From 04fcc11f1233cd6fcc16864ac74acf6760ba0cc3 Mon Sep 17 00:00:00 2001 From: Peter Howkins Date: Thu, 23 Dec 2021 19:56:00 +0000 Subject: [PATCH] dtcm: Resolve format-overflow issues --- cde/programs/dtcm/dtcm/browser.c | 2 +- cde/programs/dtcm/dtcm/cm_insert.c | 2 +- cde/programs/dtcm/dtcm/dayglance.c | 2 +- cde/programs/dtcm/dtcm/dssw.c | 6 +++--- cde/programs/dtcm/dtcm/find.c | 3 +-- cde/programs/dtcm/dtcm/timezone.c | 6 +++--- cde/programs/dtcm/dtcm/todo.c | 2 +- cde/programs/dtcm/dtcm/weekglance.c | 2 +- cde/programs/dtcm/dtcm/x_graphics.c | 4 ++-- cde/programs/dtcm/libDtCmP/cm_tty.c | 4 ++-- cde/programs/dtcm/server/rerule.c | 2 +- 11 files changed, 17 insertions(+), 18 deletions(-) diff --git a/cde/programs/dtcm/dtcm/browser.c b/cde/programs/dtcm/dtcm/browser.c index 8ab86f1b8..8de446cd8 100644 --- a/cde/programs/dtcm/dtcm/browser.c +++ b/cde/programs/dtcm/dtcm/browser.c @@ -1417,7 +1417,7 @@ mb_draw_chartgrid(Browser *b, Calendar *c) Props *p = (Props*)c->properties; XFontSetExtents fontextents; int char_height, char_width; - char label[5], buf[160]; + char label[12], buf[160]; new_XContext *xc = b->xcontext; int dayy, dayweek; Tick daytick; diff --git a/cde/programs/dtcm/dtcm/cm_insert.c b/cde/programs/dtcm/dtcm/cm_insert.c index 95063c083..ae35d7da5 100644 --- a/cde/programs/dtcm/dtcm/cm_insert.c +++ b/cde/programs/dtcm/dtcm/cm_insert.c @@ -200,7 +200,7 @@ prompt_for_insert(Props *p) { } } - sprintf(buf, "%s %s", date_str, cm_start); + snprintf(buf, sizeof(buf), "%s %s", date_str, cm_start); next = (int) cm_getdate(buf, NULL); next = next + hrsec; diff --git a/cde/programs/dtcm/dtcm/dayglance.c b/cde/programs/dtcm/dtcm/dayglance.c index 20f4dbef2..16d51db32 100644 --- a/cde/programs/dtcm/dtcm/dayglance.c +++ b/cde/programs/dtcm/dtcm/dayglance.c @@ -923,7 +923,7 @@ static int day_xytoclock(Calendar *c, int x, int y, Tick t) { int daybegin, hr, val; - char buf[10]; + char buf[36]; struct tm tm; Props *p; _Xltimeparams localtime_buf; diff --git a/cde/programs/dtcm/dtcm/dssw.c b/cde/programs/dtcm/dtcm/dssw.c index b8a739553..10964cc3e 100644 --- a/cde/programs/dtcm/dtcm/dssw.c +++ b/cde/programs/dtcm/dtcm/dssw.c @@ -579,7 +579,7 @@ dssw_form_flags_to_appt(DSSW *dssw, Dtcm_appointment *a, char *name, Tick t, int } else ampm_buf[0] = '\0'; - sprintf(buf, "%s %s%s", + snprintf(buf, sizeof(buf), "%s %s%s", dssw->date_val, dssw->start_val.val, ampm_buf); if (!blank_buf(dssw->stop_val.val) @@ -627,7 +627,7 @@ dssw_form_flags_to_appt(DSSW *dssw, Dtcm_appointment *a, char *name, Tick t, int } else ampm_buf[0] = '\0'; - sprintf(buf, "%s %s%s", dssw->date_val, + snprintf(buf, sizeof(buf), "%s %s%s", dssw->date_val, dssw->stop_val.val, ampm_buf); if ((stop_tick = cm_getdate(buf, NULL)) <= 0) { editor_err_msg(dssw->parent, name, INVALID_DATE, @@ -719,7 +719,7 @@ dssw_form_to_todo(DSSW *dssw, Dtcm_appointment *a, char *name, Tick t) } else ampm_buf[0] = '\0'; - sprintf(buf, "%s %s%s", + snprintf(buf, sizeof(buf), "%s %s%s", dssw->date_val, dssw->start_val.val, ampm_buf); /* diff --git a/cde/programs/dtcm/dtcm/find.c b/cde/programs/dtcm/dtcm/find.c index 18a009fc7..c0b8b9138 100644 --- a/cde/programs/dtcm/dtcm/find.c +++ b/cde/programs/dtcm/dtcm/find.c @@ -713,8 +713,7 @@ find_appts(Widget widget, XtPointer client_data, XmPushButtonCallbackStruct *cbs (const time_t *)&new_tick->tick, localtime_buf)); fmt_time_what(appt, what_buf, dt); - sprintf (buf2, "%10s %s", - buf, what_buf); + snprintf(buf2, sizeof(buf2), "%10s %s", buf, what_buf); buf_str = XmStringCreateLocalized(buf2); XmListAddItem(f->find_list, buf_str, 0); XmStringFree(buf_str); diff --git a/cde/programs/dtcm/dtcm/timezone.c b/cde/programs/dtcm/dtcm/timezone.c index df17802d2..a89767707 100644 --- a/cde/programs/dtcm/dtcm/timezone.c +++ b/cde/programs/dtcm/dtcm/timezone.c @@ -299,7 +299,7 @@ make_timezone(Calendar *c) cm_strcpy(tmp_buf, (char*)getenv("TZ")); cm_strcpy(t->mytimezone, tmp_buf); - sprintf(buf, "%s %s", CATGETS(c->DT_catd, 1, 659, "Time Zone:"), + snprintf(buf, sizeof(buf), "%s %s", CATGETS(c->DT_catd, 1, 659, "Time Zone:"), t->mytimezone); set_message(t->timezone_message, buf); set_message(c->message_text, buf); @@ -385,7 +385,7 @@ tz_set_timezone(Calendar *c, Timezone *t) if (t->timezone_type == mytime) { set_timezone(t->mytimezone); - sprintf(buf, "%s %s", CATGETS(c->DT_catd, 1, 659, "Time Zone:"), + snprintf(buf, sizeof(buf), "%s %s", CATGETS(c->DT_catd, 1, 659, "Time Zone:"), t->mytimezone); /* get utc time */ @@ -413,7 +413,7 @@ tz_set_timezone(Calendar *c, Timezone *t) cm_strcpy(t->gmttimezone, tmp_buf); sprintf(gmt, "GMT%s", tmp_buf); set_timezone(gmt); - sprintf(buf, "%s %s", CATGETS(c->DT_catd, 1, 659, "Time Zone:"), gmt); + snprintf(buf, sizeof(buf), "%s %s", CATGETS(c->DT_catd, 1, 659, "Time Zone:"), gmt); } set_message(t->timezone_message, buf); paint_canvas(c, NULL, RENDER_CLEAR_FIRST); diff --git a/cde/programs/dtcm/dtcm/todo.c b/cde/programs/dtcm/dtcm/todo.c index a30795f8d..a416bd72a 100644 --- a/cde/programs/dtcm/dtcm/todo.c +++ b/cde/programs/dtcm/dtcm/todo.c @@ -2212,7 +2212,7 @@ build_todo_view(ToDo *t, Glance glance, Boolean redisplay) { step = (TodoView *)ckalloc(sizeof(TodoView)); sprintf(str1, "%d", cnt); - sprintf(str2, "%s.", str1); + sprintf(str2, "%d.", cnt); str = XmStringCreateLocalized(str2); step->view_item_number = XtVaCreateManagedWidget("cnt", xmLabelGadgetClass, t->view_form_mgr, diff --git a/cde/programs/dtcm/dtcm/weekglance.c b/cde/programs/dtcm/dtcm/weekglance.c index 6c8d55f31..583e3a281 100644 --- a/cde/programs/dtcm/dtcm/weekglance.c +++ b/cde/programs/dtcm/dtcm/weekglance.c @@ -1186,7 +1186,7 @@ draw_chart(Calendar *c, Week *w, XRectangle *rect) int n; XFontSetExtents fontextents; int char_height; - char label[5]; + char label[12]; new_XContext *xc = c->xcontext; Props *p = (Props*)c->properties; DisplayType dt = get_int_prop(p, CP_DEFAULTDISP); diff --git a/cde/programs/dtcm/dtcm/x_graphics.c b/cde/programs/dtcm/dtcm/x_graphics.c index c86266f8d..7233d3c67 100644 --- a/cde/programs/dtcm/dtcm/x_graphics.c +++ b/cde/programs/dtcm/dtcm/x_graphics.c @@ -2660,7 +2660,7 @@ x_print_header(void *gInfoP, char *buf, int pageNum, int numPages) } } - sprintf(pageStr, "%s %d %s %d", str2, pageNum, str, numPages); + snprintf(pageStr, sizeof(pageStr), "%s %d %s %d", str2, pageNum, str, numPages); /* Header/footer strings are all set - print 'em! */ cm_print_header_string(gInfo, CP_PRINTLHEADER, @@ -3186,7 +3186,7 @@ x_print_todo(void *gInfoP, CSA_entry_handle *list, int a_total, _csa_iso8601_to_tick(appt->time->value->item.date_time_value, &start_tick); format_date3(start_tick, ot, st, buf2); - sprintf(buf3, "%s %s", buf2, buf1); + snprintf(buf3, sizeof(buf3), "%s %s", buf2, buf1); } else cm_strcpy(buf3, buf1); diff --git a/cde/programs/dtcm/libDtCmP/cm_tty.c b/cde/programs/dtcm/libDtCmP/cm_tty.c index 1c39aaf43..58bef93c9 100644 --- a/cde/programs/dtcm/libDtCmP/cm_tty.c +++ b/cde/programs/dtcm/libDtCmP/cm_tty.c @@ -650,7 +650,7 @@ cm_tty_lookup(nl_catd catd, CSA_session_handle target, int version, char *date, format_time(end_tick, dt, end_buf); else *end_buf = '\0'; - sprintf(buf, "%s%c%7s ", start_buf, + snprintf(buf, sizeof(buf), "%s%c%7s ", start_buf, (*end_buf ? '-' : ' '), end_buf); } @@ -1747,7 +1747,7 @@ attrs_to_string(CSA_attribute * attrs, int num_attrs) growcat(&buffer, tmp_buf); _csa_iso8601_to_duration(attrs[i].value->item.reminder_value->lead_time, &advance_time); - sprintf(tmp_buf, "reminder:%d:", advance_time); + sprintf(tmp_buf, "reminder:%ld:", (long) advance_time); growcat(&buffer, tmp_buf); if (attrs[i].value->item.reminder_value->reminder_data.data) cat_indented_string(&buffer, diff --git a/cde/programs/dtcm/server/rerule.c b/cde/programs/dtcm/server/rerule.c index fe8079a49..4e5fb78a6 100644 --- a/cde/programs/dtcm/server/rerule.c +++ b/cde/programs/dtcm/server/rerule.c @@ -129,7 +129,7 @@ NumsToBuf( { int i, size = 0; - char tmp_buf[32], + char tmp_buf[34], tmp_buf2[32]; for (i = 0; i < array_size; i++) {