1 files changed, 36 insertions, 0 deletions

diff --git a/office/antiword/use-snprintf.patch b/office/antiword/use-snprintf.patch
new file mode 100644
index 0000000000000..b0787fb27a01e
--- /dev/null
+++ b/office/antiword/use-snprintf.patch
@@ -0,0 +1,36 @@
+Description: Use snprintf
+ Use snprintf() when converting dates to strings to make completely sure we
+ can't overrun the buffer.
+Author: Olly Betts <olly@survex.com>
+Forwarded: no
+Last-Update: 2018-11-29
+
+--- antiword-0.37.orig/summary.c
++++ antiword-0.37/summary.c
+@@ -729,7 +729,7 @@ szGetLastSaveDtm(void)
+ 	if (pTime == NULL) {
+ 		return NULL;
+ 	}
+-	sprintf(szTime, "%04d-%02d-%02d",
++	snprintf(szTime, sizeof(szTime), "%04d-%02d-%02d",
+ 		pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday);
+ 	return szTime;
+ } /* end of szGetLastSaveDtm */
+@@ -750,7 +750,7 @@ szGetModDate(void)
+ 	if (pTime == NULL) {
+ 		return NULL;
+ 	}
+-	sprintf(szTime, "D:%04d%02d%02d%02d%02d",
++	snprintf(szTime, sizeof(szTime), "D:%04d%02d%02d%02d%02d",
+ 		pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday,
+ 		pTime->tm_hour, pTime->tm_min);
+ 	return szTime;
+@@ -772,7 +772,7 @@ szGetCreationDate(void)
+ 	if (pTime == NULL) {
+ 		return NULL;
+ 	}
+-	sprintf(szTime, "D:%04d%02d%02d%02d%02d",
++	snprintf(szTime, sizeof(szTime), "D:%04d%02d%02d%02d%02d",
+ 		pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday,
+ 		pTime->tm_hour, pTime->tm_min);
+ 	return szTime;