office/antiword/use-snprintf.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

Description: Use snprintf
 Use snprintf() when converting dates to strings to make completely sure we
 can't overrun the buffer.
Author: Olly Betts <olly@survex.com>
Forwarded: no
Last-Update: 2018-11-29

--- antiword-0.37.orig/summary.c
+++ antiword-0.37/summary.c
@@ -729,7 +729,7 @@ szGetLastSaveDtm(void)
 	if (pTime == NULL) {
 		return NULL;
 	}
-	sprintf(szTime, "%04d-%02d-%02d",
+	snprintf(szTime, sizeof(szTime), "%04d-%02d-%02d",
 		pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday);
 	return szTime;
 } /* end of szGetLastSaveDtm */
@@ -750,7 +750,7 @@ szGetModDate(void)
 	if (pTime == NULL) {
 		return NULL;
 	}
-	sprintf(szTime, "D:%04d%02d%02d%02d%02d",
+	snprintf(szTime, sizeof(szTime), "D:%04d%02d%02d%02d%02d",
 		pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday,
 		pTime->tm_hour, pTime->tm_min);
 	return szTime;
@@ -772,7 +772,7 @@ szGetCreationDate(void)
 	if (pTime == NULL) {
 		return NULL;
 	}
-	sprintf(szTime, "D:%04d%02d%02d%02d%02d",
+	snprintf(szTime, sizeof(szTime), "D:%04d%02d%02d%02d%02d",
 		pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday,
 		pTime->tm_hour, pTime->tm_min);
 	return szTime;