diff --git a/src/execplugin/execplugin.c b/src/execplugin/execplugin.c index 0d2c447..6e1f9b9 100644 --- a/src/execplugin/execplugin.c +++ b/src/execplugin/execplugin.c @@ -882,22 +882,22 @@ gboolean read_execp(void *obj) return FALSE; } -const char *time_to_string(int seconds, char *buffer) +const char *time_to_string(int seconds, char *buffer, size_t buffer_size) { if (seconds < 60) { - sprintf(buffer, "%ds", seconds); + snprintf(buffer, buffer_size, "%ds", seconds); } else if (seconds < 60 * 60) { int m = seconds / 60; seconds = seconds % 60; int s = seconds; - sprintf(buffer, "%d:%ds", m, s); + snprintf(buffer, buffer_size, "%d:%ds", m, s); } else { int h = seconds / (60 * 60); seconds = seconds % (60 * 60); int m = seconds / 60; seconds = seconds % 60; int s = seconds; - sprintf(buffer, "%d:%d:%ds", h, m, s); + snprintf(buffer, buffer_size, "%d:%d:%ds", h, m, s); } return buffer; } @@ -923,35 +923,39 @@ char *execp_get_tooltip(void *obj) if (execp->backend->last_update_finish_time) { // We updated at least once if (execp->backend->interval > 0) { - sprintf(execp->backend->tooltip_text, - "Last update finished %s ago (took %s). Next update starting in %s.", - time_to_string((int)(now - execp->backend->last_update_finish_time), tmp_buf1), - time_to_string((int)execp->backend->last_update_duration, tmp_buf2), - time_to_string((int)(execp->backend->interval - (now - execp->backend->last_update_finish_time)), - tmp_buf3)); + snprintf(execp->backend->tooltip_text, + sizeof(execp->backend->tooltip_text), + "Last update finished %s ago (took %s). Next update starting in %s.", + time_to_string((int)(now - execp->backend->last_update_finish_time), tmp_buf1, sizeof(tmp_buf1)), + time_to_string((int)execp->backend->last_update_duration, tmp_buf2, sizeof(tmp_buf2)), + time_to_string((int)(execp->backend->interval - (now - execp->backend->last_update_finish_time)), + tmp_buf3, sizeof(tmp_buf3))); } else { - sprintf(execp->backend->tooltip_text, - "Last update finished %s ago (took %s).", - time_to_string((int)(now - execp->backend->last_update_finish_time), tmp_buf1), - time_to_string((int)execp->backend->last_update_duration, tmp_buf2)); + snprintf(execp->backend->tooltip_text, + sizeof(execp->backend->tooltip_text), + "Last update finished %s ago (took %s).", + time_to_string((int)(now - execp->backend->last_update_finish_time), tmp_buf1, sizeof(tmp_buf1)), + time_to_string((int)execp->backend->last_update_duration, tmp_buf2, sizeof(tmp_buf2))); } } else { // we never requested an update - sprintf(execp->backend->tooltip_text, "Never updated. No update scheduled."); + snprintf(execp->backend->tooltip_text, sizeof(execp->backend->tooltip_text), "Never updated. No update scheduled."); } } else { // Currently executing command if (execp->backend->last_update_finish_time) { // we finished updating at least once - sprintf(execp->backend->tooltip_text, - "Last update finished %s ago. Update in progress (started %s ago).", - time_to_string((int)(now - execp->backend->last_update_finish_time), tmp_buf1), - time_to_string((int)(now - execp->backend->last_update_start_time), tmp_buf3)); + snprintf(execp->backend->tooltip_text, + sizeof(execp->backend->tooltip_text), + "Last update finished %s ago. Update in progress (started %s ago).", + time_to_string((int)(now - execp->backend->last_update_finish_time), tmp_buf1, sizeof(tmp_buf1)), + time_to_string((int)(now - execp->backend->last_update_start_time), tmp_buf3, sizeof(tmp_buf3))); } else { // we never finished an update - sprintf(execp->backend->tooltip_text, - "First update in progress (started %s seconds ago).", - time_to_string((int)(now - execp->backend->last_update_start_time), tmp_buf1)); + snprintf(execp->backend->tooltip_text, + sizeof(execp->backend->tooltip_text), + "First update in progress (started %s seconds ago).", + time_to_string((int)(now - execp->backend->last_update_start_time), tmp_buf1, sizeof(tmp_buf1))); } } return strdup(execp->backend->tooltip_text); diff --git a/src/launcher/apps-common.c b/src/launcher/apps-common.c index 7acfc31..3508eac 100644 --- a/src/launcher/apps-common.c +++ b/src/launcher/apps-common.c @@ -60,9 +60,9 @@ void expand_exec(DesktopEntry *entry, const char *path) // %c -> Name // %k -> path if (entry->exec) { - char *exec2 = calloc(strlen(entry->exec) + (entry->name ? strlen(entry->name) : 1) + - (entry->icon ? strlen(entry->icon) : 1) + 100, - 1); + size_t buf_size = strlen(entry->exec) + (entry->name ? strlen(entry->name) : 1) + + (entry->icon ? strlen(entry->icon) : 1) + 100; + char *exec2 = calloc(buf_size, 1); char *p, *q; // p will never point to an escaped char for (p = entry->exec, q = exec2; *p; p++, q++) { @@ -82,23 +82,30 @@ void expand_exec(DesktopEntry *entry, const char *path) if (!*p) break; if (*p == 'i' && entry->icon != NULL) { - sprintf(q, "--icon '%s'", entry->icon); + snprintf(q, buf_size, "--icon '%s'", entry->icon); + char *old = q; q += strlen("--icon ''"); q += strlen(entry->icon); + buf_size -= (size_t)(q - old); q--; // To balance the q++ in the for } else if (*p == 'c' && entry->name != NULL) { - sprintf(q, "'%s'", entry->name); + snprintf(q, buf_size, "'%s'", entry->name); + char *old = q; q += strlen("''"); q += strlen(entry->name); + buf_size -= (size_t)(q - old); q--; // To balance the q++ in the for } else if (*p == 'c') { - sprintf(q, "'%s'", path); + snprintf(q, buf_size, "'%s'", path); + char *old = q; q += strlen("''"); q += strlen(path); + buf_size -= (size_t)(q - old); q--; // To balance the q++ in the for } else if (*p == 'f' || *p == 'F') { - sprintf(q, "%c%c", '%', *p); + snprintf(q, buf_size, "%c%c", '%', *p); q += 2; + buf_size -= 2; q--; // To balance the q++ in the for } else { // We don't care about other expansions diff --git a/src/launcher/icon-theme-common.c b/src/launcher/icon-theme-common.c index a43058c..acd184a 100644 --- a/src/launcher/icon-theme-common.c +++ b/src/launcher/icon-theme-common.c @@ -621,7 +621,7 @@ char *get_icon_path_helper(GSList *themes, const char *icon_name, int size) } file_name[0] = 0; // filename = directory/$(themename)/subdirectory/iconname.extension - sprintf(file_name, "%s/%s/%s/%s%s", base_name, theme_name, dir_name, icon_name, extension); + snprintf(file_name, (size_t)file_name_size, "%s/%s/%s/%s%s", base_name, theme_name, dir_name, icon_name, extension); if (debug_icons) fprintf(stderr, "tint2: Checking %s\n", file_name); if (g_file_test(file_name, G_FILE_TEST_EXISTS)) { @@ -679,9 +679,10 @@ char *get_icon_path_helper(GSList *themes, const char *icon_name, int size) for (GSList *ext = extensions; ext; ext = g_slist_next(ext)) { char *base_name = (char *)base->data; char *extension = (char *)ext->data; - file_name = calloc(strlen(base_name) + strlen(icon_name) + strlen(extension) + 100, 1); + size_t file_name_size = strlen(base_name) + strlen(icon_name) + strlen(extension) + 100; + file_name = calloc(file_name_size, 1); // filename = directory/iconname.extension - sprintf(file_name, "%s/%s%s", base_name, icon_name, extension); + snprintf(file_name, file_name_size, "%s/%s%s", base_name, icon_name, extension); if (debug_icons) fprintf(stderr, "tint2: Checking %s\n", file_name); if (g_file_test(file_name, G_FILE_TEST_EXISTS)) { diff --git a/src/launcher/launcher.c b/src/launcher/launcher.c index 8e9ae29..3d8b739 100644 --- a/src/launcher/launcher.c +++ b/src/launcher/launcher.c @@ -470,7 +470,7 @@ void launcher_load_icons(Launcher *launcher) launcherIcon->area.size_mode = LAYOUT_FIXED; launcherIcon->area._resize = NULL; launcherIcon->area._compute_desired_size = launcher_icon_compute_desired_size; - sprintf(launcherIcon->area.name, "LauncherIcon %d", index); + snprintf(launcherIcon->area.name, sizeof(launcherIcon->area.name), "LauncherIcon %d", index); launcherIcon->area.resize_needed = 0; launcherIcon->area.has_mouse_over_effect = panel_config.mouse_effects; launcherIcon->area.has_mouse_press_effect = launcherIcon->area.has_mouse_over_effect; diff --git a/src/main.c b/src/main.c index b1feb47..0641266 100644 --- a/src/main.c +++ b/src/main.c @@ -723,7 +723,7 @@ void handle_panel_refresh() if (debug_frames) { for (int i = 0; i < num_panels; i++) { char path[256]; - sprintf(path, "tint2-%d-panel-%d-frame-%d.png", getpid(), i, frame); + snprintf(path, sizeof(path), "tint2-%d-panel-%d-frame-%d.png", getpid(), i, frame); save_panel_screenshot(&panels[i], path); } } diff --git a/src/tint2conf/properties.c b/src/tint2conf/properties.c index 2c63a11..33a67b7 100644 --- a/src/tint2conf/properties.c +++ b/src/tint2conf/properties.c @@ -1312,19 +1312,19 @@ void set_panel_items(const char *items) } else if (v == ':') { separator_index++; buffer[0] = 0; - sprintf(buffer, "%s %d", _("Separator"), separator_index + 1); + snprintf(buffer, sizeof(buffer), "%s %d", _("Separator"), separator_index + 1); name = buffer; value = ":"; } else if (v == 'E') { execp_index++; buffer[0] = 0; - sprintf(buffer, "%s %d", _("Executor"), execp_index + 1); + snprintf(buffer, sizeof(buffer), "%s %d", _("Executor"), execp_index + 1); name = buffer; value = "E"; } else if (v == 'P') { button_index++; buffer[0] = 0; - sprintf(buffer, "%s %d", _("Button"), button_index + 1); + snprintf(buffer, sizeof(buffer), "%s %d", _("Button"), button_index + 1); name = buffer; value = "P"; } else { @@ -4097,7 +4097,7 @@ void create_separator(GtkWidget *notebook, int i) Separator *separator = &g_array_index(separators, Separator, i); separator->name[0] = 0; - sprintf(separator->name, "%s %d", _("Separator"), i + 1); + snprintf(separator->name, sizeof(separator->name), "%s %d", _("Separator"), i + 1); separator->page_label = gtk_label_new(separator->name); gtk_widget_show(separator->page_label); separator->page_separator = gtk_vbox_new(FALSE, DEFAULT_HOR_SPACING); @@ -4223,7 +4223,7 @@ void create_execp(GtkWidget *notebook, int i) Executor *executor = &g_array_index(executors, Executor, i); executor->name[0] = 0; - sprintf(executor->name, "%s %d", _("Executor"), i + 1); + snprintf(executor->name, sizeof(executor->name), "%s %d", _("Executor"), i + 1); executor->page_label = gtk_label_new(executor->name); gtk_widget_show(executor->page_label); executor->page_execp = gtk_vbox_new(FALSE, DEFAULT_HOR_SPACING); @@ -4644,7 +4644,7 @@ void create_button(GtkWidget *notebook, int i) Button *button = &g_array_index(buttons, Button, i); button->name[0] = 0; - sprintf(button->name, "%s %d", _("Button"), i + 1); + snprintf(button->name, sizeof(button->name), "%s %d", _("Button"), i + 1); button->page_label = gtk_label_new(button->name); gtk_widget_show(button->page_label); button->page_button = gtk_vbox_new(FALSE, DEFAULT_HOR_SPACING); @@ -5033,7 +5033,7 @@ void separator_update_indices() { for (int i = 0; i < separators->len; i++) { Separator *separator = &g_array_index(separators, Separator, i); - sprintf(separator->name, "%s %d", _("Separator"), i + 1); + snprintf(separator->name, sizeof(separator->name), "%s %d", _("Separator"), i + 1); gtk_label_set_text(GTK_LABEL(separator->page_label), separator->name); } @@ -5051,7 +5051,7 @@ void separator_update_indices() separator_index++; char buffer[256]; buffer[0] = 0; - sprintf(buffer, "%s %d", _("Separator"), separator_index + 1); + snprintf(buffer, sizeof(buffer), "%s %d", _("Separator"), separator_index + 1); gtk_list_store_set(panel_items, &iter, itemsColName, buffer, -1); } @@ -5065,7 +5065,7 @@ void execp_update_indices() { for (int i = 0; i < executors->len; i++) { Executor *executor = &g_array_index(executors, Executor, i); - sprintf(executor->name, "%s %d", _("Executor"), i + 1); + snprintf(executor->name, sizeof(executor->name), "%s %d", _("Executor"), i + 1); gtk_label_set_text(GTK_LABEL(executor->page_label), executor->name); } @@ -5083,7 +5083,7 @@ void execp_update_indices() execp_index++; char buffer[256]; buffer[0] = 0; - sprintf(buffer, "%s %d", _("Executor"), execp_index + 1); + snprintf(buffer, sizeof(buffer), "%s %d", _("Executor"), execp_index + 1); gtk_list_store_set(panel_items, &iter, itemsColName, buffer, -1); } @@ -5097,7 +5097,7 @@ void button_update_indices() { for (int i = 0; i < buttons->len; i++) { Button *button = &g_array_index(buttons, Button, i); - sprintf(button->name, "%s %d", _("Button"), i + 1); + snprintf(button->name, sizeof(button->name), "%s %d", _("Button"), i + 1); gtk_label_set_text(GTK_LABEL(button->page_label), button->name); } @@ -5115,7 +5115,7 @@ void button_update_indices() button_index++; char buffer[256]; buffer[0] = 0; - sprintf(buffer, "%s %d", _("Button"), button_index + 1); + snprintf(buffer, sizeof(buffer), "%s %d", _("Button"), button_index + 1); gtk_list_store_set(panel_items, &iter, itemsColName, buffer, -1); } diff --git a/src/tint2conf/properties_rw.c b/src/tint2conf/properties_rw.c index 7454e94..7c0b95d 100644 --- a/src/tint2conf/properties_rw.c +++ b/src/tint2conf/properties_rw.c @@ -478,7 +478,7 @@ void config_write_task_font_color(FILE *fp, char *name, GtkWidget *task_color) GdkColor color; gtk_color_button_get_color(GTK_COLOR_BUTTON(task_color), &color); char full_name[128]; - sprintf(full_name, "task%s_font_color", name); + snprintf(full_name, sizeof(full_name), "task%s_font_color", name); config_write_color(fp, full_name, color, gtk_color_button_get_alpha(GTK_COLOR_BUTTON(task_color)) * 100 / 0xffff); } @@ -489,7 +489,7 @@ void config_write_task_icon_osb(FILE *fp, GtkWidget *widget_brightness) { char full_name[128]; - sprintf(full_name, "task%s_icon_asb", name); + snprintf(full_name, sizeof(full_name), "task%s_icon_asb", name); fprintf(fp, "%s = %d %d %d\n", full_name, @@ -501,7 +501,7 @@ void config_write_task_icon_osb(FILE *fp, void config_write_task_background(FILE *fp, char *name, GtkWidget *task_background) { char full_name[128]; - sprintf(full_name, "task%s_background_id", name); + snprintf(full_name, sizeof(full_name), "task%s_background_id", name); fprintf(fp, "%s = %d\n", full_name, gtk_combo_box_get_active(GTK_COMBO_BOX(task_background))); } diff --git a/src/util/common.c b/src/util/common.c index 80bcf13..614f0d7 100644 --- a/src/util/common.c +++ b/src/util/common.c @@ -191,7 +191,7 @@ const char *signal_name(int sig) return "SIGSYS: Bad system call."; } static char s[64]; - sprintf(s, "SIG=%d: Unknown", sig); + snprintf(s, sizeof(s), "SIG=%d: Unknown", sig); return s; } @@ -266,7 +266,7 @@ extern char *config_path; int setenvd(const char *name, const int value) { char buf[256]; - sprintf(buf, "%d", value); + snprintf(buf, sizeof(buf), "%d", value); return setenv(name, buf, 1); } @@ -793,7 +793,7 @@ Imlib_Image load_image(const char *path, int cached) } if (!image && g_str_has_suffix(path, ".svg")) { char tmp_filename[128]; - sprintf(tmp_filename, "/tmp/tint2-%d.png", (int)getpid()); + snprintf(tmp_filename, sizeof(tmp_filename), "/tmp/tint2-%d.png", (int)getpid()); int fd = open(tmp_filename, O_CREAT | O_EXCL, 0600); if (fd >= 0) { // We fork here because librsvg allocates memory like crazy diff --git a/src/util/tracing.c b/src/util/tracing.c index ecb4d79..aebe49f 100644 --- a/src/util/tracing.c +++ b/src/util/tracing.c @@ -49,8 +49,9 @@ char *addr2name(void *func) free(strings); return result; #else - char *result = (char*) calloc(32, 1); - sprintf(result, "%p", func); + const size_t buf_size = 32; + char *result = (char*) calloc(buf_size, 1); + snprintf(result, buf_size, "%p", func); return result; #endif }