$NetBSD: patch-af,v 1.8 2006/08/24 22:02:02 salo Exp $ --- src/main.c.orig 2003-08-14 16:36:18.000000000 +0200 +++ src/main.c 2006-08-24 23:58:29.000000000 +0200 @@ -103,7 +103,7 @@ char temp1[PATHLEN + 1]; /* temporary fi char temp2[PATHLEN + 1]; /* temporary file name */ long totalterms; /* total inverted index terms */ BOOL trun_syms; /* truncate symbols to 8 characters */ -char tempstring[8192]; /* use this as a buffer, instead of 'yytext', +char tempstring[TEMPSTRING_LEN + 1]; /* use this as a buffer, instead of 'yytext', * which had better be left alone */ char *tmpdir; /* temporary directory */ @@ -247,6 +247,11 @@ main(int argc, char **argv) switch (c) { case 'f': /* alternate cross-reference file */ reffile = s; + if (strlen(reffile) > sizeof(path) - 1) { + posterr("\ +cscope: reffile too long, cannot be > %d characters\n", sizeof(path) - 1); + /* NOTREACHED */ + } (void) strcpy(path, s); #ifdef SHORT_NAMES_ONLY /* System V has a 14 character limit */ @@ -330,9 +335,31 @@ lastarg: } /* create the temporary file names */ - pid = getpid(); - (void) sprintf(temp1, "%s/cscope%d.1", tmpdir, pid); - (void) sprintf(temp2, "%s/cscope%d.2", tmpdir, pid); + do { + char *tempfile = tempnam(tmpdir, "cscope1"); + if (!tempfile) { + fputs ("Can't create tempfile\n", stderr); + exit (1); + } + if (strlen(tempfile) >= sizeof(temp1)) { + fputs ("TMPDIR path is too long\n", stderr); + exit(1); + } + strncpy (temp1, tempfile, sizeof (temp1)); + } while (open (temp1, O_CREAT|O_EXCL|O_WRONLY, 0600) < 0); + do { + char *tempfile = tempnam(tmpdir, "cscope2"); + if (!tempfile) { + fputs ("Can't create tempfile\n", stderr); + exit (1); + } + if (strlen(tempfile) >= sizeof(temp2)) { + fputs ("TMPDIR path is too long\n", stderr); + exit(1); + } + strncpy (temp2, tempfile, sizeof (temp2)); + } while (open (temp2, O_CREAT|O_EXCL|O_WRONLY, 0600) < 0); + /* if running in the foreground */ if (signal(SIGINT, SIG_IGN) != SIG_IGN) { @@ -352,12 +379,12 @@ lastarg: * used instead of failing to open a non-existant database in * the home directory */ - (void) sprintf(path, "%s/%s", home, reffile); + (void) snprintf(path, sizeof(path), "%s/%s", home, reffile); if (isuptodate == NO || access(path, READ) == 0) { reffile = stralloc(path); - (void) sprintf(path, "%s/%s", home, invname); + (void) snprintf(path, sizeof(path), "%s/%s", home, invname); invname = stralloc(path); - (void) sprintf(path, "%s/%s", home, invpost); + (void) snprintf(path, sizeof(path), "%s/%s", home, invpost); invpost = stralloc(path); } } @@ -467,11 +494,11 @@ lastarg: || (names = vpfopen(NAMEFILE, "r")) != NULL) { /* read any -p option from it */ - while (fscanf(names, "%s", path) == 1 && *path == '-') { + while (fgets(path, sizeof(path), names) != NULL && *path == '-') { i = path[1]; s = path + 2; /* for "-Ipath" */ if (*s == '\0') { /* if "-I path" */ - (void) fscanf(names, "%s", path); + (void) fgets(path, sizeof(path), names); s = path; } switch (i) { @@ -488,7 +515,7 @@ lastarg: } else { for (i = 0; i < nsrcfiles; ++i) { - if (fscanf(oldrefs, "%s", path) != 1) { + if (!fgets(path, sizeof(path), oldrefs) ) { posterr("cscope: cannot read source file name from file %s\n", reffile); myexit(1); } @@ -692,7 +719,7 @@ cannotwrite(char *file) #else char *msg = mymalloc(50+strlen(file)); - (void) sprintf(msg, "Removed file %s because write failed", file); + (void) snprintf(msg, sizeof(msg), "Removed file %s because write failed", file); #endif myperror(msg); /* display the reason */