diff options
| author | Aleksey Sanin <aleksey@src.gnome.org> | 2002-06-14 17:07:10 +0000 |
|---|---|---|
| committer | Aleksey Sanin <aleksey@src.gnome.org> | 2002-06-14 17:07:10 +0000 |
| commit | 49cc97565fbe2928388a1e437c44429097a504ae (patch) | |
| tree | e96c37456485dd61090411351595f4fb820c73b0 /tree.c | |
| parent | e059b891efee0c1834c8a02358eb57cca6587177 (diff) | |
| download | libxml2-49cc97565fbe2928388a1e437c44429097a504ae.tar.gz | |
replaced sprintf() with snprintf() to prevent possible buffer overflow
* DOCBparser.c HTMLparser.c debugXML.c encoding.c
nanoftp.c nanohttp.c parser.c tree.c uri.c xmlIO.c
xmllint.c xpath.c: replaced sprintf() with snprintf()
to prevent possible buffer overflow (the bug was pointed
out by Anju Premachandran)
Diffstat (limited to 'tree.c')
| -rw-r--r-- | tree.c | 8 |
1 files changed, 4 insertions, 4 deletions
@@ -4599,17 +4599,17 @@ xmlNewReconciliedNs(xmlDocPtr doc, xmlNodePtr tree, xmlNsPtr ns) { * Let's strip namespace prefixes longer than 20 chars ! */ if (ns->prefix == NULL) - sprintf((char *) prefix, "default"); + snprintf((char *) prefix, sizeof(prefix), "default"); else - sprintf((char *) prefix, "%.20s", ns->prefix); + snprintf((char *) prefix, sizeof(prefix), "%.20s", ns->prefix); def = xmlSearchNs(doc, tree, prefix); while (def != NULL) { if (counter > 1000) return(NULL); if (ns->prefix == NULL) - sprintf((char *) prefix, "default%d", counter++); + snprintf((char *) prefix, sizeof(prefix), "default%d", counter++); else - sprintf((char *) prefix, "%.20s%d", ns->prefix, counter++); + snprintf((char *) prefix, sizeof(prefix), "%.20s%d", ns->prefix, counter++); def = xmlSearchNs(doc, tree, prefix); } |