From 20316027872b9a3a70babc884f838f499f1e5746 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 19 Jul 2005 08:31:04 +0000
Subject: * signal.c (trap): remove sigexit(); handle "EXIT" via sig_exec().  
 [ruby-dev:26440]

* io.c (rb_io_inspect): replace sprintf() with "%s" format all
  over the place by snprintf() to avoid integer overflow.


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@8800 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 eval.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

(limited to 'eval.c')

diff --git a/eval.c b/eval.c
index 9e380569b6..eb5ea2758c 100644
--- a/eval.c
+++ b/eval.c
@@ -669,6 +669,7 @@ rb_attr(klass, id, read, write, ex)
     char *buf;
     ID attriv;
     int noex;
+    size_t len;
 
     if (!ex) noex = NOEX_PUBLIC;
     else {
@@ -693,8 +694,9 @@ rb_attr(klass, id, read, write, ex)
     if (!name) {
 	rb_raise(rb_eArgError, "argument needs to be symbol or string");
     }
-    buf = ALLOCA_N(char,strlen(name)+2);
-    sprintf(buf, "@%s", name);
+    len = strlen(name)+2;
+    buf = ALLOCA_N(char,len);
+    snprintf(buf, len, "@%s", name);
     attriv = rb_intern(buf);
     if (read) {
 	rb_add_method(klass, id, NEW_IVAR(attriv), noex);
@@ -8672,12 +8674,14 @@ proc_to_s(self)
     if ((node = data->frame.node) || (node = data->body)) {
 	len += strlen(node->nd_file) + 2 + (SIZEOF_LONG*CHAR_BIT-NODE_LSHIFT)/3;
 	str = rb_str_new(0, len);
-	sprintf(RSTRING(str)->ptr, "#<%s:0x%.*lx@%s:%d>", cname, w, (VALUE)data->body,
-		node->nd_file, nd_line(node));
+	snprintf(RSTRING(str)->ptr, len,
+		 "#<%s:0x%.*lx@%s:%d>", cname, w, (VALUE)data->body,
+		 node->nd_file, nd_line(node));
     }
     else {
 	str = rb_str_new(0, len);
-	sprintf(RSTRING(str)->ptr, "#<%s:0x%.*lx>", cname, w, (VALUE)data->body);
+	snprintf(RSTRING(str)->ptr, len,
+		 "#<%s:0x%.*lx>", cname, w, (VALUE)data->body);
     }
     RSTRING(str)->len = strlen(RSTRING(str)->ptr);
     if (OBJ_TAINTED(self)) OBJ_TAINT(str);
@@ -12757,9 +12761,10 @@ rb_thread_inspect(thread)
     rb_thread_t th = rb_thread_check(thread);
     const char *status = thread_status_name(th->status);
     VALUE str;
+    size_t len = strlen(cname)+7+16+9+1;
 
-    str = rb_str_new(0, strlen(cname)+7+16+9+1); /* 7:tags 16:addr 9:status 1:nul */
-    sprintf(RSTRING(str)->ptr, "#<%s:0x%lx %s>", cname, thread, status);
+    str = rb_str_new(0, len); /* 7:tags 16:addr 9:status 1:nul */
+    snprintf(RSTRING(str)->ptr, len, "#<%s:0x%lx %s>", cname, thread, status);
     RSTRING(str)->len = strlen(RSTRING(str)->ptr);
     OBJ_INFECT(str, thread);
 
-- 
cgit v1.2.3