summaryrefslogtreecommitdiff
path: root/ext
diff options
context:
space:
mode:
authorMarcus Boerger <helly@php.net>2007-02-24 16:25:58 +0000
committerMarcus Boerger <helly@php.net>2007-02-24 16:25:58 +0000
commit20a40063c51b20c1ea5f48c109b69fea3964b446 (patch)
tree24d6bf7894cc8080ff86f16eb5efef9da1cdf9c7 /ext
parent10ffce328593ddda1fb31482ec5d19ce6e02556d (diff)
downloadphp-git-20a40063c51b20c1ea5f48c109b69fea3964b446.tar.gz
- avoid sprintf
Diffstat (limited to 'ext')
-rw-r--r--ext/bcmath/libbcmath/src/output.c2
-rw-r--r--ext/bcmath/libbcmath/src/rt.c4
-rw-r--r--ext/com_dotnet/com_wrapper.c6
-rw-r--r--ext/dbase/dbf_head.c8
-rw-r--r--ext/dbase/dbf_misc.c7
-rw-r--r--ext/exif/exif.c45
-rw-r--r--ext/fbsql/php_fbsql.c4
-rw-r--r--ext/ftp/ftp.c22
-rw-r--r--ext/gd/libgd/gdtest.c8
-rw-r--r--ext/gd/libgd/webpng.c2
-rw-r--r--ext/imap/php_imap.c39
-rw-r--r--ext/interbase/ibase_blobs.c7
-rw-r--r--ext/interbase/ibase_query.c22
-rw-r--r--ext/interbase/ibase_service.c2
-rw-r--r--ext/interbase/interbase.c13
-rw-r--r--ext/mbstring/mbstring.c2
-rw-r--r--ext/mbstring/oniguruma/regposerr.c2
-rw-r--r--ext/msql/php_msql.c4
-rw-r--r--ext/mssql/php_mssql.c36
-rw-r--r--ext/mysql/php_mysql.c16
-rw-r--r--ext/mysqli/mysqli.c2
-rw-r--r--ext/mysqli/mysqli_api.c2
-rw-r--r--ext/mysqli/mysqli_prop.c18
-rw-r--r--ext/mysqli/php_mysqli.h6
-rw-r--r--ext/oci8/oci8.c6
-rw-r--r--ext/odbc/php_odbc.c13
-rw-r--r--ext/openssl/openssl.c2
-rw-r--r--ext/pcre/pcrelib/pcregrep.c17
-rw-r--r--ext/pcre/pcrelib/pcreposix.c2
-rw-r--r--ext/pdo_firebird/firebird_statement.c34
-rwxr-xr-xext/pdo_odbc/odbc_driver.c4
-rw-r--r--ext/pgsql/pgsql.c4
-rw-r--r--ext/pspell/pspell.c2
-rw-r--r--ext/session/mod_mm.c2
-rw-r--r--ext/session/session.c10
-rw-r--r--ext/skeleton/skeleton.c6
-rw-r--r--ext/soap/php_encoding.c8
-rw-r--r--ext/soap/php_http.c2
-rw-r--r--ext/soap/soap.c3
-rw-r--r--ext/standard/dns.c2
-rw-r--r--ext/standard/head.c6
-rw-r--r--ext/standard/image.c2
-rw-r--r--ext/standard/pack.c4
-rw-r--r--ext/standard/proc_open.c3
-rw-r--r--ext/standard/scanf.c2
-rw-r--r--ext/standard/string.c2
-rw-r--r--ext/standard/type.c3
-rw-r--r--ext/sybase_ct/php_sybase_ct.c13
-rw-r--r--ext/wddx/wddx.c12
-rw-r--r--ext/zip/lib/zip_close.c2
-rw-r--r--ext/zip/lib/zip_error_strerror.c8
51 files changed, 219 insertions, 234 deletions
diff --git a/ext/bcmath/libbcmath/src/output.c b/ext/bcmath/libbcmath/src/output.c
index ab49b0e366..ad4e375467 100644
--- a/ext/bcmath/libbcmath/src/output.c
+++ b/ext/bcmath/libbcmath/src/output.c
@@ -71,7 +71,7 @@ bc_out_long (val, size, space, out_char)
int len, ix;
if (space) (*out_char) (' ');
- sprintf (digits, "%ld", val);
+ snprintf(digits, sizeof(digits), "%ld", val);
len = strlen (digits);
while (size > len)
{
diff --git a/ext/bcmath/libbcmath/src/rt.c b/ext/bcmath/libbcmath/src/rt.c
index 2479104fe4..5a98b68f7e 100644
--- a/ext/bcmath/libbcmath/src/rt.c
+++ b/ext/bcmath/libbcmath/src/rt.c
@@ -45,7 +45,7 @@ void bc_rt_warn (char *mesg ,...)
char error_mesg [255];
va_start (args, mesg);
- vsprintf (error_mesg, mesg, args);
+ vsnprintf (error_mesg, sizeof(error_mesg), mesg, args);
va_end (args);
fprintf (stderr, "bc math warning: %s\n", error_mesg);
@@ -58,7 +58,7 @@ void bc_rt_error (char *mesg ,...)
char error_mesg [255];
va_start (args, mesg);
- vsprintf (error_mesg, mesg, args);
+ vsnprintf (error_mesg, sizeof(error_mesg), mesg, args);
va_end (args);
fprintf (stderr, "bc math error: %s\n", error_mesg);
diff --git a/ext/com_dotnet/com_wrapper.c b/ext/com_dotnet/com_wrapper.c
index 4cc81aa04b..b698affa22 100644
--- a/ext/com_dotnet/com_wrapper.c
+++ b/ext/com_dotnet/com_wrapper.c
@@ -74,7 +74,7 @@ static inline void trace(char *fmt, ...)
va_list ap;
char buf[4096];
- sprintf(buf, "T=%08x ", GetCurrentThreadId());
+ snprintf(buf, sizeof(buf), "T=%08x ", GetCurrentThreadId());
OutputDebugString(buf);
va_start(ap, fmt);
@@ -474,7 +474,7 @@ static void generate_dispids(php_dispatchex *disp TSRMLS_DC)
&namelen, &pid, 0, &pos))) {
char namebuf[32];
if (keytype == HASH_KEY_IS_LONG) {
- sprintf(namebuf, "%d", pid);
+ snprintf(namebuf, sizeof(namebuf), "%d", pid);
name = namebuf;
namelen = strlen(namebuf)+1;
}
@@ -506,7 +506,7 @@ static void generate_dispids(php_dispatchex *disp TSRMLS_DC)
char namebuf[32];
if (keytype == HASH_KEY_IS_LONG) {
- sprintf(namebuf, "%d", pid);
+ snprintf(namebuf, sizeof(namebuf), "%d", pid);
name = namebuf;
namelen = strlen(namebuf) + 1;
}
diff --git a/ext/dbase/dbf_head.c b/ext/dbase/dbf_head.c
index 42935c2ea4..9c9363dfbb 100644
--- a/ext/dbase/dbf_head.c
+++ b/ext/dbase/dbf_head.c
@@ -215,7 +215,7 @@ void put_dbf_info(dbhead_t *dbh)
int fcnt;
if ((cp = db_cur_date(NULL))) {
- strncpy(dbh->db_date, cp, 8);
+ strlcpy(dbh->db_date, cp, 8);
free(cp);
}
put_dbf_head(dbh);
@@ -232,16 +232,16 @@ char *get_dbf_f_fmt(dbfield_t *dbf)
/* build the field format for printf */
switch (dbf->db_type) {
case 'C':
- sprintf(format, "%%-%ds", dbf->db_flen);
+ snprintf(format, sizeof(format), "%%-%ds", dbf->db_flen);
break;
case 'N':
case 'L':
case 'D':
case 'F':
- sprintf(format, "%%%ds", dbf->db_flen);
+ snprintf(format, sizeof(format), "%%%ds", dbf->db_flen);
break;
case 'M':
- strcpy(format, "%s");
+ strlcpy(format, "%s", sizeof(format));
break;
default:
return NULL;
diff --git a/ext/dbase/dbf_misc.c b/ext/dbase/dbf_misc.c
index ad17bd4e3f..d572783964 100644
--- a/ext/dbase/dbf_misc.c
+++ b/ext/dbase/dbf_misc.c
@@ -114,12 +114,7 @@ void db_set_date(char *cp, int year, int month, int day)
month = 0;
if (day > 31)
day = 0;
- sprintf(cp, "%d", year);
- cp[4] = month / 10 + '0';
- cp[5] = month % 10 + '0';
- cp[6] = day / 10 + '0';
- cp[7] = day % 10 + '0';
- cp[8] = 0;
+ snprintf(cp, 9, "%04d%02d%02d", year, month, day);
}
int db_date_year(char *cp)
diff --git a/ext/exif/exif.c b/ext/exif/exif.c
index 3417b3d2c9..2dbd1f6551 100644
--- a/ext/exif/exif.c
+++ b/ext/exif/exif.c
@@ -1035,22 +1035,22 @@ static unsigned char* exif_char_dump(unsigned char * addr, int len, int offset)
static unsigned char tmp[20];
int c, i, p=0, n = 5+31;
- p += sprintf(buf+p, "\nDump Len: %08X (%d)", len, len);
+ p += snprintf(buf+p, sizeof(buf)-p, "\nDump Len: %08X (%d)", len, len);
if (len) {
for(i=0; i<len+15 && p+n<=sizeof(buf); i++) {
if (i%16==0) {
- p += sprintf(buf+p, "\n%08X: ", i+offset);
+ p += snprintf(buf+p, sizeof(buf)-p, "\n%08X: ", i+offset);
}
if (i<len) {
c = *addr++;
- p += sprintf(buf+p, "%02X ", c);
+ p += snprintf(buf+p, sizeof(buf)-p, "%02X ", c);
tmp[i%16] = c>=32 ? c : '.';
tmp[(i%16)+1] = '\0';
} else {
- p += sprintf(buf+p, " ");
+ p += snprintf(buf+p, sizeof(buf)-p, " ");
}
if (i%16==15) {
- p += sprintf(buf+p, " %s", tmp);
+ p += snprintf(buf+p, sizeof(buf)-p, " %s", tmp);
if (i>=len) {
break;
}
@@ -1181,44 +1181,44 @@ char * exif_dump_data(int *dump_free, int format, int components, int length, in
case TAG_FMT_UNDEFINED:
case TAG_FMT_STRING:
case TAG_FMT_SBYTE:
- dump = erealloc(dump, len + 4);
- sprintf(dump + len, "0x%02X", *value_ptr);
+ dump = erealloc(dump, len + 4 + 1);
+ snprintf(dump + len, 4 + 1, "0x%02X", *value_ptr);
len += 4;
value_ptr++;
break;
case TAG_FMT_USHORT:
case TAG_FMT_SSHORT:
- dump = erealloc(dump, len + 6);
- sprintf(dump + len, "0x%04X", php_ifd_get16s(value_ptr, motorola_intel));
+ dump = erealloc(dump, len + 6 + 1);
+ snprintf(dump + len, 6 + 1, "0x%04X", php_ifd_get16s(value_ptr, motorola_intel));
len += 6;
value_ptr += 2;
break;
case TAG_FMT_ULONG:
case TAG_FMT_SLONG:
- dump = erealloc(dump, len + 6);
- sprintf(dump + len, "0x%04X", php_ifd_get32s(value_ptr, motorola_intel));
+ dump = erealloc(dump, len + 6 + 1);
+ snprintf(dump + len, 6 + 1, "0x%04X", php_ifd_get32s(value_ptr, motorola_intel));
len += 6;
value_ptr += 4;
break;
case TAG_FMT_URATIONAL:
case TAG_FMT_SRATIONAL:
- dump = erealloc(dump, len + 13);
- sprintf(dump + len, "0x%04X/0x%04X", php_ifd_get32s(value_ptr, motorola_intel), php_ifd_get32s(value_ptr+4, motorola_intel));
+ dump = erealloc(dump, len + 13 + 1);
+ snprintf(dump + len, 13 + 1, "0x%04X/0x%04X", php_ifd_get32s(value_ptr, motorola_intel), php_ifd_get32s(value_ptr+4, motorola_intel));
len += 13;
value_ptr += 8;
break;
}
if (components > 0) {
- dump = erealloc(dump, len + 2);
- sprintf(dump + len, ", ");
+ dump = erealloc(dump, len + 2 + 1);
+ snprintf(dump + len, 2 + 1, ", ");
len += 2;
components--;
} else{
break;
}
}
- dump = erealloc(dump, len + 2);
- sprintf(dump + len, "}");
+ dump = erealloc(dump, len + 1 + 1);
+ snprintf(dump + len, 1 + 1, "}");
return dump;
}
/* }}} */
@@ -1448,18 +1448,18 @@ static tag_table_type exif_get_tag_table(int section)
*/
static char *exif_get_sectionlist(int sectionlist TSRMLS_DC)
{
- int i, len=0;
+ int i, len, ml = 0;
char *sections;
for(i=0; i<SECTION_COUNT; i++) {
- len += strlen(exif_get_sectionname(i))+2;
+ ml += strlen(exif_get_sectionname(i))+2;
}
- sections = safe_emalloc(len, 1, 1);
+ sections = safe_emalloc(ml, 1, 1);
sections[0] = '\0';
len = 0;
for(i=0; i<SECTION_COUNT; i++) {
if (sectionlist&(1<<i)) {
- sprintf(sections+len, "%s, ", exif_get_sectionname(i));
+ snprintf(sections+len, ml-len, "%s, ", exif_get_sectionname(i));
len = strlen(sections);
}
}
@@ -3891,8 +3891,7 @@ PHP_FUNCTION(exif_read_data)
if(ac >= 2) {
convert_to_string_ex(p_sections_needed);
- sections_str = safe_emalloc(strlen(Z_STRVAL_PP(p_sections_needed)), 1, 3);
- sprintf(sections_str, ",%s,", Z_STRVAL_PP(p_sections_needed));
+ spprintf(&sections_str, 0, ",%s,", Z_STRVAL_PP(p_sections_needed));
/* sections_str DOES start with , and SPACES are NOT allowed in names */
s = sections_str;
while(*++s) {
diff --git a/ext/fbsql/php_fbsql.c b/ext/fbsql/php_fbsql.c
index c712b2873a..b4902311ad 100644
--- a/ext/fbsql/php_fbsql.c
+++ b/ext/fbsql/php_fbsql.c
@@ -851,7 +851,7 @@ PHP_MINFO_FUNCTION(fbsql)
php_info_print_table_row(2, "Active Links", buf);
/*
- sprintf(buf, "%ld", FB_SQL_G(resultCount));
+ snprintf(buf, sizeof(buf), "%ld", FB_SQL_G(resultCount));
php_info_print_table_row(2, "Active Results", buf);
*/
@@ -2944,7 +2944,7 @@ void phpfbColumnAsString(PHPFBResult* result, int column, void* data , int* leng
for (i = 0; i < nBits / 8; i++)
{
char c[4];
- sprintf(c, "%02x", ptr->bytes[i]);
+ snprintf(c, sizeof(c), "%02x", ptr->bytes[i]);
r[i*2+2] = c[0];
r[i*2+3] = c[1];
}
diff --git a/ext/ftp/ftp.c b/ext/ftp/ftp.c
index fddebab2d1..b2166f1bec 100644
--- a/ext/ftp/ftp.c
+++ b/ext/ftp/ftp.c
@@ -586,11 +586,7 @@ ftp_chmod(ftpbuf_t *ftp, const int mode, const char *filename, const int filenam
return 0;
}
- if (!(buffer = emalloc(32 + filename_len + 1))) {
- return 0;
- }
-
- sprintf(buffer, "CHMOD %o %s", mode, filename);
+ spprintf(&buffer, 0, "CHMOD %o %s", mode, filename);
if (!ftp_putcmd(ftp, "SITE", buffer)) {
efree(buffer);
@@ -810,7 +806,7 @@ ftp_get(ftpbuf_t *ftp, php_stream *outstream, const char *path, ftptype_t type,
php_error_docref(NULL TSRMLS_CC, E_WARNING, "PHP cannot handle files greater than 2147483647 bytes");
goto bail;
}
- sprintf(arg, "%u", resumepos);
+ snprintf(arg, sizeof(arg), "%u", resumepos);
if (!ftp_putcmd(ftp, "REST", arg)) {
goto bail;
}
@@ -907,7 +903,7 @@ ftp_put(ftpbuf_t *ftp, const char *path, php_stream *instream, ftptype_t type, i
php_error_docref(NULL TSRMLS_CC, E_WARNING, "PHP cannot handle files with a size greater than 2147483647 bytes");
goto bail;
}
- sprintf(arg, "%u", startpos);
+ snprintf(arg, sizeof(arg), "%u", startpos);
if (!ftp_putcmd(ftp, "REST", arg)) {
goto bail;
}
@@ -1106,13 +1102,13 @@ ftp_putcmd(ftpbuf_t *ftp, const char *cmd, const char *args)
if (strlen(cmd) + strlen(args) + 4 > FTP_BUFSIZE) {
return 0;
}
- size = sprintf(ftp->outbuf, "%s %s\r\n", cmd, args);
+ size = snprintf(ftp->outbuf, sizeof(ftp->outbuf), "%s %s\r\n", cmd, args);
} else {
/* "cmd\r\n\0" */
if (strlen(cmd) + 3 > FTP_BUFSIZE) {
return 0;
}
- size = sprintf(ftp->outbuf, "%s\r\n", cmd);
+ size = snprintf(ftp->outbuf, sizeof(ftp->outbuf), "%s\r\n", cmd);
}
data = ftp->outbuf;
@@ -1438,7 +1434,7 @@ ftp_getdata(ftpbuf_t *ftp TSRMLS_DC)
char eprtarg[INET6_ADDRSTRLEN + sizeof("|x||xxxxx|")];
char out[INET6_ADDRSTRLEN];
inet_ntop(AF_INET6, &((struct sockaddr_in6*) sa)->sin6_addr, out, sizeof(out));
- sprintf(eprtarg, "|2|%s|%hu|", out, ntohs(((struct sockaddr_in6 *) &addr)->sin6_port));
+ snprintf(eprtarg, sizeof(eprtarg), "|2|%s|%hu|", out, ntohs(((struct sockaddr_in6 *) &addr)->sin6_port));
if (!ftp_putcmd(ftp, "EPRT", eprtarg)) {
goto bail;
@@ -1456,7 +1452,7 @@ ftp_getdata(ftpbuf_t *ftp TSRMLS_DC)
/* send the PORT */
ipbox.ia[0] = ((struct sockaddr_in*) sa)->sin_addr;
ipbox.s[2] = ((struct sockaddr_in*) &addr)->sin_port;
- sprintf(arg, "%u,%u,%u,%u,%u,%u", ipbox.c[0], ipbox.c[1], ipbox.c[2], ipbox.c[3], ipbox.c[4], ipbox.c[5]);
+ snprintf(arg, sizeof(arg), "%u,%u,%u,%u,%u,%u", ipbox.c[0], ipbox.c[1], ipbox.c[2], ipbox.c[3], ipbox.c[4], ipbox.c[5]);
if (!ftp_putcmd(ftp, "PORT", arg)) {
goto bail;
@@ -1713,7 +1709,7 @@ ftp_nb_get(ftpbuf_t *ftp, php_stream *outstream, const char *path, ftptype_t typ
php_error_docref(NULL TSRMLS_CC, E_WARNING, "PHP cannot handle files greater than 2147483648 bytes");
goto bail;
}
- sprintf(arg, "%u", resumepos);
+ snprintf(arg, sizeof(arg), "%u", resumepos);
if (!ftp_putcmd(ftp, "REST", arg)) {
goto bail;
}
@@ -1831,7 +1827,7 @@ ftp_nb_put(ftpbuf_t *ftp, const char *path, php_stream *instream, ftptype_t type
php_error_docref(NULL TSRMLS_CC, E_WARNING, "PHP cannot handle files with a size greater than 2147483647 bytes");
goto bail;
}
- sprintf(arg, "%u", startpos);
+ snprintf(arg, sizeof(arg), "%u", startpos);
if (!ftp_putcmd(ftp, "REST", arg)) {
goto bail;
}
diff --git a/ext/gd/libgd/gdtest.c b/ext/gd/libgd/gdtest.c
index f4300bb3fd..24b7503864 100644
--- a/ext/gd/libgd/gdtest.c
+++ b/ext/gd/libgd/gdtest.c
@@ -56,7 +56,7 @@ main (int argc, char **argv)
/* */
/* Send to PNG File then Ptr */
/* */
- sprintf (of, "%s.png", argv[1]);
+ snprintf (of, sizeof(of), "%s.png", argv[1]);
out = fopen (of, "wb");
gdImagePng (im, out);
fclose (out);
@@ -88,7 +88,7 @@ main (int argc, char **argv)
/* */
/* Send to GD2 File then Ptr */
/* */
- sprintf (of, "%s.gd2", argv[1]);
+ snprintf (of, sizeof(of), "%s.gd2", argv[1]);
out = fopen (of, "wb");
gdImageGd2 (im, out, 128, 2);
fclose (out);
@@ -123,7 +123,7 @@ main (int argc, char **argv)
/* */
/* Send to GD File then Ptr */
/* */
- sprintf (of, "%s.gd", argv[1]);
+ snprintf (of, sizeof(of), "%s.gd", argv[1]);
out = fopen (of, "wb");
gdImageGd (im, out);
fclose (out);
@@ -180,7 +180,7 @@ main (int argc, char **argv)
** Test gdImagePngToSink'
* */
- sprintf (of, "%s.snk", argv[1]);
+ snprintf (of, sizeof(of), "%s.snk", argv[1]);
out = fopen (of, "wb");
imgsnk.sink = fwriteWrapper;
imgsnk.context = out;
diff --git a/ext/gd/libgd/webpng.c b/ext/gd/libgd/webpng.c
index 81a00e749c..c01dd82f23 100644
--- a/ext/gd/libgd/webpng.c
+++ b/ext/gd/libgd/webpng.c
@@ -252,7 +252,7 @@ usage:
/* Open a temporary file. */
/* "temp.tmp" is not good temporary filename. */
- sprintf (outFn, "webpng.tmp%d", getpid ());
+ snprintf (outFn, sizeof(outFn), "webpng.tmp%d", getpid ());
out = fopen (outFn, "wb");
if (!out)
diff --git a/ext/imap/php_imap.c b/ext/imap/php_imap.c
index 38d6f839b6..841ef49fcd 100644
--- a/ext/imap/php_imap.c
+++ b/ext/imap/php_imap.c
@@ -1169,7 +1169,7 @@ PHP_FUNCTION(imap_headers)
tmp[3] = cache->answered ? 'A' : ' ';
tmp[4] = cache->deleted ? 'D' : ' ';
tmp[5] = cache->draft ? 'X' : ' ';
- sprintf(tmp + 6, "%4ld) ", cache->msgno);
+ snprintf(tmp + 6, sizeof(tmp) - 6, "%4ld) ", cache->msgno);
mail_date(tmp+11, cache);
tmp[22] = ' ';
tmp[23] = '\0';
@@ -1621,13 +1621,13 @@ PHP_FUNCTION(imap_headerinfo)
add_property_string(return_value, "Deleted", cache->deleted ? "D" : " ", 1);
add_property_string(return_value, "Draft", cache->draft ? "X" : " ", 1);
- sprintf(dummy, "%4ld", cache->msgno);
+ snprintf(dummy, sizeof(dummy), "%4ld", cache->msgno);
add_property_string(return_value, "Msgno", dummy, 1);
mail_date(dummy, cache);
add_property_string(return_value, "MailDate", dummy, 1);
- sprintf(dummy, "%ld", cache->rfc822_size);
+ snprintf(dummy, sizeof(dummy), "%ld", cache->rfc822_size);
add_property_string(return_value, "Size", dummy, 1);
add_property_long(return_value, "udate", mail_longdate(cache));
@@ -3371,7 +3371,8 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char *
char *tsm_errmsg = NULL;
ADDRESS *addr;
char *bufferTo = NULL, *bufferCc = NULL, *bufferBcc = NULL, *bufferHeader = NULL;
- int offset, bufferLen = 0;;
+ int offset, bufferLen = 0;
+ size_t bt_len;
if (headers) {
bufferLen += strlen(headers);
@@ -3393,7 +3394,9 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char *
strlcat(bufferHeader, to, bufferLen + 1);
strlcat(bufferHeader, "\r\n", bufferLen + 1);
tempMailTo = estrdup(to);
- bufferTo = (char *)emalloc(strlen(to) + 1);
+ bt_len = strlen(to);
+ bufferTo = (char *)safe_emalloc(bt_len, 1, 1);
+ bt_len++;
offset = 0;
addr = NULL;
rfc822_parse_adrlist(&addr, tempMailTo, NULL);
@@ -3401,7 +3404,11 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char *
if (strcmp(addr->host, ERRHOST) == 0) {
PHP_IMAP_BAD_DEST;
} else {
- offset += sprintf(bufferTo + offset, "%s@%s,", addr->mailbox, addr->host);
+ bufferTo = safe_erealloc(bufferTo, bt_len, 1, strlen(addr->mailbox));
+ bt_len += strlen(addr->mailbox);
+ bufferTo = safe_erealloc(bufferTo, bt_len, 1, strlen(addr->host));
+ bt_len += strlen(addr->host);
+ offset += snprintf(bufferTo + offset, bt_len - offset, "%s@%s,", addr->mailbox, addr->host);
}
addr = addr->next;
}
@@ -3416,7 +3423,9 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char *
strlcat(bufferHeader, cc, bufferLen + 1);
strlcat(bufferHeader, "\r\n", bufferLen + 1);
tempMailTo = estrdup(cc);
- bufferCc = (char *)emalloc(strlen(cc) + 1);
+ bt_len = strlen(cc);
+ bufferCc = (char *)safe_emalloc(bt_len, 1, 1);
+ bt_len++;
offset = 0;
addr = NULL;
rfc822_parse_adrlist(&addr, tempMailTo, NULL);
@@ -3424,7 +3433,11 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char *
if (strcmp(addr->host, ERRHOST) == 0) {
PHP_IMAP_BAD_DEST;
} else {
- offset += sprintf(bufferCc + offset, "%s@%s,", addr->mailbox, addr->host);
+ bufferCc = safe_erealloc(bufferCc, bt_len, 1, strlen(addr->mailbox));
+ bt_len += strlen(addr->mailbox);
+ bufferCc = safe_erealloc(bufferCc, bt_len, 1, strlen(addr->host));
+ bt_len += strlen(addr->host);
+ offset += snprintf(bufferCc + offset, bt_len - offset, "%s@%s,", addr->mailbox, addr->host);
}
addr = addr->next;
}
@@ -3436,7 +3449,9 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char *
if (bcc && *bcc) {
tempMailTo = estrdup(bcc);
- bufferBcc = (char *)emalloc(strlen(bcc) + 1);
+ bt_len = strlen(bcc);
+ bufferBcc = (char *)safe_emalloc(bt_len, 1, 1);
+ bt_len++;
offset = 0;
addr = NULL;
rfc822_parse_adrlist(&addr, tempMailTo, NULL);
@@ -3444,7 +3459,11 @@ int _php_imap_mail(char *to, char *subject, char *message, char *headers, char *
if (strcmp(addr->host, ERRHOST) == 0) {
PHP_IMAP_BAD_DEST;
} else {
- offset += sprintf(bufferBcc + offset, "%s@%s,", addr->mailbox, addr->host);
+ bufferBcc = safe_erealloc(bufferBcc, bt_len, 1, strlen(addr->mailbox));
+ bt_len += strlen(addr->mailbox);
+ bufferBcc = safe_erealloc(bufferBcc, bt_len, 1, strlen(addr->host));
+ bt_len += strlen(addr->host);
+ offset += snprintf(bufferBcc + offset, bt_len - offset, "%s@%s,", addr->mailbox, addr->host);
}
addr = addr->next;
}
diff --git a/ext/interbase/ibase_blobs.c b/ext/interbase/ibase_blobs.c
index d622359c9d..4625281a11 100644
--- a/ext/interbase/ibase_blobs.c
+++ b/ext/interbase/ibase_blobs.c
@@ -74,16 +74,15 @@ int _php_ibase_string_to_quad(char const *id, ISC_QUAD *qd) /* {{{ */
char *_php_ibase_quad_to_string(ISC_QUAD const qd) /* {{{ */
{
- char *result = (char *) emalloc(BLOB_ID_LEN+1);
+ char *result;
/* shortcut for most common case */
if (sizeof(ISC_QUAD) == sizeof(ISC_UINT64)) {
- sprintf(result, "0x%0*" LL_MASK "x", 16, *(ISC_UINT64*)(void *) &qd);
+ spprintf(&result, BLOB_ID_LEN+1, "0x%0*" LL_MASK "x", 16, *(ISC_UINT64*)(void *) &qd);
} else {
ISC_UINT64 res = ((ISC_UINT64) qd.gds_quad_high << 0x20) | qd.gds_quad_low;
- sprintf(result, "0x%0*" LL_MASK "x", 16, res);
+ spprintf(&result, BLOB_ID_LEN+1, "0x%0*" LL_MASK "x", 16, res);
}
- result[BLOB_ID_LEN] = '\0';
return result;
}
/* }}} */
diff --git a/ext/interbase/ibase_query.c b/ext/interbase/ibase_query.c
index 4b32a57eb4..52ac1abb3b 100644
--- a/ext/interbase/ibase_query.c
+++ b/ext/interbase/ibase_query.c
@@ -1312,17 +1312,17 @@ static int _php_ibase_var_zval(zval *val, void *data, int type, int len, /* {{{
goto _sql_long;
#else
if (scale == 0) {
- l = sprintf(string_data, "%" LL_MASK "d", *(ISC_INT64 *) data);
+ l = snprintf(string_data, sizeof(string_data), "%" LL_MASK "d", *(ISC_INT64 *) data);
ZVAL_STRINGL(val,string_data,l,1);
} else {
ISC_INT64 n = *(ISC_INT64 *) data, f = scales[-scale];
if (n >= 0) {
- l = sprintf(string_data, "%" LL_MASK "d.%0*" LL_MASK "d", n / f, -scale, n % f);
+ l = snprintf(string_data, sizeof(string_data), "%" LL_MASK "d.%0*" LL_MASK "d", n / f, -scale, n % f);
} else if (n <= -f) {
- l = sprintf(string_data, "%" LL_MASK "d.%0*" LL_MASK "d", n / f, -scale, -n % f);
+ l = snprintf(string_data, sizeof(string_data), "%" LL_MASK "d.%0*" LL_MASK "d", n / f, -scale, -n % f);
} else {
- l = sprintf(string_data, "-0.%0*" LL_MASK "d", -scale, -n % f);
+ l = snprintf(string_data, sizeof(string_data), "-0.%0*" LL_MASK "d", -scale, -n % f);
}
ZVAL_STRINGL(val,string_data,l,1);
}
@@ -1337,11 +1337,11 @@ static int _php_ibase_var_zval(zval *val, void *data, int type, int len, /* {{{
long f = (long) scales[-scale];
if (n >= 0) {
- l = sprintf(string_data, "%ld.%0*ld", n / f, -scale, n % f);
+ l = snprintf(string_data, sizeof(string_data), "%ld.%0*ld", n / f, -scale, n % f);
} else if (n <= -f) {
- l = sprintf(string_data, "%ld.%0*ld", n / f, -scale, -n % f);
+ l = snprintf(string_data, sizeof(string_data), "%ld.%0*ld", n / f, -scale, -n % f);
} else {
- l = sprintf(string_data, "-0.%0*ld", -scale, -n % f);
+ l = snprintf(string_data, sizeof(string_data), "-0.%0*ld", -scale, -n % f);
}
ZVAL_STRINGL(val,string_data,l,1);
}
@@ -1381,14 +1381,14 @@ format_date_time:
#else
switch (type & ~1) {
default:
- l = sprintf(string_data, "%02d/%02d/%4d %02d:%02d:%02d", t.tm_mon+1, t.tm_mday,
+ l = snprintf(string_data, sizeof(string_data), "%02d/%02d/%4d %02d:%02d:%02d", t.tm_mon+1, t.tm_mday,
t.tm_year + 1900, t.tm_hour, t.tm_min, t.tm_sec);
break;
case SQL_TYPE_DATE:
- l = sprintf(string_data, "%02d/%02d/%4d", t.tm_mon + 1, t.tm_mday, t.tm_year+1900);
+ l = snprintf(string_data, sizeof(string_data), "%02d/%02d/%4d", t.tm_mon + 1, t.tm_mday, t.tm_year+1900);
break;
case SQL_TYPE_TIME:
- l = sprintf(string_data, "%02d:%02d:%02d", t.tm_hour, t.tm_min, t.tm_sec);
+ l = snprintf(string_data, sizeof(string_data), "%02d:%02d:%02d", t.tm_hour, t.tm_min, t.tm_sec);
break;
}
#endif
@@ -1520,7 +1520,7 @@ static void _php_ibase_fetch_hash(INTERNAL_FUNCTION_PARAMETERS, int fetch_type)
Z_ARRVAL_P(return_value),alias,strlen(alias)+1,&p)) {
case '\0':
- sprintf(alias = buf, "%s_%02d", base, i++);
+ snprintf(alias = buf, sizeof(buf), "%s_%02d", base, i++);
}
}
}
diff --git a/ext/interbase/ibase_service.c b/ext/interbase/ibase_service.c
index 4d610aa6ee..4ddb74e0d6 100644
--- a/ext/interbase/ibase_service.c
+++ b/ext/interbase/ibase_service.c
@@ -322,7 +322,7 @@ query_loop:
heap_p = heap_buf + res_size;
}
result += 2;
- sprintf(heap_p, "%s\n", result);
+ snprintf(heap_p, sizeof(heap_buf_size), "%s\n", result);
heap_p += line_len +2;
goto query_loop; /* repeat until result is exhausted */
diff --git a/ext/interbase/interbase.c b/ext/interbase/interbase.c
index 63d09e0eb3..a040cc6845 100644
--- a/ext/interbase/interbase.c
+++ b/ext/interbase/interbase.c
@@ -542,7 +542,7 @@ PHP_MINFO_FUNCTION(ibase)
#endif
#ifdef FB_API_VER
- sprintf( (s = tmp), "Firebird API version %d", FB_API_VER);
+ snprintf( (s = tmp), sizeof(tmp), "Firebird API version %d", FB_API_VER);
#elif (SQLDA_CURRENT_VERSION > 1)
s = "Interbase 7.0 and up";
#elif !defined(DSC_null)
@@ -607,7 +607,7 @@ int _php_ibase_attach_db(char **args, int *len, long *largs, isc_db_handle *db T
buf_len -= dpb_len;
}
if (largs[SYNC] && buf_len > 0) {
- dpb_len = sprintf(dpb, buf_len, "%c\1%c", isc_dpb_force_write, largs[SYNC] == isc_spb_prp_wm_sync ? 1 : 0);
+ dpb_len = snprintf(dpb, buf_len, "%c\1%c", isc_dpb_force_write, largs[SYNC] == isc_spb_prp_wm_sync ? 1 : 0);
dpb += dpb_len;
buf_len -= dpb_len;
}
@@ -1170,7 +1170,7 @@ PHP_FUNCTION(ibase_gen_id)
PHP_IBASE_LINK_TRANS(link, ib_link, trans);
- sprintf(query, "SELECT GEN_ID(%s,%ld) FROM rdb$database", generator, inc);
+ snprintf(query, sizeof(query), "SELECT GEN_ID(%s,%ld) FROM rdb$database", generator, inc);
/* allocate a minimal descriptor area */
out_sqlda.sqln = out_sqlda.sqld = 1;
@@ -1192,10 +1192,11 @@ PHP_FUNCTION(ibase_gen_id)
/* don't return the generator value as a string unless it doesn't fit in a long */
#if SIZEOF_LONG < 8
if (result < LONG_MIN || result > LONG_MAX) {
- char res[24];
+ char *res;
+ int l
- sprintf(res, "%" LL_MASK "d", result);
- RETURN_STRING(res,1);
+ l = spprintf(&res, 0, "%" LL_MASK "d", result);
+ RETURN_STRINGL(res, l, 0);
}
#endif
RETURN_LONG((long)result);
diff --git a/ext/mbstring/mbstring.c b/ext/mbstring/mbstring.c
index be95046cb9..536b5797ba 100644
--- a/ext/mbstring/mbstring.c
+++ b/ext/mbstring/mbstring.c
@@ -1052,7 +1052,7 @@ PHP_MINFO_FUNCTION(mbstring)
{
char buf[32];
php_info_print_table_row(2, "Multibyte (japanese) regex support", "enabled");
- sprintf(buf, "%d.%d.%d",
+ snprintf(buf, sizeof(buf), "%d.%d.%d",
ONIGURUMA_VERSION_MAJOR,ONIGURUMA_VERSION_MINOR,ONIGURUMA_VERSION_TEENY);
php_info_print_table_row(2, "Multibyte regex (oniguruma) version", buf);
}
diff --git a/ext/mbstring/oniguruma/regposerr.c b/ext/mbstring/oniguruma/regposerr.c
index e54b5c4089..26f89f223f 100644
--- a/ext/mbstring/oniguruma/regposerr.c
+++ b/ext/mbstring/oniguruma/regposerr.c
@@ -76,7 +76,7 @@ regerror(int posix_ecode, const regex_t* reg, char* buf, size_t size)
s = "";
}
else {
- sprintf(tbuf, "undefined error code (%d)", posix_ecode);
+ snprintf(tbuf, sizeof(tbuf), "undefined error code (%d)", posix_ecode);
s = tbuf;
}
diff --git a/ext/msql/php_msql.c b/ext/msql/php_msql.c
index 6339bcd6d6..e8d59838f9 100644
--- a/ext/msql/php_msql.c
+++ b/ext/msql/php_msql.c
@@ -250,9 +250,7 @@ static void php_msql_do_connect(INTERNAL_FUNCTION_PARAMETERS,int persistent)
}
convert_to_string(yyhost);
host = Z_STRVAL_P(yyhost);
- hashed_details_length = Z_STRLEN_P(yyhost)+4+1;
- hashed_details = emalloc(hashed_details_length+1);
- sprintf(hashed_details,"msql_%s",Z_STRVAL_P(yyhost)); /* SAFE */
+ hashed_details_length = spprintf(&hashed_details, 0, "msql_%s",Z_STRVAL_P(yyhost));
}
break;
default:
diff --git a/ext/mssql/php_mssql.c b/ext/mssql/php_mssql.c
index 6d62af0b1a..95329cd60f 100644
--- a/ext/mssql/php_mssql.c
+++ b/ext/mssql/php_mssql.c
@@ -373,9 +373,9 @@ PHP_MINFO_FUNCTION(mssql)
php_info_print_table_start();
php_info_print_table_header(2, "MSSQL Support", "enabled");
- sprintf(buf, "%ld", MS_SQL_G(num_persistent));
+ snprintf(buf, sizeof(buf), "%ld", MS_SQL_G(num_persistent));
php_info_print_table_row(2, "Active Persistent Links", buf);
- sprintf(buf, "%ld", MS_SQL_G(num_links));
+ snprintf(buf, sizeof(buf), "%ld", MS_SQL_G(num_links));
php_info_print_table_row(2, "Active Links", buf);
php_info_print_table_row(2, "Library version", MSSQL_VERSION);
@@ -391,7 +391,7 @@ static void php_mssql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
char *hashed_details;
int hashed_details_length, new_link = 0;
mssql_link mssql, *mssql_ptr;
- char buffer[32];
+ char buffer[40];
switch(ZEND_NUM_ARGS()) {
case 0: /* defaults */
@@ -409,9 +409,7 @@ static void php_mssql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
convert_to_string_ex(yyhost);
host = Z_STRVAL_PP(yyhost);
user=passwd=NULL;
- hashed_details_length = Z_STRLEN_PP(yyhost)+5+3;
- hashed_details = (char *) emalloc(hashed_details_length+1);
- sprintf(hashed_details,"mssql_%s__",Z_STRVAL_PP(yyhost));
+ hashed_details_length = spprintf(&hashed_details, 0, "mssql_%s__", Z_STRVAL_PP(yyhost));
}
break;
case 2: {
@@ -425,9 +423,7 @@ static void php_mssql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
host = Z_STRVAL_PP(yyhost);
user = Z_STRVAL_PP(yyuser);
passwd=NULL;
- hashed_details_length = Z_STRLEN_PP(yyhost)+Z_STRLEN_PP(yyuser)+5+3;
- hashed_details = (char *) emalloc(hashed_details_length+1);
- sprintf(hashed_details,"mssql_%s_%s_",Z_STRVAL_PP(yyhost),Z_STRVAL_PP(yyuser));
+ hashed_details_length = spprintf(&hashed_details, 0, "mssql_%s_%s_",Z_STRVAL_PP(yyhost),Z_STRVAL_PP(yyuser));
}
break;
case 3: {
@@ -442,9 +438,7 @@ static void php_mssql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
host = Z_STRVAL_PP(yyhost);
user = Z_STRVAL_PP(yyuser);
passwd = Z_STRVAL_PP(yypasswd);
- hashed_details_length = Z_STRLEN_PP(yyhost)+Z_STRLEN_PP(yyuser)+Z_STRLEN_PP(yypasswd)+5+3;
- hashed_details = (char *) emalloc(hashed_details_length+1);
- sprintf(hashed_details,"mssql_%s_%s_%s",Z_STRVAL_PP(yyhost),Z_STRVAL_PP(yyuser),Z_STRVAL_PP(yypasswd)); /* SAFE */
+ hashed_details_length = spprintf(&hashed_details,0,"mssql_%s_%s_%s",Z_STRVAL_PP(yyhost),Z_STRVAL_PP(yyuser),Z_STRVAL_PP(yypasswd));
}
break;
case 4: {
@@ -461,9 +455,7 @@ static void php_mssql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
user = Z_STRVAL_PP(yyuser);
passwd = Z_STRVAL_PP(yypasswd);
new_link = Z_LVAL_PP(yynew_link);
- hashed_details_length = Z_STRLEN_PP(yyhost)+Z_STRLEN_PP(yyuser)+Z_STRLEN_PP(yypasswd)+5+3;
- hashed_details = (char *) emalloc(hashed_details_length+1);
- sprintf(hashed_details,"mssql_%s_%s_%s",Z_STRVAL_PP(yyhost),Z_STRVAL_PP(yyuser),Z_STRVAL_PP(yypasswd)); /* SAFE */
+ hashed_details_length = spprintf(&hashed_details,0,"mssql_%s_%s_%s",Z_STRVAL_PP(yyhost),Z_STRVAL_PP(yyuser),Z_STRVAL_PP(yypasswd));
}
break;
default:
@@ -554,7 +546,7 @@ static void php_mssql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
#ifndef HAVE_FREETDS
if (MS_SQL_G(textlimit) != -1) {
- sprintf(buffer, "%li", MS_SQL_G(textlimit));
+ snprintf(buffer, sizeof(buffer), "%li", MS_SQL_G(textlimit));
if (DBSETOPT(mssql.link, DBTEXTLIMIT, buffer)==FAIL) {
efree(hashed_details);
dbfreelogin(mssql.login);
@@ -564,7 +556,7 @@ static void php_mssql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
}
#endif
if (MS_SQL_G(textsize) != -1) {
- sprintf(buffer, "SET TEXTSIZE %li", MS_SQL_G(textsize));
+ snprintf(buffer, sizeof(buffer), "SET TEXTSIZE %li", MS_SQL_G(textsize));
dbcmd(mssql.link, buffer);
dbsqlexec(mssql.link);
dbresults(mssql.link);
@@ -681,7 +673,7 @@ static void php_mssql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
#ifndef HAVE_FREETDS
if (MS_SQL_G(textlimit) != -1) {
- sprintf(buffer, "%li", MS_SQL_G(textlimit));
+ snprintf(buffer, sizeof(buffer), "%li", MS_SQL_G(textlimit));
if (DBSETOPT(mssql.link, DBTEXTLIMIT, buffer)==FAIL) {
efree(hashed_details);
dbfreelogin(mssql.login);
@@ -691,7 +683,7 @@ static void php_mssql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
}
#endif
if (MS_SQL_G(textsize) != -1) {
- sprintf(buffer, "SET TEXTSIZE %li", MS_SQL_G(textsize));
+ snprintf(buffer, sizeof(buffer), "SET TEXTSIZE %li", MS_SQL_G(textsize));
dbcmd(mssql.link, buffer);
dbsqlexec(mssql.link);
dbresults(mssql.link);
@@ -929,8 +921,7 @@ static void php_mssql_get_column_content_with_type(mssql_link *mssql_ptr,int off
}
res_length = 19;
- res_buf = (unsigned char *) emalloc(res_length+1);
- sprintf(res_buf, "%d-%02d-%02d %02d:%02d:%02d" , dateinfo.year, dateinfo.month, dateinfo.day, dateinfo.hour, dateinfo.minute, dateinfo.second);
+ spprintf(&res_buf, 0, "%d-%02d-%02d %02d:%02d:%02d" , dateinfo.year, dateinfo.month, dateinfo.day, dateinfo.hour, dateinfo.minute, dateinfo.second);
}
ZVAL_STRINGL(result, res_buf, res_length, 0);
@@ -999,8 +990,7 @@ static void php_mssql_get_column_content_without_type(mssql_link *mssql_ptr,int
}
res_length = 19;
- res_buf = (unsigned char *) emalloc(res_length+1);
- sprintf(res_buf, "%d-%02d-%02d %02d:%02d:%02d" , dateinfo.year, dateinfo.month, dateinfo.day, dateinfo.hour, dateinfo.minute, dateinfo.second);
+ spprintf(&res_buf, 0, "%d-%02d-%02d %02d:%02d:%02d" , dateinfo.year, dateinfo.month, dateinfo.day, dateinfo.hour, dateinfo.minute, dateinfo.second);
}
ZVAL_STRINGL(result, res_buf, res_length, 0);
diff --git a/ext/mysql/php_mysql.c b/ext/mysql/php_mysql.c
index 6adb72454b..636e80ef1b 100644
--- a/ext/mysql/php_mysql.c
+++ b/ext/mysql/php_mysql.c
@@ -441,9 +441,9 @@ PHP_MINFO_FUNCTION(mysql)
php_info_print_table_start();
php_info_print_table_header(2, "MySQL Support", "enabled");
- sprintf(buf, "%ld", MySG(num_persistent));
+ snprintf(buf, sizeof(buf), "%ld", MySG(num_persistent));
php_info_print_table_row(2, "Active Persistent Links", buf);
- sprintf(buf, "%ld", MySG(num_links));
+ snprintf(buf, sizeof(buf), "%ld", MySG(num_links));
php_info_print_table_row(2, "Active Links", buf);
php_info_print_table_row(2, "Client API version", mysql_get_client_info());
#if !defined (PHP_WIN32) && !defined (NETWARE)
@@ -513,9 +513,7 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
}
host_and_port=passwd=NULL;
user=php_get_current_user();
- hashed_details_length = strlen(user)+5+3;
- hashed_details = (char *) emalloc(hashed_details_length+1);
- sprintf(hashed_details, "mysql__%s_", user);
+ hashed_details_length = spprintf(&hashed_details, 0, "mysql__%s_", user);
client_flags = CLIENT_INTERACTIVE;
} else {
host_and_port = MySG(default_host);
@@ -538,9 +536,7 @@ static void php_mysql_do_connect(INTERNAL_FUNCTION_PARAMETERS, int persistent)
client_flags ^= CLIENT_LOCAL_FILES;
}
- hashed_details_length = sizeof("mysql___")-1 + strlen(SAFE_STRING(host_and_port))+strlen(SAFE_STRING(user))+strlen(SAFE_STRING(passwd));
- hashed_details = (char *) emalloc(hashed_details_length+1);
- sprintf(hashed_details, "mysql_%s_%s_%s", SAFE_STRING(host_and_port), SAFE_STRING(user), SAFE_STRING(passwd));
+ hashed_details_length = spprintf(&hashed_details, 0, "mysql_%s_%s_%s", SAFE_STRING(host_and_port), SAFE_STRING(user), SAFE_STRING(passwd));
}
/* We cannot use mysql_port anymore in windows, need to use
@@ -1137,8 +1133,8 @@ static void php_mysql_do_query_general(char *query, zval **mysql_link, int link_
if (!strncasecmp("select", query, 6)){
MYSQL_ROW row;
- char *newquery = (char *)emalloc(strlen(query) + 10);
- sprintf ((char *)newquery, "EXPLAIN %s", query);
+ char *newquery;
+ spprintf(&newquery, 0, "EXPLAIN %s", query);
mysql_real_query(&mysql->conn, newquery, strlen(newquery));
efree (newquery);
if (mysql_errno(&mysql->conn)) {
diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
index bf0c902a68..2656432757 100644
--- a/ext/mysqli/mysqli.c
+++ b/ext/mysqli/mysqli.c
@@ -1058,7 +1058,7 @@ int php_local_infile_init(void **ptr, const char *filename, void *userdata)
mysql->li_stream = php_stream_open_wrapper_ex((char *)filename, "r", 0, NULL, context);
if (mysql->li_stream == NULL) {
- sprintf((char *)data->error_msg, "Can't find file '%-.64s'.", filename);
+ snprintf((char *)data->error_msg, sizeof(data->error_msg), "Can't find file '%-.64s'.", filename);
return 1;
}
diff --git a/ext/mysqli/mysqli_api.c b/ext/mysqli/mysqli_api.c
index 18afcc5b62..41ccff187b 100644
--- a/ext/mysqli/mysqli_api.c
+++ b/ext/mysqli/mysqli_api.c
@@ -751,7 +751,7 @@ PHP_FUNCTION(mysqli_stmt_fetch)
* may be negative. Therefor we cannot use MYSQLI_LLU_SPEC and must
* use MYSQLI_LL_SPEC.
*/
- sprintf((char *)&tmp, (stmt->stmt->fields[i].flags & UNSIGNED_FLAG)? MYSQLI_LLU_SPEC : MYSQLI_LL_SPEC, llval);
+ snprintf(tmp, sizeof(tmp), (stmt->stmt->fields[i].flags & UNSIGNED_FLAG)? MYSQLI_LLU_SPEC : MYSQLI_LL_SPEC, llval);
ZVAL_UTF8_STRING(stmt->result.vars[i], tmp, ZSTR_DUPLICATE);
} else {
ZVAL_LONG(stmt->result.vars[i], llval);
diff --git a/ext/mysqli/mysqli_prop.c b/ext/mysqli/mysqli_prop.c
index 224c1478cb..63c5e01f5d 100644
--- a/ext/mysqli/mysqli_prop.c
+++ b/ext/mysqli/mysqli_prop.c
@@ -85,9 +85,9 @@ static int __func(mysqli_object *obj, zval **retval TSRMLS_DC) \
if (l < LONG_MAX) {\
ZVAL_LONG(*retval, l);\
} else { \
- char ret[40]; \
- sprintf(ret, MYSQLI_LLU_SPEC, (my_ulonglong)l); \
- ZVAL_STRING(*retval, ret, 1); \
+ char *ret; \
+ int l = spprintf(&ret, 0, MYSQLI_LLU_SPEC, (my_ulonglong)l); \
+ ZVAL_STRINGL(*retval, ret, l, 0); \
} \
}\
return SUCCESS;\
@@ -175,9 +175,9 @@ static int link_affected_rows_read(mysqli_object *obj, zval **retval TSRMLS_DC)
if (rc < LONG_MAX) {
ZVAL_LONG(*retval, rc);
} else {
- char ret[40];
- sprintf(ret, MYSQLI_LLU_SPEC, (my_ulonglong) rc);
- ZVAL_STRING(*retval, ret, 1);
+ char *ret;
+ int l = spprintf(&ret, 0, MYSQLI_LLU_SPEC, (my_ulonglong) rc);
+ ZVAL_STRINGL(*retval, ret, l, 0);
}
}
return SUCCESS;
@@ -294,9 +294,9 @@ static int stmt_affected_rows_read(mysqli_object *obj, zval **retval TSRMLS_DC)
if (rc < LONG_MAX) {
ZVAL_LONG(*retval, rc);
} else {
- char ret[40];
- sprintf(ret, MYSQLI_LLU_SPEC, (my_ulonglong) rc);
- ZVAL_STRING(*retval, ret, 1);
+ char *ret;
+ int l = spprintf(&ret, 0, MYSQLI_LLU_SPEC, (my_ulonglong) rc);
+ ZVAL_STRINGL(*retval, ret, l, 0);
}
}
return SUCCESS;
diff --git a/ext/mysqli/php_mysqli.h b/ext/mysqli/php_mysqli.h
index 0cf72d0b84..d80fc31c42 100644
--- a/ext/mysqli/php_mysqli.h
+++ b/ext/mysqli/php_mysqli.h
@@ -257,9 +257,9 @@ PHP_MYSQLI_EXPORT(zend_object_value) mysqli_objects_new(zend_class_entry * TSRML
if ((__val) < LONG_MAX) { \
RETURN_LONG((__val)); \
} else { \
- char ret[40]; \
- sprintf(ret, "%llu", (__val)); \
- RETURN_STRING(ret,1); \
+ char *ret; \
+ int l = spprintf(&ret, 0, "%llu", (__val)); \
+ RETURN_STRINGL(ret, l, 0); \
} \
}
diff --git a/ext/oci8/oci8.c b/ext/oci8/oci8.c
index 2926ba74d8..375511c080 100644
--- a/ext/oci8/oci8.c
+++ b/ext/oci8/oci8.c
@@ -676,9 +676,9 @@ PHP_MINFO_FUNCTION(oci)
php_info_print_table_row(2, "Version", "1.2.2");
php_info_print_table_row(2, "Revision", "$Revision$");
- sprintf(buf, "%ld", OCI_G(num_persistent));
+ snprintf(buf, sizeof(buf), "%ld", OCI_G(num_persistent));
php_info_print_table_row(2, "Active Persistent Connections", buf);
- sprintf(buf, "%ld", OCI_G(num_links));
+ snprintf(buf, sizeof(buf), "%ld", OCI_G(num_links));
php_info_print_table_row(2, "Active Connections", buf);
#if !defined(PHP_WIN32) && !defined(HAVE_OCI_INSTANT_CLIENT)
@@ -687,7 +687,7 @@ PHP_MINFO_FUNCTION(oci)
php_info_print_table_row(2, "Libraries Used", PHP_OCI8_SHARED_LIBADD );
#else
# if defined(HAVE_OCI_INSTANT_CLIENT) && defined(OCI_MAJOR_VERSION) && defined(OCI_MINOR_VERSION)
- sprintf(buf, "%d.%d", OCI_MAJOR_VERSION, OCI_MINOR_VERSION);
+ snprintf(buf, sizeof(buf), "%d.%d", OCI_MAJOR_VERSION, OCI_MINOR_VERSION);
php_info_print_table_row(2, "Oracle Instant Client Version", buf);
# endif
#endif
diff --git a/ext/odbc/php_odbc.c b/ext/odbc/php_odbc.c
index a9d19c8f18..b242d111da 100644
--- a/ext/odbc/php_odbc.c
+++ b/ext/odbc/php_odbc.c
@@ -544,9 +544,9 @@ PHP_MINFO_FUNCTION(odbc)
php_info_print_table_start();
php_info_print_table_header(2, "ODBC Support", "enabled");
- sprintf(buf, "%ld", ODBCG(num_persistent));
+ snprintf(buf, sizeof(buf), "%ld", ODBCG(num_persistent));
php_info_print_table_row(2, "Active Persistent Links", buf);
- sprintf(buf, "%ld", ODBCG(num_links));
+ snprintf(buf, sizeof(buf), "%ld", ODBCG(num_links));
php_info_print_table_row(2, "Active Links", buf);
php_info_print_table_row(2, "ODBC library", PHP_ODBC_TYPE);
#ifndef PHP_WIN32
@@ -588,8 +588,8 @@ void odbc_sql_error(ODBC_SQL_ERROR_PARAMS)
*/
rc = SQLError(henv, conn, stmt, state, &error, errormsg, sizeof(errormsg)-1, &errormsgsize);
if (rc != SQL_SUCCESS && rc != SQL_SUCCESS_WITH_INFO) {
- sprintf(state, "HY000");
- sprintf(errormsg, "Failed to fetch error message");
+ snprintf(state, sizeof(state), "HY000");
+ snprintf(errormsg, sizeof(errormsg), "Failed to fetch error message");
}
if (conn_resource) {
memcpy(conn_resource->laststate, state, sizeof(state));
@@ -1155,7 +1155,7 @@ PHP_FUNCTION(odbc_cursor)
result->stmt, state, &error, errormsg,
sizeof(errormsg)-1, &errormsgsize);
if (!strncmp(state,"S1015",5)) {
- sprintf(cursorname,"php_curs_%d", (int)result->stmt);
+ snprintf(cursorname, max_len+1, "php_curs_%d", (int)result->stmt);
if (SQLSetCursorName(result->stmt,cursorname,SQL_NTS) != SQL_SUCCESS) {
odbc_sql_error(result->conn_ptr, result->stmt, "SQLSetCursorName");
RETVAL_FALSE;
@@ -2148,8 +2148,7 @@ int odbc_sqlconnect(odbc_connection **conn, char *db, char *uid, char *pwd, int
if (strstr((char*)db, ";")) {
direct = 1;
if (uid && !strstr ((char*)db, "uid") && !strstr((char*)db, "UID")) {
- ldb = (char*) emalloc(strlen(db) + strlen(uid) + strlen(pwd) + 12);
- sprintf(ldb, "%s;UID=%s;PWD=%s", db, uid, pwd);
+ spprintf(&ldb, 0, "%s;UID=%s;PWD=%s", db, uid, pwd);
} else {
ldb_len = strlen(db)+1;
ldb = (char*) emalloc(ldb_len);
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index b5fdc348cc..15b76371bd 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -302,7 +302,7 @@ static time_t asn1_time_to_time_t(ASN1_UTCTIME * timestr TSRMLS_DC) /* {{{ */
/*
This is how the time string is formatted:
- sprintf(p,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
+ snprintf(p, sizeof(p), "%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
*/
diff --git a/ext/pcre/pcrelib/pcregrep.c b/ext/pcre/pcrelib/pcregrep.c
index 0e57e56514..4db73485d6 100644
--- a/ext/pcre/pcrelib/pcregrep.c
+++ b/ext/pcre/pcrelib/pcregrep.c
@@ -1188,8 +1188,7 @@ if ((sep = isdirectory(pathname)) != 0)
while ((nextfile = readdirectory(dir)) != NULL)
{
int frc, blen;
- sprintf(buffer, "%.512s%c%.128s", pathname, sep, nextfile);
- blen = strlen(buffer);
+ blen = snprintf(buffer, sizeof(buffer), "%.512s%c%.128s", pathname, sep, nextfile);
if (exclude_compiled != NULL &&
pcre_exec(exclude_compiled, NULL, buffer, blen, 0, 0, NULL, 0) >= 0)
@@ -1281,7 +1280,7 @@ for (op = optionlist; op->one_char != 0; op++)
{
int n;
char s[4];
- if (op->one_char > 0) sprintf(s, "-%c,", op->one_char); else strcpy(s, " ");
+ if (op->one_char > 0) snprintf(s, sizeof(s), "-%c,", op->one_char); else strcpy(s, " ");
printf(" %s --%s%n", s, op->long_name, &n);
n = 30 - n;
if (n < 1) n = 1;
@@ -1355,7 +1354,7 @@ ordin(int n)
{
static char buffer[8];
char *p = buffer;
-sprintf(p, "%d", n);
+snprintf(p, sizeof(buffer), "%d", n);
while (*p != 0) p++;
switch (n%10)
{
@@ -1401,7 +1400,7 @@ if (pattern_count >= MAX_PATTERN_COUNT)
return FALSE;
}
-sprintf(buffer, "%s%.*s%s", prefix[process_options], MBUFTHIRD, pattern,
+snprintf(buffer, sizeof(buffer), "%s%.*s%s", prefix[process_options], MBUFTHIRD, pattern,
suffix[process_options]);
pattern_list[pattern_count] =
pcre_compile(buffer, options, &error, &errptr, pcretables);
@@ -1463,7 +1462,7 @@ if ((process_options & PO_FIXED_STRINGS) != 0)
char *p = end_of_line(pattern, eop, &ellength);
if (ellength == 0)
return compile_single_pattern(pattern, options, filename, count);
- sprintf(buffer, "%.*s", p - pattern - ellength, pattern);
+ snprintf(buffer, sizeof(buffer), "%.*s", p - pattern - ellength, pattern);
pattern = p;
if (!compile_single_pattern(buffer, options, filename, count))
return FALSE;
@@ -1579,8 +1578,8 @@ for (i = 1; i < argc; i++)
char buff1[24];
char buff2[24];
int baselen = opbra - op->long_name;
- sprintf(buff1, "%.*s", baselen, op->long_name);
- sprintf(buff2, "%s%.*s", buff1, strlen(op->long_name) - baselen - 2,
+ snprintf(buff1, sizeof(buff1), "%.*s", baselen, op->long_name);
+ snprintf(buff2, sizeof(buff2), "%s%.*s", buff1, strlen(op->long_name) - baselen - 2,
opbra + 1);
if (strcmp(arg, buff1) == 0 || strcmp(arg, buff2) == 0)
break;
@@ -1935,7 +1934,7 @@ for (j = 0; j < pattern_count; j++)
if (error != NULL)
{
char s[16];
- if (pattern_count == 1) s[0] = 0; else sprintf(s, " number %d", j);
+ if (pattern_count == 1) s[0] = 0; else snprintf(s, sizeof(s), " number %d", j);
fprintf(stderr, "pcregrep: Error while studying regex%s: %s\n", s, error);
return 2;
}
diff --git a/ext/pcre/pcrelib/pcreposix.c b/ext/pcre/pcrelib/pcreposix.c
index 31c7a31ab3..3cee2aa33f 100644
--- a/ext/pcre/pcrelib/pcreposix.c
+++ b/ext/pcre/pcrelib/pcreposix.c
@@ -158,7 +158,7 @@ addlength = (preg != NULL && (int)preg->re_erroffset != -1)?
if (errbuf_size > 0)
{
if (addlength > 0 && errbuf_size >= length + addlength)
- sprintf(errbuf, "%s%s%-6d", message, addmessage, (int)preg->re_erroffset);
+ snprintf(errbuf, errbuf_size, "%s%s%-6d", message, addmessage, (int)preg->re_erroffset);
else
{
strncpy(errbuf, message, errbuf_size - 1);
diff --git a/ext/pdo_firebird/firebird_statement.c b/ext/pdo_firebird/firebird_statement.c
index d6ae8d17d6..6c9cb9bbe5 100644
--- a/ext/pdo_firebird/firebird_statement.c
+++ b/ext/pdo_firebird/firebird_statement.c
@@ -211,6 +211,8 @@ static void set_param_type(enum pdo_param_type *param_type, XSQLVAR const *var)
#define FETCH_BUF(buf,type,len,lenvar) ((buf) = (buf) ? (buf) : \
emalloc((len) ? (len * sizeof(type)) : ((*(unsigned long*)lenvar) = sizeof(type))))
+#define CHAR_BUF_LEN 24
+
/* fetch a blob into a fetch buffer */
static int firebird_fetch_blob(pdo_stmt_t *stmt, int colno, char **ptr, /* {{{ */
unsigned long *len, ISC_QUAD *blob_id TSRMLS_DC)
@@ -322,16 +324,16 @@ static int firebird_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr, /* {{
n = *(ISC_INT64*)var->sqldata;
}
- *ptr = FETCH_BUF(S->fetch_buf[colno], char, 24, NULL);
+ *ptr = FETCH_BUF(S->fetch_buf[colno], char, CHAR_BUF_LEN, NULL);
if (n >= 0) {
- *len = sprintf(*ptr, "%" LL_MASK "d.%0*" LL_MASK "d",
+ *len = snprintf(*ptr, CHAR_BUF_LEN, "%" LL_MASK "d.%0*" LL_MASK "d",
n / f, -var->sqlscale, n % f);
} else if (n < -f) {
- *len = sprintf(*ptr, "%" LL_MASK "d.%0*" LL_MASK "d",
+ *len = snprintf(*ptr, CHAR_BUF_LEN, "%" LL_MASK "d.%0*" LL_MASK "d",
n / f, -var->sqlscale, -n % f);
} else {
- *len = sprintf(*ptr, "-0.%0*" LL_MASK "d", -var->sqlscale, -n % f);
+ *len = snprintf(*ptr, CHAR_BUF_LEN, "-0.%0*" LL_MASK "d", -var->sqlscale, -n % f);
}
} else {
switch (var->sqltype & ~1) {
@@ -353,24 +355,24 @@ static int firebird_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr, /* {{
break;
/* --- cut here --- */
case SQL_SHORT:
- *ptr = FETCH_BUF(S->fetch_buf[colno], char, 24, NULL);
- *len = sprintf(*ptr, "%d", *(short*)var->sqldata);
+ *ptr = FETCH_BUF(S->fetch_buf[colno], char, CHAR_BUF_LEN, NULL);
+ *len = snprintf(*ptr, CHAR_BUF_LEN"%d", *(short*)var->sqldata);
break;
case SQL_LONG:
- *ptr = FETCH_BUF(S->fetch_buf[colno], char, 24, NULL);
- *len = sprintf(*ptr, "%ld", *(ISC_LONG*)var->sqldata);
+ *ptr = FETCH_BUF(S->fetch_buf[colno], char, CHAR_BUF_LEN, NULL);
+ *len = snprintf(*ptr, CHAR_BUF_LEN"%ld", *(ISC_LONG*)var->sqldata);
break;
case SQL_INT64:
- *ptr = FETCH_BUF(S->fetch_buf[colno], char, 24, NULL);
- *len = sprintf(*ptr, "%" LL_MASK "d", *(ISC_INT64*)var->sqldata);
+ *ptr = FETCH_BUF(S->fetch_buf[colno], char, CHAR_BUF_LEN, NULL);
+ *len = snprintf(*ptr, CHAR_BUF_LEN"%" LL_MASK "d", *(ISC_INT64*)var->sqldata);
break;
case SQL_FLOAT:
- *ptr = FETCH_BUF(S->fetch_buf[colno], char, 24, NULL);
- *len = sprintf(*ptr, "%f", *(float*)var->sqldata);
+ *ptr = FETCH_BUF(S->fetch_buf[colno], char, CHAR_BUF_LEN, NULL);
+ *len = snprintf(*ptr, CHAR_BUF_LEN"%f", *(float*)var->sqldata);
break;
case SQL_DOUBLE:
- *ptr = FETCH_BUF(S->fetch_buf[colno], char, 24, NULL);
- *len = sprintf(*ptr, "%f" , *(double*)var->sqldata);
+ *ptr = FETCH_BUF(S->fetch_buf[colno], char, CHAR_BUF_LEN, NULL);
+ *len = snprintf(*ptr, CHAR_BUF_LEN"%f" , *(double*)var->sqldata);
break;
/* --- cut here --- */
#if abies_0
@@ -391,8 +393,8 @@ static int firebird_stmt_get_col(pdo_stmt_t *stmt, int colno, char **ptr, /* {{
#if SIZEOF_LONG == 8
*ptr = var->sqldata;
#else
- *ptr = FETCH_BUF(S->fetch_buf[colno], char, 20, NULL);
- *len = sprintf(*ptr, "%" LL_MASK "d", *(ISC_INT64*)var->sqldata);
+ *ptr = FETCH_BUF(S->fetch_buf[colno], char, CHAR_BUF_LEN, NULL);
+ *len = snprintf(*ptr, CHAR_BUF_LEN, "%" LL_MASK "d", *(ISC_INT64*)var->sqldata);
#endif
break;
case SQL_FLOAT:
diff --git a/ext/pdo_odbc/odbc_driver.c b/ext/pdo_odbc/odbc_driver.c
index 9378543059..9f6cc62fc4 100755
--- a/ext/pdo_odbc/odbc_driver.c
+++ b/ext/pdo_odbc/odbc_driver.c
@@ -387,8 +387,8 @@ static int pdo_odbc_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_D
/* Force UID and PWD to be set in the DSN */
if (dbh->username && *dbh->username && !strstr(dbh->data_source, "uid")
&& !strstr(dbh->data_source, "UID")) {
- char *dsn = pemalloc(strlen(dbh->data_source) + strlen(dbh->username) + strlen(dbh->password) + sizeof(";UID=;PWD="), dbh->is_persistent);
- sprintf(dsn, "%s;UID=%s;PWD=%s", dbh->data_source, dbh->username, dbh->password);
+ char *dsn;
+ spprintf(&dsn, 0, "%s;UID=%s;PWD=%s", dbh->data_source, dbh->username, dbh->password);
pefree((char*)dbh->data_source, dbh->is_persistent);
dbh->data_source = dsn;
}
diff --git a/ext/pgsql/pgsql.c b/ext/pgsql/pgsql.c
index 4b1da70613..9ea09addff 100644
--- a/ext/pgsql/pgsql.c
+++ b/ext/pgsql/pgsql.c
@@ -599,9 +599,9 @@ PHP_MINFO_FUNCTION(pgsql)
php_info_print_table_row(2, "SSL support", "disabled");
#endif
#endif /* HAVE_PG_CONFIG_H */
- sprintf(buf, "%ld", PGG(num_persistent));
+ snprintf(buf, sizeof(buf), "%ld", PGG(num_persistent));
php_info_print_table_row(2, "Active Persistent Links", buf);
- sprintf(buf, "%ld", PGG(num_links));
+ snprintf(buf, sizeof(buf), "%ld", PGG(num_links));
php_info_print_table_row(2, "Active Links", buf);
php_info_print_table_end();
diff --git a/ext/pspell/pspell.c b/ext/pspell/pspell.c
index b123012817..95ba28c057 100644
--- a/ext/pspell/pspell.c
+++ b/ext/pspell/pspell.c
@@ -778,7 +778,7 @@ static PHP_FUNCTION(pspell_config_ignore)
convert_to_long_ex(pignore);
ignore = Z_LVAL_PP(pignore);
- sprintf(ignore_str, "%ld", ignore);
+ snprintf(ignore_str, sizeof(ignore_str), "%ld", ignore);
pspell_config_replace(config, "ignore", ignore_str);
RETURN_TRUE;
diff --git a/ext/session/mod_mm.c b/ext/session/mod_mm.c
index c307bf7b9c..2ba98a2027 100644
--- a/ext/session/mod_mm.c
+++ b/ext/session/mod_mm.c
@@ -269,7 +269,7 @@ PHP_MINIT_FUNCTION(ps_mm)
return FAILURE;
}
- if (!sprintf(euid,"%d", geteuid())) {
+ if (!snprintf(euid, sizeof(euid), "%d", geteuid())) {
return FAILURE;
}
diff --git a/ext/session/session.c b/ext/session/session.c
index 19d9ecf72d..922835fd33 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -287,10 +287,8 @@ PHPAPI char *php_session_create_id(PS_CREATE_SID_ARGS)
remote_addr = Z_STRVAL_PP(token);
}
- buf = emalloc(PS_ID_INITIAL_SIZE);
-
/* maximum 15+19+19+10 bytes */
- sprintf(buf, "%.15s%ld%ld%0.8F", remote_addr ? remote_addr : "",
+ spprintf(&buf, 0, "%.15s%ld%ld%0.8F", remote_addr ? remote_addr : "",
tv.tv_sec, (long int)tv.tv_usec, php_combined_lcg(TSRMLS_C) * 10);
switch (PS(hash_func)) {
@@ -936,7 +934,7 @@ static inline void strcpy_gmt(char *ubuf, time_t *when)
php_gmtime_r(when, &tm);
- n = sprintf(buf, "%s, %02d %s %d %02d:%02d:%02d GMT", /* SAFE */
+ n = snprintf(buf, sizeof(buf), "%s, %02d %s %d %02d:%02d:%02d GMT", /* SAFE */
week_days[tm.tm_wday], tm.tm_mday,
month_names[tm.tm_mon], tm.tm_year + 1900,
tm.tm_hour, tm.tm_min,
@@ -977,7 +975,7 @@ CACHE_LIMITER_FUNC(public)
strcpy_gmt(buf + sizeof(EXPIRES) - 1, &now);
ADD_HEADER(buf);
- sprintf(buf, "Cache-Control: public, max-age=%ld", PS(cache_expire) * 60); /* SAFE */
+ snprintf(buf, sizeof(buf) , "Cache-Control: public, max-age=%ld", PS(cache_expire) * 60); /* SAFE */
ADD_HEADER(buf);
last_modified(TSRMLS_C);
@@ -987,7 +985,7 @@ CACHE_LIMITER_FUNC(private_no_expire)
{
char buf[MAX_STR + 1];
- sprintf(buf, "Cache-Control: private, max-age=%ld, pre-check=%ld", PS(cache_expire) * 60, PS(cache_expire) * 60); /* SAFE */
+ snprintf(buf, sizeof(buf), "Cache-Control: private, max-age=%ld, pre-check=%ld", PS(cache_expire) * 60, PS(cache_expire) * 60); /* SAFE */
ADD_HEADER(buf);
last_modified(TSRMLS_C);
diff --git a/ext/skeleton/skeleton.c b/ext/skeleton/skeleton.c
index ae07e5373f..08868874e8 100644
--- a/ext/skeleton/skeleton.c
+++ b/ext/skeleton/skeleton.c
@@ -138,14 +138,14 @@ PHP_FUNCTION(confirm_extname_compiled)
{
char *arg = NULL;
int arg_len, len;
- char string[256];
+ char *strg;
if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", &arg, &arg_len) == FAILURE) {
return;
}
- len = sprintf(string, "Congratulations! You have successfully modified ext/%.78s/config.m4. Module %.78s is now compiled into PHP.", "extname", arg);
- RETURN_STRINGL(string, len, 1);
+ len = spprintf(&strg, 0, "Congratulations! You have successfully modified ext/%.78s/config.m4. Module %.78s is now compiled into PHP.", "extname", arg);
+ RETURN_STRINGL(strg, len, 0);
}
/* }}} */
/* The previous line is meant for vim and emacs, so it can correctly fold and
diff --git a/ext/soap/php_encoding.c b/ext/soap/php_encoding.c
index 133875e80f..c062696468 100644
--- a/ext/soap/php_encoding.c
+++ b/ext/soap/php_encoding.c
@@ -904,7 +904,7 @@ static xmlNodePtr to_xml_long(encodeTypePtr type, zval *data, int style, xmlNode
if (Z_TYPE_P(data) == IS_DOUBLE) {
char s[256];
- sprintf(s, "%0.0f",floor(Z_DVAL_P(data)));
+ snprintf(s, sizeof(s), "%0.0f",floor(Z_DVAL_P(data)));
xmlNodeSetContent(ret, BAD_CAST(s));
} else {
zval tmp = *data;
@@ -2660,12 +2660,12 @@ static xmlNodePtr to_xml_datetime_ex(encodeTypePtr type, zval *data, char *forma
/* Time zone support */
#ifdef HAVE_TM_GMTOFF
- sprintf(tzbuf, "%c%02d:%02d", (ta->tm_gmtoff < 0) ? '-' : '+', abs(ta->tm_gmtoff / 3600), abs( (ta->tm_gmtoff % 3600) / 60 ));
+ snprintf(tzbuf, sizeof(tzbuf), "%c%02d:%02d", (ta->tm_gmtoff < 0) ? '-' : '+', abs(ta->tm_gmtoff / 3600), abs( (ta->tm_gmtoff % 3600) / 60 ));
#else
# ifdef __CYGWIN__
- sprintf(tzbuf, "%c%02d:%02d", ((ta->tm_isdst ? _timezone - 3600:_timezone)>0)?'-':'+', abs((ta->tm_isdst ? _timezone - 3600 : _timezone) / 3600), abs(((ta->tm_isdst ? _timezone - 3600 : _timezone) % 3600) / 60));
+ snprintf(tzbuf, sizeof(tzbuf), "%c%02d:%02d", ((ta->tm_isdst ? _timezone - 3600:_timezone)>0)?'-':'+', abs((ta->tm_isdst ? _timezone - 3600 : _timezone) / 3600), abs(((ta->tm_isdst ? _timezone - 3600 : _timezone) % 3600) / 60));
# else
- sprintf(tzbuf, "%c%02d:%02d", ((ta->tm_isdst ? timezone - 3600:timezone)>0)?'-':'+', abs((ta->tm_isdst ? timezone - 3600 : timezone) / 3600), abs(((ta->tm_isdst ? timezone - 3600 : timezone) % 3600) / 60));
+ snprintf(tzbuf, sizeof(tzbuf), "%c%02d:%02d", ((ta->tm_isdst ? timezone - 3600:timezone)>0)?'-':'+', abs((ta->tm_isdst ? timezone - 3600 : timezone) / 3600), abs(((ta->tm_isdst ? timezone - 3600 : timezone) % 3600) / 60));
# endif
#endif
if (strcmp(tzbuf,"+00:00") == 0) {
diff --git a/ext/soap/php_http.c b/ext/soap/php_http.c
index afa0a27283..160a204289 100644
--- a/ext/soap/php_http.c
+++ b/ext/soap/php_http.c
@@ -468,7 +468,7 @@ try_again:
unsigned int ctx;
PHP_MD5Init(&md5ctx);
- sprintf(cnonce, "%d", php_rand_r(&ctx));
+ snprintf(cnonce, sizeof(cnonce), "%d", php_rand_r(&ctx));
PHP_MD5Update(&md5ctx, (unsigned char*)cnonce, strlen(cnonce));
PHP_MD5Final(hash, &md5ctx);
make_digest(cnonce, hash);
diff --git a/ext/soap/soap.c b/ext/soap/soap.c
index 88bb04ef08..09332e0d5f 100644
--- a/ext/soap/soap.c
+++ b/ext/soap/soap.c
@@ -464,8 +464,7 @@ static void php_soap_prepare_globals()
if (defaultEncoding[i].details.type_str) {
if (defaultEncoding[i].details.ns != NULL) {
char *ns_type;
- ns_type = emalloc(strlen(defaultEncoding[i].details.ns) + strlen(defaultEncoding[i].details.type_str) + 2);
- sprintf(ns_type, "%s:%s", defaultEncoding[i].details.ns, defaultEncoding[i].details.type_str);
+ spprintf(&ns_type, 0, "%s:%s", defaultEncoding[i].details.ns, defaultEncoding[i].details.type_str);
zend_hash_add(&defEnc, ns_type, strlen(ns_type) + 1, &enc, sizeof(encodePtr), NULL);
efree(ns_type);
} else {
diff --git a/ext/standard/dns.c b/ext/standard/dns.c
index 6bb9212316..60cba0539f 100644
--- a/ext/standard/dns.c
+++ b/ext/standard/dns.c
@@ -409,7 +409,7 @@ static u_char *php_parserr(u_char *cp, querybuf *answer, int type_to_fetch, int
switch (type) {
case DNS_T_A:
add_ascii_assoc_string(*subarray, "type", "A", 1);
- sprintf(name, "%d.%d.%d.%d", cp[0], cp[1], cp[2], cp[3]);
+ snprintf(name, sizeof(name), "%d.%d.%d.%d", cp[0], cp[1], cp[2], cp[3]);
add_ascii_assoc_rt_string(*subarray, "ip", name, ZSTR_DUPLICATE);
cp += dlen;
break;
diff --git a/ext/standard/head.c b/ext/standard/head.c
index 26894de1b1..7099df673f 100644
--- a/ext/standard/head.c
+++ b/ext/standard/head.c
@@ -94,8 +94,6 @@ PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, t
if (domain) {
len += domain_len;
}
- cookie = emalloc(len + 100);
-
if (value && value_len == 0) {
/*
* MSIE doesn't delete a cookie when you set it to a null value
@@ -104,10 +102,10 @@ PHPAPI int php_setcookie(char *name, int name_len, char *value, int value_len, t
*/
time_t t = time(NULL) - 31536001;
dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, t, 0 TSRMLS_CC);
- sprintf(cookie, "Set-Cookie: %s=deleted; expires=%s", name, dt);
+ spprintf(&cookie, 0, "Set-Cookie: %s=deleted; expires=%s", name, dt);
efree(dt);
} else {
- sprintf(cookie, "Set-Cookie: %s=%s", name, value ? encoded_value : "");
+ spprintf(&cookie, 0, "Set-Cookie: %s=%s", name, value ? encoded_value : "");
if (expires > 0) {
strcat(cookie, "; expires=");
dt = php_format_date("D, d-M-Y H:i:s T", sizeof("D, d-M-Y H:i:s T")-1, expires, 0 TSRMLS_CC);
diff --git a/ext/standard/image.c b/ext/standard/image.c
index 2b061bd260..a422d33f61 100644
--- a/ext/standard/image.c
+++ b/ext/standard/image.c
@@ -454,7 +454,7 @@ static int php_read_APP(php_stream * stream, unsigned int marker, zval *info TSR
return 0;
}
- sprintf(markername, "APP%d", marker - M_APP0);
+ snprintf(markername, sizeof(markername), "APP%d", marker - M_APP0);
if (zend_ascii_hash_find(Z_ARRVAL_P(info), markername, strlen(markername)+1, (void **) &tmp) == FAILURE) {
/* XXX we onyl catch the 1st tag of it's kind! */
diff --git a/ext/standard/pack.c b/ext/standard/pack.c
index fb25c82203..f1ee94e231 100644
--- a/ext/standard/pack.c
+++ b/ext/standard/pack.c
@@ -622,10 +622,10 @@ PHP_FUNCTION(unpack)
if (arg != 1 || namelen == 0) {
/* Need to add element number to name */
- sprintf(n, "%.*s%d", namelen, name, i + 1);
+ snprintf(n, sizeof(n), "%.*s%d", namelen, name, i + 1);
} else {
/* Truncate name to next format code or end of string */
- sprintf(n, "%.*s", namelen, name);
+ snprintf(n, sizeof(n), "%.*s", namelen, name);
}
if (size != 0 && size != -1 && INT_MAX - size + 1 < inputpos) {
diff --git a/ext/standard/proc_open.c b/ext/standard/proc_open.c
index 5614b1710a..9e8e1a3f62 100644
--- a/ext/standard/proc_open.c
+++ b/ext/standard/proc_open.c
@@ -740,8 +740,7 @@ PHP_FUNCTION(proc_open)
if (bypass_shell) {
newprocok = CreateProcess(NULL, command, &security, &security, TRUE, NORMAL_PRIORITY_CLASS, env.envp, cwd, &si, &pi);
} else {
- command_with_cmd = emalloc(command_len + sizeof(COMSPEC_9X) + 1 + sizeof(" /c "));
- sprintf(command_with_cmd, "%s /c %s", GetVersion() < 0x80000000 ? COMSPEC_NT : COMSPEC_9X, command);
+ spprintf(&command_with_cmd, 0, "%s /c %s", GetVersion() < 0x80000000 ? COMSPEC_NT : COMSPEC_9X, command);
newprocok = CreateProcess(NULL, command_with_cmd, &security, &security, TRUE, NORMAL_PRIORITY_CLASS, env.envp, cwd, &si, &pi);
diff --git a/ext/standard/scanf.c b/ext/standard/scanf.c
index 093b8878f3..c80239cf71 100644
--- a/ext/standard/scanf.c
+++ b/ext/standard/scanf.c
@@ -1562,7 +1562,7 @@ PHPAPI int php_sscanf_internal( char *string, char *format,
*end = '\0';
value = (int) (*fn)(buf, NULL, base);
if ((flags & SCAN_UNSIGNED) && (value < 0)) {
- sprintf(buf, "%u", value); /* INTL: ISO digit */
+ snprintf(buf, sizeof(buf), "%u", value); /* INTL: ISO digit */
if (numVars && objIndex >= argCount) {
break;
} else if (numVars) {
diff --git a/ext/standard/string.c b/ext/standard/string.c
index e9276fc036..b4398818ea 100644
--- a/ext/standard/string.c
+++ b/ext/standard/string.c
@@ -4641,7 +4641,7 @@ char *php_strerror(int errnum)
return(sys_errlist[errnum]);
}
- (void) sprintf(BG(str_ebuf), "Unknown error: %d", errnum);
+ (void) snprintf(BG(str_ebuf), sizeof(php_basic_globals.str_ebuf), "Unknown error: %d", errnum);
return(BG(str_ebuf));
}
/* }}} */
diff --git a/ext/standard/type.c b/ext/standard/type.c
index a10841e697..77307ae2cc 100644
--- a/ext/standard/type.c
+++ b/ext/standard/type.c
@@ -68,8 +68,7 @@ PHP_FUNCTION(gettype)
int res_len;
res_len = sizeof("object of type ")-1 + Z_OBJCE_P(arg)->name_length;
- result = (char *) emalloc(res_len+1);
- sprintf(result, "object of type %s", Z_OBJCE_P(arg)->name);
+ spprintf(&result, 0, "object of type %s", Z_OBJCE_P(arg)->name);
RETVAL_STRINGL(result, res_len, 0);
}
*/
diff --git a/ext/sybase_ct/php_sybase_ct.c b/ext/sybase_ct/php_sybase_ct.c
index ca65eb9533..b90f594ef0 100644
--- a/ext/sybase_ct/php_sybase_ct.c
+++ b/ext/sybase_ct/php_sybase_ct.c
@@ -1006,8 +1006,7 @@ PHP_FUNCTION(sybase_select_db)
ZEND_FETCH_RESOURCE2(sybase_ptr, sybase_link *, sybase_link_index, id, "Sybase-Link", le_link, le_plink);
convert_to_string_ex(db);
- cmdbuf = (char *) emalloc(sizeof("use ")+Z_STRLEN_PP(db)+1);
- sprintf(cmdbuf, "use %s", Z_STRVAL_PP(db)); /* SAFE */
+ spprintf(&cmdbuf, 0, "use %s", Z_STRVAL_PP(db)); /* SAFE */
if (exec_cmd(sybase_ptr, cmdbuf)==FAILURE) {
efree(cmdbuf);
@@ -2121,16 +2120,16 @@ PHP_MINFO_FUNCTION(sybase)
php_info_print_table_start();
php_info_print_table_header(2, "Sybase_CT Support", "enabled" );
- sprintf(buf, "%ld", SybCtG(num_persistent));
+ snprintf(buf, sizeof(buf), "%ld", SybCtG(num_persistent));
php_info_print_table_row(2, "Active Persistent Links", buf);
- sprintf(buf, "%ld", SybCtG(num_links));
+ snprintf(buf, sizeof(buf), "%ld", SybCtG(num_links));
php_info_print_table_row(2, "Active Links", buf);
- sprintf(buf, "%ld", SybCtG(min_server_severity));
+ snprintf(buf, sizeof(buf), "%ld", SybCtG(min_server_severity));
php_info_print_table_row(2, "Min server severity", buf);
- sprintf(buf, "%ld", SybCtG(min_client_severity));
+ snprintf(buf, sizeof(buf), "%ld", SybCtG(min_client_severity));
php_info_print_table_row(2, "Min client severity", buf);
php_info_print_table_row(2, "Application Name", SybCtG(appname));
- sprintf(buf, "%ld", SybCtG(deadlock_retry_count));
+ snprintf(buf, sizeof(buf), "%ld", SybCtG(deadlock_retry_count));
php_info_print_table_row(2, "Deadlock retry count", buf);
php_info_print_table_end();
diff --git a/ext/wddx/wddx.c b/ext/wddx/wddx.c
index 1dc21e0ca9..1432f02442 100644
--- a/ext/wddx/wddx.c
+++ b/ext/wddx/wddx.c
@@ -285,7 +285,7 @@ PS_SERIALIZER_DECODE_FUNC(wddx)
switch (hash_type) {
case HASH_KEY_IS_LONG:
- key_length = sprintf(tmp, "%ld", idx) + 1;
+ key_length = snprintf(tmp, sizeof(tmp), "%ld", idx) + 1;
key = tmp;
/* fallthru */
case HASH_KEY_IS_STRING:
@@ -410,7 +410,7 @@ static void php_wddx_serialize_boolean(wddx_packet *packet, zval *var)
{
char tmp_buf[WDDX_BUF_LEN];
- sprintf(tmp_buf, WDDX_BOOLEAN, Z_LVAL_P(var) ? "true" : "false");
+ snprintf(tmp_buf, sizeof(tmp_buf), WDDX_BOOLEAN, Z_LVAL_P(var) ? "true" : "false");
php_wddx_add_chunk(packet, tmp_buf);
}
/* }}} */
@@ -502,7 +502,7 @@ static void php_wddx_serialize_object(wddx_packet *packet, zval *obj)
zend_unmangle_property_name(key, key_len-1, &class_name, &prop_name);
php_wddx_serialize_var(packet, *ent, prop_name, strlen(prop_name)+1 TSRMLS_CC);
} else {
- key_len = sprintf(tmp_buf, "%ld", idx);
+ key_len = snprintf(tmp_buf, sizeof(tmp_buf), "%ld", idx);
php_wddx_serialize_var(packet, *ent, tmp_buf, key_len TSRMLS_CC);
}
}
@@ -557,7 +557,7 @@ static void php_wddx_serialize_array(wddx_packet *packet, zval *arr)
if (is_struct) {
php_wddx_add_chunk_static(packet, WDDX_STRUCT_S);
} else {
- sprintf(tmp_buf, WDDX_ARRAY_S, zend_hash_num_elements(target_hash));
+ snprintf(tmp_buf, sizeof(tmp_buf), WDDX_ARRAY_S, zend_hash_num_elements(target_hash));
php_wddx_add_chunk(packet, tmp_buf);
}
@@ -573,7 +573,7 @@ static void php_wddx_serialize_array(wddx_packet *packet, zval *arr)
if (ent_type == HASH_KEY_IS_STRING) {
php_wddx_serialize_var(packet, *ent, key, key_len TSRMLS_CC);
} else {
- key_len = sprintf(tmp_buf, "%ld", idx);
+ key_len = snprintf(tmp_buf, sizeof(tmp_buf), "%ld", idx);
php_wddx_serialize_var(packet, *ent, tmp_buf, key_len TSRMLS_CC);
}
} else
@@ -725,7 +725,7 @@ static void php_wddx_push_element(void *user_data, const XML_Char *name, const X
if (!strcmp(atts[i], EL_CHAR_CODE) && atts[++i] && atts[i][0]) {
char tmp_buf[2];
- sprintf(tmp_buf, "%c", (char)strtol(atts[i], NULL, 16));
+ snprintf(tmp_buf, sizeof(tmp_buf), "%c", (char)strtol(atts[i], NULL, 16));
php_wddx_process_data(user_data, tmp_buf, strlen(tmp_buf));
break;
}
diff --git a/ext/zip/lib/zip_close.c b/ext/zip/lib/zip_close.c
index d88737ef6b..78a9ae0c9d 100644
--- a/ext/zip/lib/zip_close.c
+++ b/ext/zip/lib/zip_close.c
@@ -535,7 +535,7 @@ _zip_create_temp_output(struct zip *za, FILE **outp)
return NULL;
}
- sprintf(temp, "%s.XXXXXX", za->zn);
+ snprintf(temp, sizeof(temp), "%s.XXXXXX", za->zn);
if ((tfd=mkstemp(temp)) == -1) {
_zip_error_set(&za->error, ZIP_ER_TMPOPEN, errno);
diff --git a/ext/zip/lib/zip_error_strerror.c b/ext/zip/lib/zip_error_strerror.c
index 3df056805e..8e4ea377fb 100644
--- a/ext/zip/lib/zip_error_strerror.c
+++ b/ext/zip/lib/zip_error_strerror.c
@@ -54,7 +54,7 @@ _zip_error_strerror(struct zip_error *err)
_zip_error_fini(err);
if (err->zip_err < 0 || err->zip_err >= _zip_nerr_str) {
- sprintf(buf, "Unknown error %d", err->zip_err);
+ snprintf(buf, sizeof(buf), "Unknown error %d", err->zip_err);
zs = NULL;
ss = buf;
}
@@ -78,11 +78,11 @@ _zip_error_strerror(struct zip_error *err)
if (ss == NULL)
return zs;
else {
- if ((s=(char *)malloc(strlen(ss)
- + (zs ? strlen(zs)+2 : 0) + 1)) == NULL)
+ int l = strlen(ss) + (zs ? strlen(zs)+2 : 0) + 1;
+ if ((s=(char *)malloc(l)) == NULL)
return _zip_err_str[ZIP_ER_MEMORY];
- sprintf(s, "%s%s%s",
+ snprintf(s, l, "%s%s%s",
(zs ? zs : ""),
(zs ? ": " : ""),
ss);