Use a more robust idiom When converting sprintf() to snprintf()

don't use the idiom

char foo[BUFSIZ];
snprintf(foo, BUFSIZ, ....);

but

char foo[BUFSIZ];
snprintf(foo, sizeo foo, ....);

because this will automatically catch situations where the size of foo
is later changed, e.g. like  foo[BUFSIZ + 8];

Fix another use of sprintf.

diff --git a/cde/programs/dtaction/Main.c b/cde/programs/dtaction/Main.c
index 13f2d24f1cade8134cd4a30227cec158333c8481..b06a9f99e265e4f6a0cf40b807749c623290373e 100644 (file)
--- a/cde/programs/dtaction/Main.c
+++ b/cde/programs/dtaction/Main.c
@@ -898,7 +898,7 @@ GetUserPrompt( void )
    XmString cancelLabel;
    XmString okLabel;
 
-   snprintf(prompt, BUFSIZ, (GETMESSAGE(1,5, "Enter password for user %s:")), 
+   snprintf(prompt, sizeof prompt, (GETMESSAGE(1,5, "Enter password for user %s:")), 
             appArgs.user);
    xmString = XmStringCreateLocalized(prompt);
    xmString2 =XmStringCreateLocalized(GETMESSAGE(1,6, "Action Invoker - Password"));

diff --git a/cde/programs/dtterm/util/logger.c b/cde/programs/dtterm/util/logger.c
index e7b43eeea448a19999c8be019ddfe46b7e8623b5..0f51669d4d1d6db2c4fc54bd8523edb6f3f1462c 100644 (file)
--- a/cde/programs/dtterm/util/logger.c
+++ b/cde/programs/dtterm/util/logger.c
@@ -146,7 +146,7 @@ logStartStop(char *progName, int logfd, int start)
     /* remove the trailing '\n'... */
     tstring[strlen(tstring) - 1] = '\0';
 
-    (void) sprintf(buffer, "%s: %s %s\n",
+    (void) snprintf(buffer, sizeof buffer, "%s: %s %s\n",
            (savedProgName && *savedProgName) ? savedProgName : "logger",
            start ? "starting" : "terminating",
            tstring);