Skip to content

Commit

Permalink
Replaced sprintf with safer snprintf
Browse files Browse the repository at this point in the history
  • Loading branch information
seanm committed Nov 11, 2023
1 parent c7e7286 commit 7e822fc
Show file tree
Hide file tree
Showing 13 changed files with 46 additions and 45 deletions.
8 changes: 4 additions & 4 deletions libsrc/hdf_convenience.c
Original file line number Diff line number Diff line change
Expand Up @@ -309,12 +309,12 @@ hdf_is_dimension_name(struct m2_file *file, const char *varnm)
* may not yet exist in the file.
*/
static hid_t
hdf_path_from_name(struct m2_file *file, const char *varnm, char *varpath)
hdf_path_from_name(struct m2_file *file, const char *varnm, char *varpath, size_t varpathlength)
{
if (!strcmp(varnm, MIimage) ||
!strcmp(varnm, MIimagemax) ||
!strcmp(varnm, MIimagemin)) {
sprintf(varpath, "/minc-2.0/image/%d/", file->resolution);
snprintf(varpath, varpathlength, "/minc-2.0/image/%d/", file->resolution);
}
else if (hdf_is_dimension_name(file, varnm)) {
strcpy(varpath, "/minc-2.0/dimensions/");
Expand Down Expand Up @@ -1102,7 +1102,7 @@ hdf_attput(int fd, int varid, const char *attnm, nc_type val_typ,
char temp[128];
unsigned int i;

sprintf(temp, "junkXXXX");
snprintf(temp, sizeof(temp), "junkXXXX");

new_type_id = H5Tcopy(var->ftyp_id);
if (new_type_id < 0) {
Expand Down Expand Up @@ -1295,7 +1295,7 @@ hdf_vardef(int fd, const char *varnm, nc_type vartype, int ndims,
return (MI_ERROR);
}

if (hdf_path_from_name(file, varnm, varpath) < 0) {
if (hdf_path_from_name(file, varnm, varpath, sizeof(varpath)) < 0) {
return (MI_ERROR);
}

Expand Down
2 changes: 1 addition & 1 deletion libsrc/netcdf_convenience.c
Original file line number Diff line number Diff line change
Expand Up @@ -257,7 +257,7 @@ PRIVATE int execute_decompress_command(char *command, const char *infile,
/* we now ignore header_only and always uncompress the whole
* file as the previous "header only" hack that used to work
* on MINC1 files doesn't work reliably with MINC2 */
(void) sprintf(whole_command, "exec %s %s > %s 2> /dev/null",
(void) snprintf(whole_command, sizeof(whole_command), "exec %s %s > %s 2> /dev/null",
command, infile, outfile);
status = system(whole_command);

Expand Down
6 changes: 3 additions & 3 deletions libsrc2/hyper.c
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ static int mirw_hyperslab_raw(int opcode,
return MI_LOG_ERROR(MI2_MSG_GENERIC,"Trying to write to a volume thumbnail");
}

sprintf(path, MI_ROOT_PATH "/image/%d/image", volume->selected_resolution);
snprintf(path, sizeof(path), MI_ROOT_PATH "/image/%d/image", volume->selected_resolution);
/*printf("Using:%s\n",path);*/

/* Open the dataset with the specified path
Expand Down Expand Up @@ -411,7 +411,7 @@ static int mirw_hyperslab_icv(int opcode,
return MI_LOG_ERROR(MI2_MSG_GENERIC,"Trying to write to a volume thumbnail");
}

sprintf(path, MI_ROOT_PATH "/image/%d/image", volume->selected_resolution);
snprintf(path, sizeof(path), MI_ROOT_PATH "/image/%d/image", volume->selected_resolution);
/*printf("Using:%s\n",path);*/

/* Open the dataset with the specified path
Expand Down Expand Up @@ -895,7 +895,7 @@ static int mirw_hyperslab_normalized(int opcode,
return (MI_ERROR);
}

sprintf(path, MI_ROOT_PATH "/image/%d/image", volume->selected_resolution);
snprintf(path, sizeof(path), MI_ROOT_PATH "/image/%d/image", volume->selected_resolution);

/* Open the dataset with the specified path
*/
Expand Down
10 changes: 5 additions & 5 deletions libsrc2/m2util.c
Original file line number Diff line number Diff line change
Expand Up @@ -1447,7 +1447,7 @@ int minc_create_thumbnail ( mihandle_t volume, int grp )
return ( MI_ERROR );
}

sprintf ( path, MI_ROOT_PATH "/image/%d", grp );
snprintf ( path, sizeof(path), MI_ROOT_PATH "/image/%d", grp );
grp_id = H5Gcreate2 ( volume->hdf_id, path, H5P_DEFAULT, H5P_DEFAULT, H5P_DEFAULT );

if ( grp_id < 0 ) {
Expand Down Expand Up @@ -1691,7 +1691,7 @@ minc_update_thumbnail ( mihandle_t volume, hid_t loc_id, int igrp, int ogrp )

/* Open the input path.
*/
sprintf ( path, "%d/image", igrp );
snprintf ( path, sizeof(path), "%d/image", igrp );
idst_id = H5Dopen1 ( loc_id, path );

if ( idst_id < 0 ) {
Expand Down Expand Up @@ -1727,7 +1727,7 @@ minc_update_thumbnail ( mihandle_t volume, hid_t loc_id, int igrp, int ogrp )
*/
ofspc_id = H5Screate_simple ( ndims, osize, NULL );

sprintf ( path, "%d/image", ogrp );
snprintf ( path, sizeof(path), "%d/image", ogrp );

H5E_BEGIN_TRY {
odst_id = H5Dcreate1 ( loc_id, path, typ_id, ofspc_id, H5P_DEFAULT );
Expand All @@ -1753,7 +1753,7 @@ minc_update_thumbnail ( mihandle_t volume, hid_t loc_id, int igrp, int ogrp )
/* Create a simple scalar dataspace. */
tmspc_id = H5Screate ( H5S_SCALAR );

sprintf ( path, "%d/image-max", ogrp );
snprintf ( path, sizeof(path), "%d/image-max", ogrp );
H5E_BEGIN_TRY {
omax_id = H5Dcreate1 ( loc_id, path, H5T_IEEE_F64LE, tfspc_id,
H5P_DEFAULT );
Expand All @@ -1763,7 +1763,7 @@ minc_update_thumbnail ( mihandle_t volume, hid_t loc_id, int igrp, int ogrp )
omax_id = H5Dopen1 ( loc_id, path );
}

sprintf ( path, "%d/image-min", ogrp );
snprintf ( path, sizeof(path), "%d/image-min", ogrp );
H5E_BEGIN_TRY {
omin_id = H5Dcreate1 ( loc_id, path, H5T_IEEE_F64LE, tfspc_id,
H5P_DEFAULT );
Expand Down
6 changes: 3 additions & 3 deletions libsrc2/volprops.c
Original file line number Diff line number Diff line change
Expand Up @@ -269,20 +269,20 @@ int miselect_resolution(mihandle_t volume, int depth)
if (volume->image_id >= 0) {
H5Dclose(volume->image_id);
}
sprintf(path, "%d/image", depth);
snprintf(path, sizeof(path), "%d/image", depth);
volume->image_id = H5Dopen1(grp_id, path);

if (volume->volume_class == MI_CLASS_REAL) {
if (volume->imax_id >= 0) {
H5Dclose(volume->imax_id);
}
sprintf(path, "%d/image-max", depth);
snprintf(path, sizeof(path), "%d/image-max", depth);
volume->imax_id = H5Dopen1(grp_id, path);

if (volume->imin_id >= 0) {
H5Dclose(volume->imin_id);
}
sprintf(path, "%d/image-min", depth);
snprintf(path, sizeof(path), "%d/image-min", depth);
volume->imin_id = H5Dopen1(grp_id, path);
}
return (MI_NOERROR);
Expand Down
10 changes: 5 additions & 5 deletions libsrc2/volume.c
Original file line number Diff line number Diff line change
Expand Up @@ -1056,7 +1056,7 @@ int miget_volume_voxel_count(mihandle_t volume, misize_t *number_of_voxels)
/* Quickest way to do this is with the dataspace identifier of the
* volume. Use the volume's current resolution.
*/
sprintf(path, MI_ROOT_PATH "/image/%d/image", volume->selected_resolution);
snprintf(path, sizeof(path), MI_ROOT_PATH "/image/%d/image", volume->selected_resolution);
/* Open the dataset with the specified path
*/
MI_CHECK_HDF_CALL_RET(dset_id = H5Dopen1(volume->hdf_id, path),"H5Dopen1");
Expand Down Expand Up @@ -1166,7 +1166,7 @@ static int _miget_irregular_spacing(mihandle_t hvol, midimhandle_t hdim)
char path[MI2_CHAR_LENGTH];
hssize_t n_points;

sprintf(path, MI_ROOT_PATH "/dimensions/%s", hdim->name);
snprintf(path, sizeof(path),MI_ROOT_PATH "/dimensions/%s", hdim->name);
MI_CHECK_HDF_CALL_RET(dset_id = H5Dopen1(hvol->hdf_id, path),"H5Dopen1");
MI_CHECK_HDF_CALL_RET(dspc_id = H5Dget_space(dset_id), "H5Dget_space");

Expand All @@ -1184,13 +1184,13 @@ static int _miget_irregular_spacing(mihandle_t hvol, midimhandle_t hdim)
hdim->offsets), "H5Dread")

H5Dclose(dset_id);
sprintf(path, MI_ROOT_PATH "/dimensions/%s-width", hdim->name);
snprintf(path, sizeof(path),MI_ROOT_PATH "/dimensions/%s-width", hdim->name);
dset_id = H5Dopen1(hvol->hdf_id, path);
if (dset_id < 0) {
/* Unfortunately, the emulation library in MINC1 puts this variable
* in the wrong place.
*/
sprintf(path, MI_ROOT_PATH "/info/%s-width", hdim->name);
snprintf(path, sizeof(path), MI_ROOT_PATH "/info/%s-width", hdim->name);
dset_id = H5Dopen1(hvol->hdf_id, path);
if (dset_id < 0) {
return 0;
Expand All @@ -1217,7 +1217,7 @@ static int _miget_file_dimension(mihandle_t volume, const char *dimname,
unsigned int len;

/* Create a path with the dimension name */
sprintf(path, MI_ROOT_PATH "/dimensions/%s", dimname);
snprintf(path, sizeof(path), MI_ROOT_PATH "/dimensions/%s", dimname);
/* Allocate space for the dimension handle */
hdim = (midimhandle_t) malloc(sizeof (*hdim));
/* Initialize everything to zero */
Expand Down
2 changes: 1 addition & 1 deletion testdir/minc2-m2stats.c
Original file line number Diff line number Diff line change
Expand Up @@ -755,7 +755,7 @@ int main(int argc, char *argv[])
if(All || PctT) {
char str[100];

(void)sprintf(str, "PctT [%3d%%]: ", (int)(pctT * 100));
(void)snprintf(str, sizeof(str), "PctT [%3d%%]: ", (int)(pctT * 100));
print_result(str, stats->pct_T);
}
if(All || Entropy) {
Expand Down
22 changes: 11 additions & 11 deletions testdir/nifti_test.c
Original file line number Diff line number Diff line change
Expand Up @@ -206,13 +206,13 @@ int main (int argc, char *argv[])
*/
{
static char ext[] = "THIS IS A TEST";
sprintf(buf,"nifti_add_extension %s",write_image_filename[filenameindex]);
snprintf(buf,sizeof(buf),"nifti_add_extension %s",write_image_filename[filenameindex]);
PrintTest(buf,
nifti_add_extension(reference_image,
ext,sizeof(ext),
NIFTI_ECODE_COMMENT) == -1,
NIFTITEST_FALSE,&Errors);
sprintf(buf,"valid_nifti_extension %s",write_image_filename[filenameindex]);
snprintf(buf,sizeof(buf),"valid_nifti_extension %s",write_image_filename[filenameindex]);
PrintTest("valid_nifti_extensions",
valid_nifti_extensions(reference_image) == 0,
NIFTITEST_FALSE,&Errors);
Expand Down Expand Up @@ -253,7 +253,7 @@ int main (int argc, char *argv[])
* fails to find one in a '.nii' or '.nii.gz' file.
*/
int result = valid_nifti_extensions(reloaded_image);
sprintf(buf,"reload valid_nifti_extensions %s",write_image_filename[filenameindex]);
snprintf(buf,sizeof(buf),"reload valid_nifti_extensions %s",write_image_filename[filenameindex]);
PrintTest(buf,
CompressedTwoFile ? result != 0 : result == 0,
NIFTITEST_FALSE,&Errors);
Expand Down Expand Up @@ -299,7 +299,7 @@ int main (int argc, char *argv[])
NIFTITEST_FALSE,&Errors);
{
nifti_1_header x = nifti_convert_nim2nhdr(reference_image);
sprintf(buf,"nifti_hdr_looks_good %s",reference_image->fname);
snprintf(buf,sizeof(buf),"nifti_hdr_looks_good %s",reference_image->fname);
PrintTest(buf,
!nifti_hdr_looks_good(&x),
NIFTITEST_FALSE,&Errors);
Expand Down Expand Up @@ -441,7 +441,7 @@ int main (int argc, char *argv[])
#define nifti_datatype_test(constant,string) \
{ \
char buf[64]; \
sprintf(buf,"nifti_datatype_string %s",string); \
snprintf(buf,sizeof(buf),"nifti_datatype_string %s",string); \
PrintTest( \
buf, \
strcmp(nifti_datatype_string(constant),string) != 0, \
Expand All @@ -468,7 +468,7 @@ int main (int argc, char *argv[])
#define nifti_is_inttype_test(constant,rval) \
{ \
char buf[64]; \
sprintf(buf,"nifti_datatype_string %d",constant); \
snprintf(buf,sizeof(buf),"nifti_datatype_string %d",constant); \
PrintTest( \
buf, \
nifti_is_inttype(constant) != rval, \
Expand All @@ -495,7 +495,7 @@ int main (int argc, char *argv[])
#define nifti_units_string_test(constant,string) \
{ \
char buf[64]; \
sprintf(buf,"nifti_units_string_test %s",string); \
snprintf(buf,sizeof(buf),"nifti_units_string_test %s",string); \
PrintTest( \
buf, \
strcmp(nifti_units_string(constant),string) != 0, \
Expand All @@ -514,7 +514,7 @@ int main (int argc, char *argv[])
#define nifti_intent_string_test(constant,string) \
{ \
char buf[64]; \
sprintf(buf,"nifti_intent_string %s",string); \
snprintf(buf,sizeof(buf),"nifti_intent_string %s",string); \
PrintTest( \
buf, \
strcmp(nifti_intent_string(constant),string) != 0, \
Expand Down Expand Up @@ -560,7 +560,7 @@ int main (int argc, char *argv[])
#define nifti_slice_string_test(constant,string) \
{ \
char buf[64]; \
sprintf(buf,"nifti_slice_string_test %s",string); \
snprintf(buf,sizeof(buf),"nifti_slice_string_test %s",string); \
PrintTest( \
buf, \
strcmp(nifti_slice_string(constant),string) != 0, \
Expand All @@ -576,7 +576,7 @@ int main (int argc, char *argv[])
#define nifti_orientation_string_test(constant,string) \
{ \
char buf[64]; \
sprintf(buf,"nifti_orientation_string_test %s",string); \
snprintf(buf,sizeof(buf),"nifti_orientation_string_test %s",string); \
PrintTest( \
buf, \
strcmp(nifti_orientation_string(constant),string) != 0, \
Expand All @@ -595,7 +595,7 @@ int main (int argc, char *argv[])
int nbyper; \
int swapsize; \
char buf[64]; \
sprintf(buf,"nifti_datatype_sizes_test %d",constant); \
snprintf(buf,sizeof(buf),"nifti_datatype_sizes_test %d",constant); \
nifti_datatype_sizes(constant,&nbyper,&swapsize); \
PrintTest( \
buf, \
Expand Down
4 changes: 2 additions & 2 deletions testdir/vio_xfm_test/verify_xfm.c
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,10 @@ int main( int ac, char* av[] )
{
fprintf( stdout,"%.20lg,%.20lg,%.20lg,%.20lg,%.20lg,%.20lg,%.20lg,%.20lg,%.20lg\n",x,y,z,tx,ty,tz,ttx,tty,ttz);
} else {
sprintf(line_c,"Line:%d Fwd ",line);
snprintf(line_c,sizeof(line_c),"Line:%d Fwd ",line);
assert_equal_point( tx,ty,tz, a,b,c, line_c );

sprintf(line_c,"Line:%d Inv ",line);
snprintf(line_c,sizeof(line_c),"Line:%d Inv ",line);
assert_equal_point( ttx,tty,ttz, ta,tb,tc, line_c );
}

Expand Down
7 changes: 4 additions & 3 deletions volume_io/MNI_formats/gen_xf_io.c
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,7 @@ static void output_one_transform(
int i, c, trans;
VIO_Transform *lin_transform;
VIO_STR volume_filename, base_filename, prefix_filename;
size_t volume_filename_length;

switch( transform->type )
{
Expand Down Expand Up @@ -181,9 +182,9 @@ static void output_one_transform(
/*--- write out the volume filename to the transform file */
/* if( ! transform->displacement_volume_file )
{*/
volume_filename = alloc_string( string_length(prefix_filename) +
100 );
sprintf( volume_filename, "%s_grid_%d.mnc", prefix_filename,
volume_filename_length = string_length(prefix_filename) + 100;
volume_filename = alloc_string( volume_filename_length );
snprintf( volume_filename, volume_filename_length, "%s_grid_%d.mnc", prefix_filename,
*volume_count );

transform->displacement_volume_file = volume_filename;
Expand Down
8 changes: 4 additions & 4 deletions volume_io/Prog_utils/files.c
Original file line number Diff line number Diff line change
Expand Up @@ -304,12 +304,12 @@ static VIO_STR create_backup_filename(
{
if( count == 0 )
{
(void) sprintf( backup_filename, "%s.%s.bkp",
(void) snprintf( backup_filename, len, "%s.%s.bkp",
expanded, date );
}
else
{
(void) sprintf( backup_filename, "%s.%s.bkp_%d",
(void) snprintf( backup_filename, len, "%s.%s.bkp_%d",
expanded, date, count );
}

Expand Down Expand Up @@ -1012,13 +1012,13 @@ VIOAPI VIO_Status open_file(

tmp_name = get_temporary_filename();

(void) sprintf( command, "gunzip -c %s > %s", expanded, tmp_name );
(void) snprintf( command, sizeof(command), "gunzip -c %s > %s", expanded, tmp_name );
command_status = system( command );

/* Try again, using bzip2 */
if( command_status != 0 )
{
(void) sprintf( command, "bunzip2 -c %s > %s", expanded, tmp_name );
(void) snprintf( command, sizeof(command), "bunzip2 -c %s > %s", expanded, tmp_name );
command_status = system( command );
}

Expand Down
4 changes: 2 additions & 2 deletions volume_io/Prog_utils/print.c
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ VIOAPI void print( VIO_STR format, ... )
char print_buffer[VIO_EXTREMELY_LARGE_STRING_SIZE];

va_start( ap, format );
(void) vsprintf( print_buffer, format, ap );
(void) vsnprintf( print_buffer, sizeof(print_buffer), format, ap );
va_end( ap );

if( print_function[top_of_stack] == NULL )
Expand Down Expand Up @@ -219,7 +219,7 @@ VIOAPI void print_error( char format[], ... )
char print_buffer[VIO_EXTREMELY_LARGE_STRING_SIZE];

va_start( ap, format );
vsprintf( print_buffer, format, ap );
vsnprintf( print_buffer, sizeof(print_buffer), format, ap );
va_end( ap );

if( print_error_function[top_of_error_stack] == NULL )
Expand Down
2 changes: 1 addition & 1 deletion volume_io/Prog_utils/time.c
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,7 @@ VIOAPI VIO_STR format_time(

if( negative ) seconds = -seconds;

(void) sprintf( buffer, format, seconds, units[i] );
(void) snprintf( buffer, sizeof(buffer), format, seconds, units[i] );

return( create_string( buffer ) );
}
Expand Down

0 comments on commit 7e822fc

Please sign in to comment.