_t bsdtar_expand_char(char *, size_t, char); +static size_t bsdtar_expand_char(char *, size_t, size_t, char); static const char *strip_components(const char *path, int elements); #if defined(_WIN32) && !defined(__CYGWIN__) @@ -173,12 +173,12 @@ safe_fprintf(FILE *f, const char *fmt, ...) /* Not printable, format the bytes. */ while (n-- > 0) i += (unsigned)bsdtar_expand_char( - outbuff, i, *p++); + outbuff, sizeof(outbuff), i, *p++); } } else { /* After any conversion failure, don't bother * trying to convert the rest. */ - i += (unsigned)bsdtar_expand_char(outbuff, i, *p++); + i += (unsigned)bsdtar_expand_char(outbuff, sizeof(outbuff), i, *p++); try_wc = 0; } @@ -200,7 +200,7 @@ safe_fprintf(FILE *f, const char *fmt, ...) * Render an arbitrary sequence of bytes into printable ASCII characters. */ static size_t -bsdtar_expand_char(char *buff, size_t offset, char c) +bsdtar_expand_char(char *buff, size_t buffsize, size_t offset, char c) { size_t i = offset; @@ -221,7 +221,7 @@ bsdtar_expand_char(char *buff, size_t offset, char c) case '\v': buff[i++] = 'v'; break; case '\\': buff[i++] = '\\'; break; default: - sprintf(buff + i, "%03o", 0xFF & (int)c); + snprintf(buff + i, buffsize - i, "%03o", 0xFF & (int)c); i += 3; } } @@ -309,11 +309,12 @@ set_chdir(struct bsdtar *bsdtar, const char *newdir) /* The -C /foo -C bar case; concatenate */ char *old_pending = bsdtar->pending_chdir; size_t old_len = strlen(old_pending); - bsdtar->pending_chdir = malloc(old_len + strlen(newdir) + 2); + size_t new_len = old_len + strlen(newdir) + 2; + bsdtar->pending_chdir = malloc(new_len); if (old_pending[old_len - 1] == '/') old_pending[old_len - 1] = '\0'; if (bsdtar->pending_chdir != NULL) - sprintf(bsdtar->pending_chdir, "%s/%s", + snprintf(bsdtar->pending_chdir, new_len, "%s/%s", old_pending, newdir); free(old_pending); } @@ -695,7 +696,7 @@ list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry) /* Use uname if it's present, else uid. */ p = archive_entry_uname(entry); if ((p == NULL) || (*p == '\0')) { - sprintf(tmp, "%lu ", + snprintf(tmp, sizeof(tmp), "%lu ", (unsigned long)archive_entry_uid(entry)); p = tmp; } @@ -710,7 +711,7 @@ list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry) fprintf(out, "%s", p); w = strlen(p); } else { - sprintf(tmp, "%lu", + snprintf(tmp, sizeof(tmp), "%lu", (unsigned long)archive_entry_gid(entry)); w = strlen(tmp); fprintf(out, "%s", tmp); @@ -723,7 +724,7 @@ list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry) */ if (archive_entry_filetype(entry) == AE_IFCHR || archive_entry_filetype(entry) == AE_IFBLK) { - sprintf(tmp, "%lu,%lu", + snprintf(tmp, sizeof(tmp), "%lu,%lu", (unsigned long)archive_entry_rdevmajor(entry), (unsigned long)archive_entry_rdevminor(entry)); } else { diff --git a/test_utils/test_main.c b/test_utils/test_main.c index 116da231..587301cf 100644 --- a/test_utils/test_main.c +++ b/test_utils/test_main.c @@ -426,7 +426,7 @@ failure(const char *fmt, ...) nextmsg = NULL; } else { va_start(ap, fmt); - vsprintf(msgbuff, fmt, ap); + vsnprintf(msgbuff, sizeof(msgbuff), fmt, ap); va_end(ap); nextmsg = msgbuff; } @@ -551,7 +551,7 @@ test_skipping(const char *fmt, ...) va_list ap; va_start(ap, fmt); - vsprintf(buff, fmt, ap); + vsnprintf(buff, sizeof(buff), fmt, ap); va_end(ap); /* Use failure() message if set. */ msg = nextmsg; @@ -3065,7 +3065,7 @@ systemf(const char *fmt, ...) int r; va_start(ap, fmt); - vsprintf(buff, fmt, ap); + vsnprintf(buff, sizeof(buff), fmt, ap); if (verbosity > VERBOSITY_FULL) logprintf("Cmd: %s\n", buff); r = system(buff); @@ -3090,7 +3090,7 @@ slurpfile(size_t * sizep, const char *fmt, ...) int r; va_start(ap, fmt); - vsprintf(filename, fmt, ap); + vsnprintf(filename, sizeof(filename), fmt, ap); va_end(ap); f = fopen(filename, "rb"); @@ -3157,7 +3157,7 @@ extract_reference_file(const char *name) char buff[1024]; FILE *in, *out; - sprintf(buff, "%s/%s.uu", refdir, name); + snprintf(buff, sizeof(buff), "%s/%s.uu", refdir, name); in = fopen(buff, "r"); failure("Couldn't open reference file %s", buff); assert(in != NULL); @@ -3218,7 +3218,7 @@ copy_reference_file(const char *name) FILE *in, *out; size_t rbytes; - sprintf(buff, "%s/%s", refdir, name); + snprintf(buff, sizeof(buff), "%s/%s", refdir, name); in = fopen(buff, "rb"); failure("Couldn't open reference file %s", buff); assert(in != NULL); @@ -3545,7 +3545,7 @@ test_run(int i, const char *tmpdir) exit(1); } /* Create a log file for this test. */ - sprintf(logfilename, "%s.log", tests[i].name); + snprintf(logfilename, sizeof(logfilename), "%s.log", tests[i].name); logfile = fopen(logfilename, "w"); fprintf(logfile, "%s\n\n", tests[i].name); /* Chdir() to a work dir for this specific test. */ |