* dir.c, dln.c, parse.y, re.c, ruby.c, sprintf.c, strftime.c,

string.c, util.c, variable.c: use strlcpy, memcpy and snprintf instead of strcpy, strncpy and sprintf. git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@22984 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
2022-11-09 12:17:21 -05:00 · 2009-03-17 01:29:17 +00:00 · 2009-03-17 01:29:17 +00:00 · 22cde7b682
commit 22cde7b682
parent ea9628c3bc
11 changed files with 46 additions and 35 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+Tue Mar 17 10:29:22 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>
+
+	* dir.c, dln.c, parse.y, re.c, ruby.c, sprintf.c, strftime.c,
+	  string.c, util.c, variable.c: use strlcpy, memcpy and snprintf
+	  instead of strcpy, strncpy and sprintf.
+
 Mon Mar 16 17:15:16 2009  Nobuyoshi Nakada  <nobu@ruby-lang.org>

 	* test/dl/test_win32.rb (Win32API): enclosed by DL::TestWin32.
--- a/dir.c
+++ b/dir.c
@ -1463,7 +1463,8 @@ ruby_brace_expand(const char *str, int flags, ruby_glob_func *func, VALUE arg,
    }

    if (lbrace && rbrace) {
-	char *buf = GLOB_ALLOC_N(char, strlen(s) + 1);
+	size_t len = strlen(s) + 1;
+	char *buf = GLOB_ALLOC_N(char, len);
 	long shift;

 	if (!buf) return -1;
@ -1482,7 +1483,7 @@ ruby_brace_expand(const char *str, int flags, ruby_glob_func *func, VALUE arg,
 		Inc(p, pend, enc);
 	    }
 	    memcpy(buf+shift, t, p-t);
-	    strcpy(buf+shift+(p-t), rbrace+1);
+	    strlcpy(buf+shift+(p-t), rbrace+1, len-(shift+(p-t)));
 	    status = ruby_brace_expand(buf, flags, func, arg, enc);
 	    if (status) break;
 	}
--- a/dln.c
+++ b/dln.c
@ -127,7 +127,7 @@ init_funcname_len(char **buf, const char *file)
 	free(*buf);\
 	rb_memerror();\
    }\
-    strcpy(tmp, *buf);\
+    strlcpy(tmp, *buf, len + 1);\
    free(*buf);\
    *buf = tmp;\
 } while (0)
@ -1224,7 +1224,7 @@ dln_load(const char *file)
    /* Load the file as an object one */
    init_funcname(&buf, file);

-    strcpy(winfile, file);
+    strlcpy(winfile, file, sizeof(winfile));

    /* Load file */
    if ((handle = LoadLibrary(winfile)) == NULL) {
@ -1669,7 +1669,7 @@ dln_find_1(const char *fname, const char *path, char *fbuf, size_t size,
 		    fprintf(stderr, "\tFile \"%s%s\"\n", fname, extension[j]);
 		    continue;
 		}
-		strcpy(bp + i, extension[j]);
+		strlcpy(bp + i, extension[j], fspace);
 		if (stat(fbuf, &st) == 0)
 		    return fbuf;
 	    }
--- a/parse.y
+++ b/parse.y
@ -881,10 +881,10 @@ stmt		: keyword_alias fitem {lex_state = EXPR_FNAME;} fitem
 		| keyword_alias tGVAR tBACK_REF
 		    {
 		    /*%%%*/
-			char buf[3];
-
-			sprintf(buf, "$%c", (char)$3->nd_nth);
-			$$ = NEW_VALIAS($2, rb_intern(buf));
+			char buf[2];
+			buf[0] = '$';
+			buf[1] = (char)$3->nd_nth;
+			$$ = NEW_VALIAS($2, rb_intern2(buf, 2));
 		    /*%
 			$$ = dispatch2(var_alias, $2, $3);
 		    %*/
@ -7041,7 +7041,7 @@ parser_yylex(struct parser_params *parser)
 	    if (nondigit) {
 		char tmp[30];
 	      trailing_uc:
-		sprintf(tmp, "trailing `%c' in number", nondigit);
+		snprintf(tmp, sizeof(tmp), "trailing `%c' in number", nondigit);
 		yyerror(tmp);
 	    }
 	    if (is_float) {
@ -10011,9 +10011,9 @@ ripper_id2sym(ID id)
    char buf[8];

    if (id <= 256) {
-        buf[0] = id;
+        buf[0] = (char)id;
        buf[1] = '\0';
-        return ID2SYM(rb_intern(buf));
+        return ID2SYM(rb_intern2(buf, 1));
    }
    if ((name = keyword_id_to_str(id))) {
        return ID2SYM(rb_intern(name));
--- a/re.c
+++ b/re.c
@ -366,7 +366,7 @@ rb_reg_expr_str(VALUE str, const char *s, long len)
 	    else if (!rb_enc_isspace(c, enc)) {
 		char b[8];

-		sprintf(b, "\\x%02X", c);
+		snprintf(b, sizeof(b), "\\x%02X", c);
 		rb_str_buf_cat(str, b, 4);
 	    }
 	    else {
--- a/ruby.c
+++ b/ruby.c
@ -379,7 +379,7 @@ ruby_init_loadpath_safe(int safe_level)
 	}
    }
    else {
-	strcpy(libpath, ".");
+	strlcpy(libpath, ".", sizeof(libpath));
 	p = libpath + 1;
    }

@ -522,15 +522,16 @@ moreswitches(const char *s, struct cmdline_options *opt, int envopt)
    char **argv, *p;
    const char *ap = 0;
    VALUE argstr, argary;
+    int len;

    while (ISSPACE(*s)) s++;
    if (!*s) return;
-    argstr = rb_str_tmp_new(strlen(s) + 2);
+    argstr = rb_str_tmp_new((len = strlen(s)) + 2);
    argary = rb_str_tmp_new(0);

    p = RSTRING_PTR(argstr);
    *p++ = ' ';
-    strcpy(p, s);
+    memcpy(p, s, len + 1);
    ap = 0;
    rb_str_cat(argary, (char *)&ap, sizeof(ap));
    while (*p) {
--- a/sprintf.c
+++ b/sprintf.c
@ -988,7 +988,7 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt)
 			    buf[blen++] = '+';
 			else if (flags & FSPACE)
 			    blen++;
-			strncpy(&buf[blen], expr, strlen(expr));
+			memcpy(&buf[blen], expr, strlen(expr));
 		    }
 		    else {
 			if (!isnan(fval) && fval < 0.0)
@ -997,7 +997,7 @@ rb_str_format(int argc, const VALUE *argv, VALUE fmt)
 			    buf[blen + need - strlen(expr) - 1] = '+';
 			else if ((flags & FSPACE) && need > width)
 			    blen++;
-			strncpy(&buf[blen + need - strlen(expr)], expr,
+			memcpy(&buf[blen + need - strlen(expr)], expr,
 			       strlen(expr));
 		    }
 		    blen += strlen(&buf[blen]);
--- a/strftime.c
+++ b/strftime.c
@ -243,7 +243,7 @@ rb_strftime(char *s, size_t maxsize, const char *format, const struct tm *timept
 			savetz = (char *) malloc(tzlen + 1);
 			if (savetz != NULL) {
 				savetzlen = tzlen + 1;
-				strcpy(savetz, tz);
+				memcpy(savetz, tz, savetzlen);
 			}
 		}
 		tzset();
@ -256,10 +256,10 @@ rb_strftime(char *s, size_t maxsize, const char *format, const struct tm *timept
 			savetz = (char *) realloc(savetz, i);
 			if (savetz) {
 				savetzlen = i;
-				strcpy(savetz, tz);
+				memcpy(savetz, tz, i);
 			}
 		} else
-			strcpy(savetz, tz);
+			memcpy(savetz, tz, i);
 		tzset();
 	}
 #endif	/* POSIX_SEMANTICS */
--- a/string.c
+++ b/string.c
@ -4347,19 +4347,19 @@ rb_str_dump(VALUE str)
 		if (MBCLEN_CHARFOUND_P(n)) {
 		    int cc = rb_enc_codepoint(p-1, pend, enc);
 		    p += n;
-		    sprintf(q, "u{%x}", cc);
+		    snprintf(q, qend-q, "u{%x}", cc);
 		    q += strlen(q);
 		    continue;
 		}
 	    }
-	    sprintf(q, "x%02X", c);
+	    snprintf(q, qend-q, "x%02X", c);
 	    q += 3;
 	}
    }
    *q++ = '"';
    *q = '\0';
    if (!rb_enc_asciicompat(enc)) {
-	sprintf(q, ".force_encoding(\"%s\")", enc->name);
+	snprintf(q, qend-q, ".force_encoding(\"%s\")", enc->name);
 	enc = rb_ascii8bit_encoding();
    }
    OBJ_INFECT(result, str);
--- a/util.c
+++ b/util.c
@ -270,6 +270,7 @@ ruby_add_suffix(VALUE str, const char *suffix)
    char *s, *t, *p;
    long slen;
    char buf[1024];
+    char *const bufend = buf + sizeof(buf);

    if (RSTRING_LEN(str) > 1000)
        rb_fatal("Cannot do inplace edit on long filename (%ld characters)",
@ -300,7 +301,7 @@ ruby_add_suffix(VALUE str, const char *suffix)

    if (*suffix == '.') {        /* Style 1 */
        if (strEQ(ext, suffix)) goto fallback;
-	strcpy(p, suffix);
+	strlcpy(p, suffix, bufend - p);
    }
    else if (suffix[1] == '\0') {  /* Style 2 */
        if (extlen < 4) {
@ -317,7 +318,7 @@ ruby_add_suffix(VALUE str, const char *suffix)
 	    buf[7] = *suffix;
 	}
 	else goto fallback;
-	strcpy(p, ext);
+	strlcpy(p, ext, bufend - p);
    }
    else { /* Style 3:  Panic */
 fallback:
--- a/variable.c
+++ b/variable.c
@ -455,10 +455,11 @@ global_id(const char *name)

    if (name[0] == '$') id = rb_intern(name);
    else {
-	char *buf = ALLOCA_N(char, strlen(name)+2);
+	size_t len = strlen(name);
+	char *buf = ALLOCA_N(char, len+1);
 	buf[0] = '$';
-	strcpy(buf+1, name);
-	id = rb_intern(buf);
+	memcpy(buf+1, name, len);
+	id = rb_intern2(buf, len+1);
    }
    return id;
 }
@ -733,13 +734,14 @@ VALUE
 rb_f_global_variables(void)
 {
    VALUE ary = rb_ary_new();
-    char buf[4];
-    const char *s = "123456789";
+    char buf[2];
+    int i;

    st_foreach_safe(rb_global_tbl, gvar_i, ary);
-    while (*s) {
-	sprintf(buf, "$%c", *s++);
-	rb_ary_push(ary, ID2SYM(rb_intern(buf)));
+    buf[0] = '$';
+    for (i = 1; i <= 9; ++i) {
+	buf[1] = (char)(i + '0');
+	rb_ary_push(ary, ID2SYM(rb_intern2(buf, 2)));
    }
    return ary;
 }