From 915a3d5b7be87a66bc3c3e1652c596658962e6a1 Mon Sep 17 00:00:00 2001 From: Mark Adler Date: Tue, 6 Feb 2024 14:27:50 -0800 Subject: [PATCH] Avoid use of snprintf() in test/minigzip.c. It was being used only as a safe version of strcpy(). Instead, use a safe alternative to strcpy(). --- test/minigzip.c | 56 ++++++++++++++++++++++++------------------------- 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/test/minigzip.c b/test/minigzip.c index 974a98d52..aa787fc1f 100644 --- a/test/minigzip.c +++ b/test/minigzip.c @@ -44,10 +44,6 @@ # define SET_BINARY_MODE(file) #endif -#if defined(_MSC_VER) && _MSC_VER < 1900 -# define snprintf _snprintf -#endif - #ifdef VMS # define unlink delete # define GZ_SUFFIX "-gz" @@ -148,6 +144,25 @@ static void pwinerror (s) # define local #endif +/* =========================================================================== + * Safe string copy. Copy up to len bytes from src to dst, if src terminates + * with a null by then. If not, copy len-1 bytes from src, terminating it with + * a null in dst[len-1], cutting src short. Return a pointer to the terminating + * null. If len is zero, nothing is written to *dst and NULL is returned. + */ +static char *string_copy(char *dst, char const *src, z_size_t len) { + if (len == 0) + return NULL; + while (--len) { + *dst = *src++; + if (*dst == 0) + return dst; + dst++; + } + *dst = 0; + return dst; +} + #ifdef Z_SOLO /* for Z_SOLO, create simplified gz* functions using deflate and inflate */ @@ -397,7 +412,7 @@ static void gz_uncompress(gzFile in, FILE *out) { * original. */ static void file_compress(char *file, char *mode) { - local char outfile[MAX_NAME_LEN]; + local char outfile[MAX_NAME_LEN+1], *end; FILE *in; gzFile out; @@ -406,12 +421,8 @@ static void file_compress(char *file, char *mode) { exit(1); } -#if !defined(NO_snprintf) && !defined(NO_vsnprintf) - snprintf(outfile, sizeof(outfile), "%s%s", file, GZ_SUFFIX); -#else - strcpy(outfile, file); - strcat(outfile, GZ_SUFFIX); -#endif + end = string_copy(outfile, file, sizeof(outfile)); + string_copy(end, GZ_SUFFIX, (outfile + sizeof(outfile)) - end); in = fopen(file, "rb"); if (in == NULL) { @@ -433,7 +444,7 @@ static void file_compress(char *file, char *mode) { * Uncompress the given file and remove the original. */ static void file_uncompress(char *file) { - local char buf[MAX_NAME_LEN]; + local char buf[MAX_NAME_LEN+1]; char *infile, *outfile; FILE *out; gzFile in; @@ -444,11 +455,7 @@ static void file_uncompress(char *file) { exit(1); } -#if !defined(NO_snprintf) && !defined(NO_vsnprintf) - snprintf(buf, sizeof(buf), "%s", file); -#else - strcpy(buf, file); -#endif + string_copy(buf, file, sizeof(buf)); if (len > SUFFIX_LEN && strcmp(file+len-SUFFIX_LEN, GZ_SUFFIX) == 0) { infile = file; @@ -457,11 +464,7 @@ static void file_uncompress(char *file) { } else { outfile = file; infile = buf; -#if !defined(NO_snprintf) && !defined(NO_vsnprintf) - snprintf(buf + len, sizeof(buf) - len, "%s", GZ_SUFFIX); -#else - strcat(infile, GZ_SUFFIX); -#endif + string_copy(buf + len, GZ_SUFFIX, sizeof(buf) - len); } in = gzopen(infile, "rb"); if (in == NULL) { @@ -494,14 +497,9 @@ int main(int argc, char *argv[]) { int copyout = 0; int uncompr = 0; gzFile file; - char *bname, outmode[20]; - -#if !defined(NO_snprintf) && !defined(NO_vsnprintf) - snprintf(outmode, sizeof(outmode), "%s", "wb6 "); -#else - strcpy(outmode, "wb6 "); -#endif + char *bname, outmode[5]; + string_copy(outmode, "wb6 ", sizeof(outmode)); prog = argv[0]; bname = strrchr(argv[0], '/'); if (bname)