From 22cde7b682328ba195ce0ee214edb6c2feb81b23 Mon Sep 17 00:00:00 2001 From: nobu Date: Tue, 17 Mar 2009 01:29:17 +0000 Subject: * dir.c, dln.c, parse.y, re.c, ruby.c, sprintf.c, strftime.c, string.c, util.c, variable.c: use strlcpy, memcpy and snprintf instead of strcpy, strncpy and sprintf. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22984 b2dd03c8-39d4-4d8f-98ff-823fe69b080e --- ChangeLog | 6 ++++++ dir.c | 5 +++-- dln.c | 6 +++--- parse.y | 14 +++++++------- re.c | 2 +- ruby.c | 7 ++++--- sprintf.c | 6 +++--- strftime.c | 6 +++--- string.c | 6 +++--- util.c | 5 +++-- variable.c | 18 ++++++++++-------- 11 files changed, 46 insertions(+), 35 deletions(-) diff --git a/ChangeLog b/ChangeLog index 280bd35fa1..4fb5e9617d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +Tue Mar 17 10:29:22 2009 Nobuyoshi Nakada + + * dir.c, dln.c, parse.y, re.c, ruby.c, sprintf.c, strftime.c, + string.c, util.c, variable.c: use strlcpy, memcpy and snprintf + instead of strcpy, strncpy and sprintf. + Mon Mar 16 17:15:16 2009 Nobuyoshi Nakada * test/dl/test_win32.rb (Win32API): enclosed by DL::TestWin32. diff --git a/dir.c b/dir.c index 9b502ef42f..31b752e7f9 100644 --- a/dir.c +++ b/dir.c @@ -1463,7 +1463,8 @@ ruby_brace_expand(const char *str, int flags, ruby_glob_func *func, VALUE arg, } if (lbrace && rbrace) { - char *buf = GLOB_ALLOC_N(char, strlen(s) + 1); + size_t len = strlen(s) + 1; + char *buf = GLOB_ALLOC_N(char, len); long shift; if (!buf) return -1; @@ -1482,7 +1483,7 @@ ruby_brace_expand(const char *str, int flags, ruby_glob_func *func, VALUE arg, Inc(p, pend, enc); } memcpy(buf+shift, t, p-t); - strcpy(buf+shift+(p-t), rbrace+1); + strlcpy(buf+shift+(p-t), rbrace+1, len-(shift+(p-t))); status = ruby_brace_expand(buf, flags, func, arg, enc); if (status) break; } diff --git a/dln.c b/dln.c index ae22c69a54..6e2298df9b 100644 --- a/dln.c +++ b/dln.c @@ -127,7 +127,7 @@ init_funcname_len(char **buf, const char *file) free(*buf);\ rb_memerror();\ }\ - strcpy(tmp, *buf);\ + strlcpy(tmp, *buf, len + 1);\ free(*buf);\ *buf = tmp;\ } while (0) @@ -1224,7 +1224,7 @@ dln_load(const char *file) /* Load the file as an object one */ init_funcname(&buf, file); - strcpy(winfile, file); + strlcpy(winfile, file, sizeof(winfile)); /* Load file */ if ((handle = LoadLibrary(winfile)) == NULL) { @@ -1669,7 +1669,7 @@ dln_find_1(const char *fname, const char *path, char *fbuf, size_t size, fprintf(stderr, "\tFile \"%s%s\"\n", fname, extension[j]); continue; } - strcpy(bp + i, extension[j]); + strlcpy(bp + i, extension[j], fspace); if (stat(fbuf, &st) == 0) return fbuf; } diff --git a/parse.y b/parse.y index 5f3d51fe3b..bec6953461 100644 --- a/parse.y +++ b/parse.y @@ -881,10 +881,10 @@ stmt : keyword_alias fitem {lex_state = EXPR_FNAME;} fitem | keyword_alias tGVAR tBACK_REF { /*%%%*/ - char buf[3]; - - sprintf(buf, "$%c", (char)$3->nd_nth); - $$ = NEW_VALIAS($2, rb_intern(buf)); + char buf[2]; + buf[0] = '$'; + buf[1] = (char)$3->nd_nth; + $$ = NEW_VALIAS($2, rb_intern2(buf, 2)); /*% $$ = dispatch2(var_alias, $2, $3); %*/ @@ -7041,7 +7041,7 @@ parser_yylex(struct parser_params *parser) if (nondigit) { char tmp[30]; trailing_uc: - sprintf(tmp, "trailing `%c' in number", nondigit); + snprintf(tmp, sizeof(tmp), "trailing `%c' in number", nondigit); yyerror(tmp); } if (is_float) { @@ -10011,9 +10011,9 @@ ripper_id2sym(ID id) char buf[8]; if (id <= 256) { - buf[0] = id; + buf[0] = (char)id; buf[1] = '\0'; - return ID2SYM(rb_intern(buf)); + return ID2SYM(rb_intern2(buf, 1)); } if ((name = keyword_id_to_str(id))) { return ID2SYM(rb_intern(name)); diff --git a/re.c b/re.c index d48d3f3329..b05d78bb39 100644 --- a/re.c +++ b/re.c @@ -366,7 +366,7 @@ rb_reg_expr_str(VALUE str, const char *s, long len) else if (!rb_enc_isspace(c, enc)) { char b[8]; - sprintf(b, "\\x%02X", c); + snprintf(b, sizeof(b), "\\x%02X", c); rb_str_buf_cat(str, b, 4); } else { diff --git a/ruby.c b/ruby.c index 49c33d3167..99f1f1984f 100644 --- a/ruby.c +++ b/ruby.c @@ -379,7 +379,7 @@ ruby_init_loadpath_safe(int safe_level) } } else { - strcpy(libpath, "."); + strlcpy(libpath, ".", sizeof(libpath)); p = libpath + 1; } @@ -522,15 +522,16 @@ moreswitches(const char *s, struct cmdline_options *opt, int envopt) char **argv, *p; const char *ap = 0; VALUE argstr, argary; + int len; while (ISSPACE(*s)) s++; if (!*s) return; - argstr = rb_str_tmp_new(strlen(s) + 2); + argstr = rb_str_tmp_new((len = strlen(s)) + 2); argary = rb_str_tmp_new(0); p = RSTRING_PTR(argstr); *p++ = ' '; - strcpy(p, s); + memcpy(p, s, len + 1); ap = 0; rb_str_cat(argary, (char *)&ap, sizeof(ap)); while (*p) { diff --git a/sprintf.c b/sprintf.c index 772f232062..58dedd3820 100644 --- a/sprintf.c +++ b/sprintf.c @@ -988,7 +988,7 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) buf[blen++] = '+'; else if (flags & FSPACE) blen++; - strncpy(&buf[blen], expr, strlen(expr)); + memcpy(&buf[blen], expr, strlen(expr)); } else { if (!isnan(fval) && fval < 0.0) @@ -997,8 +997,8 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt) buf[blen + need - strlen(expr) - 1] = '+'; else if ((flags & FSPACE) && need > width) blen++; - strncpy(&buf[blen + need - strlen(expr)], expr, - strlen(expr)); + memcpy(&buf[blen + need - strlen(expr)], expr, + strlen(expr)); } blen += strlen(&buf[blen]); break; diff --git a/strftime.c b/strftime.c index 4e7a2d1909..9c7b7421a5 100644 --- a/strftime.c +++ b/strftime.c @@ -243,7 +243,7 @@ rb_strftime(char *s, size_t maxsize, const char *format, const struct tm *timept savetz = (char *) malloc(tzlen + 1); if (savetz != NULL) { savetzlen = tzlen + 1; - strcpy(savetz, tz); + memcpy(savetz, tz, savetzlen); } } tzset(); @@ -256,10 +256,10 @@ rb_strftime(char *s, size_t maxsize, const char *format, const struct tm *timept savetz = (char *) realloc(savetz, i); if (savetz) { savetzlen = i; - strcpy(savetz, tz); + memcpy(savetz, tz, i); } } else - strcpy(savetz, tz); + memcpy(savetz, tz, i); tzset(); } #endif /* POSIX_SEMANTICS */ diff --git a/string.c b/string.c index ebb4ed2036..f3f8ae5d72 100644 --- a/string.c +++ b/string.c @@ -4347,19 +4347,19 @@ rb_str_dump(VALUE str) if (MBCLEN_CHARFOUND_P(n)) { int cc = rb_enc_codepoint(p-1, pend, enc); p += n; - sprintf(q, "u{%x}", cc); + snprintf(q, qend-q, "u{%x}", cc); q += strlen(q); continue; } } - sprintf(q, "x%02X", c); + snprintf(q, qend-q, "x%02X", c); q += 3; } } *q++ = '"'; *q = '\0'; if (!rb_enc_asciicompat(enc)) { - sprintf(q, ".force_encoding(\"%s\")", enc->name); + snprintf(q, qend-q, ".force_encoding(\"%s\")", enc->name); enc = rb_ascii8bit_encoding(); } OBJ_INFECT(result, str); diff --git a/util.c b/util.c index fad309cb1f..bb4a63bc9b 100644 --- a/util.c +++ b/util.c @@ -270,6 +270,7 @@ ruby_add_suffix(VALUE str, const char *suffix) char *s, *t, *p; long slen; char buf[1024]; + char *const bufend = buf + sizeof(buf); if (RSTRING_LEN(str) > 1000) rb_fatal("Cannot do inplace edit on long filename (%ld characters)", @@ -300,7 +301,7 @@ ruby_add_suffix(VALUE str, const char *suffix) if (*suffix == '.') { /* Style 1 */ if (strEQ(ext, suffix)) goto fallback; - strcpy(p, suffix); + strlcpy(p, suffix, bufend - p); } else if (suffix[1] == '\0') { /* Style 2 */ if (extlen < 4) { @@ -317,7 +318,7 @@ ruby_add_suffix(VALUE str, const char *suffix) buf[7] = *suffix; } else goto fallback; - strcpy(p, ext); + strlcpy(p, ext, bufend - p); } else { /* Style 3: Panic */ fallback: diff --git a/variable.c b/variable.c index 7743b6778f..ccec03049c 100644 --- a/variable.c +++ b/variable.c @@ -455,10 +455,11 @@ global_id(const char *name) if (name[0] == '$') id = rb_intern(name); else { - char *buf = ALLOCA_N(char, strlen(name)+2); + size_t len = strlen(name); + char *buf = ALLOCA_N(char, len+1); buf[0] = '$'; - strcpy(buf+1, name); - id = rb_intern(buf); + memcpy(buf+1, name, len); + id = rb_intern2(buf, len+1); } return id; } @@ -733,13 +734,14 @@ VALUE rb_f_global_variables(void) { VALUE ary = rb_ary_new(); - char buf[4]; - const char *s = "123456789"; + char buf[2]; + int i; st_foreach_safe(rb_global_tbl, gvar_i, ary); - while (*s) { - sprintf(buf, "$%c", *s++); - rb_ary_push(ary, ID2SYM(rb_intern(buf))); + buf[0] = '$'; + for (i = 1; i <= 9; ++i) { + buf[1] = (char)(i + '0'); + rb_ary_push(ary, ID2SYM(rb_intern2(buf, 2))); } return ary; } -- cgit v1.2.3