1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
|
$NetBSD: patch-af,v 1.7.2.1 2006/08/25 11:05:02 ghen Exp $
--- src/main.c.orig 2003-08-14 16:36:18.000000000 +0200
+++ src/main.c 2006-08-24 23:58:29.000000000 +0200
@@ -103,7 +103,7 @@ char temp1[PATHLEN + 1]; /* temporary fi
char temp2[PATHLEN + 1]; /* temporary file name */
long totalterms; /* total inverted index terms */
BOOL trun_syms; /* truncate symbols to 8 characters */
-char tempstring[8192]; /* use this as a buffer, instead of 'yytext',
+char tempstring[TEMPSTRING_LEN + 1]; /* use this as a buffer, instead of 'yytext',
* which had better be left alone */
char *tmpdir; /* temporary directory */
@@ -247,6 +247,11 @@ main(int argc, char **argv)
switch (c) {
case 'f': /* alternate cross-reference file */
reffile = s;
+ if (strlen(reffile) > sizeof(path) - 1) {
+ posterr("\
+cscope: reffile too long, cannot be > %d characters\n", sizeof(path) - 1);
+ /* NOTREACHED */
+ }
(void) strcpy(path, s);
#ifdef SHORT_NAMES_ONLY
/* System V has a 14 character limit */
@@ -330,9 +335,31 @@ lastarg:
}
/* create the temporary file names */
- pid = getpid();
- (void) sprintf(temp1, "%s/cscope%d.1", tmpdir, pid);
- (void) sprintf(temp2, "%s/cscope%d.2", tmpdir, pid);
+ do {
+ char *tempfile = tempnam(tmpdir, "cscope1");
+ if (!tempfile) {
+ fputs ("Can't create tempfile\n", stderr);
+ exit (1);
+ }
+ if (strlen(tempfile) >= sizeof(temp1)) {
+ fputs ("TMPDIR path is too long\n", stderr);
+ exit(1);
+ }
+ strncpy (temp1, tempfile, sizeof (temp1));
+ } while (open (temp1, O_CREAT|O_EXCL|O_WRONLY, 0600) < 0);
+ do {
+ char *tempfile = tempnam(tmpdir, "cscope2");
+ if (!tempfile) {
+ fputs ("Can't create tempfile\n", stderr);
+ exit (1);
+ }
+ if (strlen(tempfile) >= sizeof(temp2)) {
+ fputs ("TMPDIR path is too long\n", stderr);
+ exit(1);
+ }
+ strncpy (temp2, tempfile, sizeof (temp2));
+ } while (open (temp2, O_CREAT|O_EXCL|O_WRONLY, 0600) < 0);
+
/* if running in the foreground */
if (signal(SIGINT, SIG_IGN) != SIG_IGN) {
@@ -352,12 +379,12 @@ lastarg:
* used instead of failing to open a non-existant database in
* the home directory
*/
- (void) sprintf(path, "%s/%s", home, reffile);
+ (void) snprintf(path, sizeof(path), "%s/%s", home, reffile);
if (isuptodate == NO || access(path, READ) == 0) {
reffile = stralloc(path);
- (void) sprintf(path, "%s/%s", home, invname);
+ (void) snprintf(path, sizeof(path), "%s/%s", home, invname);
invname = stralloc(path);
- (void) sprintf(path, "%s/%s", home, invpost);
+ (void) snprintf(path, sizeof(path), "%s/%s", home, invpost);
invpost = stralloc(path);
}
}
@@ -467,11 +494,11 @@ lastarg:
|| (names = vpfopen(NAMEFILE, "r")) != NULL) {
/* read any -p option from it */
- while (fscanf(names, "%s", path) == 1 && *path == '-') {
+ while (fgets(path, sizeof(path), names) != NULL && *path == '-') {
i = path[1];
s = path + 2; /* for "-Ipath" */
if (*s == '\0') { /* if "-I path" */
- (void) fscanf(names, "%s", path);
+ (void) fgets(path, sizeof(path), names);
s = path;
}
switch (i) {
@@ -488,7 +515,7 @@ lastarg:
}
else {
for (i = 0; i < nsrcfiles; ++i) {
- if (fscanf(oldrefs, "%s", path) != 1) {
+ if (!fgets(path, sizeof(path), oldrefs) ) {
posterr("cscope: cannot read source file name from file %s\n", reffile);
myexit(1);
}
@@ -692,7 +719,7 @@ cannotwrite(char *file)
#else
char *msg = mymalloc(50+strlen(file));
- (void) sprintf(msg, "Removed file %s because write failed", file);
+ (void) snprintf(msg, sizeof(msg), "Removed file %s because write failed", file);
#endif
myperror(msg); /* display the reason */
|