Fix buffer overruns

git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@3846 9d0c8265-081b-0410-96cb-a4ca84ce46f8
author: giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> 2020-06-07 19:47:00 +0000
committer: giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> 2020-06-07 19:47:00 +0000
commit: f9fd97fee9930b2d750b83dc0798934c44031b7e (patch)
tree: c6a09f49e1f8c3a9bb98d1d802e18526ce20a15a /converter
parent: 576b0040048e92ac287b229877b605ab07d9eead (diff)
download: netpbm-mirror-f9fd97fee9930b2d750b83dc0798934c44031b7e.tar.gz
netpbm-mirror-f9fd97fee9930b2d750b83dc0798934c44031b7e.tar.xz
netpbm-mirror-f9fd97fee9930b2d750b83dc0798934c44031b7e.zip
5 files changed, 59 insertions, 26 deletions
diff --git a/converter/ppm/ppmtompeg/iframe.c b/converter/ppm/ppmtompeg/iframe.c
index 7552f413..66f5ea3b 100644
--- a/converter/ppm/ppmtompeg/iframe.c
+++ b/converter/ppm/ppmtompeg/iframe.c
@@ -51,6 +51,9 @@
 
 #include <sys/types.h>
 #include <sys/param.h>
+
+#include "netpbm/nstring.h"
+
 #include "all.h"
 #include "mtypes.h"
 #include "frames.h"
@@ -899,7 +902,7 @@ void
 WriteDecodedFrame(MpegFrame * const frame) {
 
     FILE * fpointer;
-    char   fileName[256];
+    const char * fileName;
     int    width, height;
     int    y;
 
@@ -909,7 +912,7 @@ WriteDecodedFrame(MpegFrame * const frame) {
     width = Fsize_x;
     height = Fsize_y;
 
-    sprintf(fileName, "%s.decoded.%d", outputFileName, frame->id);
+    pm_asprintf(&fileName, "%s.decoded.%d", outputFileName, frame->id);
 
     if (!realQuiet) {
         fprintf(stdout, "Outputting to %s\n", fileName);
@@ -931,6 +934,7 @@ WriteDecodedFrame(MpegFrame * const frame) {
     }
     fflush(fpointer);
     fclose(fpointer);
+    pm_strfree(fileName);
 }
 
 
diff --git a/converter/ppm/ppmtompeg/mpeg.c b/converter/ppm/ppmtompeg/mpeg.c
index cb014b32..e67eec1e 100644
--- a/converter/ppm/ppmtompeg/mpeg.c
+++ b/converter/ppm/ppmtompeg/mpeg.c
@@ -1668,14 +1668,14 @@ ReadDecodedRefFrame(MpegFrame *  const frameP,
                     unsigned int const frameNumber) {
 
     FILE    *fpointer;
-    char    fileName[256];
+    const char * fileName;
     int width, height;
     register int y;
 
     width = Fsize_x;
     height = Fsize_y;
 
-    sprintf(fileName, "%s.decoded.%u", outputFileName, frameNumber);
+    pm_asprintf(&fileName, "%s.decoded.%u", outputFileName, frameNumber);
     if (! realQuiet) {
         fprintf(stdout, "reading %s\n", fileName);
         fflush(stdout);
@@ -1715,6 +1715,7 @@ ReadDecodedRefFrame(MpegFrame *  const frameP,
             pm_message("Could not read enough bytes from '%s'", fileName);
     }
     fclose(fpointer);
+    pm_strfree(fileName);
 }
 
 
diff --git a/converter/ppm/ppmtompeg/opts.c b/converter/ppm/ppmtompeg/opts.c
index 60241667..6f5f9816 100644
--- a/converter/ppm/ppmtompeg/opts.c
+++ b/converter/ppm/ppmtompeg/opts.c
@@ -39,6 +39,9 @@
 #include <string.h>
 #include <stdlib.h>
 #include <math.h>
+
+#include "netpbm/nstring.h"
+
 #include "opts.h"
 #include "dct.h"
 
@@ -316,14 +319,22 @@ SetupWriteDistortions(const char * const charPtr)
       collect_distortion_detailed = TRUE;
       break;
     case 't': {
-      char scratch[256];
       collect_distortion_detailed = 2;
       for (i = 1;  i < 32;  i++) {
-        sprintf(scratch, "%srate%d", fname, i);
-        fp_table_rate[i-1] = fopen(scratch, "w");
-        sprintf(scratch, "%sdist%d", fname, i);
-        fp_table_dist[i-1] = fopen(scratch, "w");
-        }}
+        {
+          const char * scratch;
+          pm_asprintf(&scratch, "%srate%d", fname, i);
+          fp_table_rate[i-1] = fopen(scratch, "w");
+          pm_strfree(scratch);
+        }
+        {
+          const char * scratch;
+          pm_asprintf(&scratch, "%sdist%d", fname, i);
+          fp_table_dist[i-1] = fopen(scratch, "w");
+          pm_strfree(scratch);
+        }
+      }
+    }
       break;
     default:
       fprintf(stderr, "Unknown TUNE parameter setting format %s\n", cp);
diff --git a/converter/ppm/ppmtompeg/param.c b/converter/ppm/ppmtompeg/param.c
index 84104dcb..9499b4ea 100644
--- a/converter/ppm/ppmtompeg/param.c
+++ b/converter/ppm/ppmtompeg/param.c
@@ -307,13 +307,13 @@ expandBackTickLine(const char *         const input,
                    struct inputSource * const inputSourceP) {
 
     FILE *fp;
-    char cmd[300];
+    const char * cmd;
     const char * start;
     const char * end;
-    char cdcmd[110];
+    const char * cdcmd;
 
     start = &input[1];
-    end = &input[strlen(input)-1];
+    end   = &input[strlen(input)-1];
 
     while (*end != '`') {
         end--;
@@ -322,14 +322,14 @@ expandBackTickLine(const char *         const input,
     end--;
 
     if (optionSeen[OPTION_INPUT_DIR])
-        sprintf(cdcmd,"cd %s;",currentPath);
+        pm_asprintf(&cdcmd,"cd %s;", currentPath);
     else
-        strcpy(cdcmd,"");
+        cdcmd = pm_strdup("");
 
     {
         char tmp[300];
         strncpy(tmp,start,end-start+1);
-        sprintf(cmd,"(%s %s)", cdcmd, tmp);
+        pm_asprintf(&cmd, "(%s %s)", cdcmd, tmp);
     }
 
     fp = popen(cmd, "r");
@@ -343,6 +343,8 @@ expandBackTickLine(const char *         const input,
 
         mergeInputSource(inputSourceP, &subInputSource);
     }
+    pm_strfree(cmd);
+    pm_strfree(cdcmd);
 }
 
 
diff --git a/converter/ppm/ppmtompeg/specifics.c b/converter/ppm/ppmtompeg/specifics.c
index 6109cb7a..aa3d7b18 100644
--- a/converter/ppm/ppmtompeg/specifics.c
+++ b/converter/ppm/ppmtompeg/specifics.c
@@ -36,7 +36,12 @@
  * HEADER FILES *
  *==============*/
 
+#include <stdio.h>
+#include <string.h>
+
 #include "netpbm/mallocvar.h"
+#include "netpbm/nstring.h"
+
 #include "all.h"
 #include "mtypes.h"
 #include "frames.h"
@@ -44,8 +49,6 @@
 #include "fsize.h"
 #include "dct.h"
 #include "specifics.h"
-#include <stdio.h>
-#include <string.h>
 #include "prototypes.h"
 #include "param.h"
 
@@ -149,14 +152,21 @@ static char version = -1;
 void
 Specifics_Init() {
 
-    char command[1100];
     FILE *specificsFP;
 
-    sprintf(command, "rm -f %s.cpp", specificsFile);
-    system(command);
-    sprintf(command, "cpp -P %s %s %s.cpp",
-            specificsDefines, specificsFile, specificsFile);
-    system(command);
+    {
+        const char * command;
+        pm_asprintf(&command, "rm -f %s.cpp", specificsFile);
+        system(command);
+        pm_strfree(command);
+    }
+    {
+        const char * command;
+        pm_asprintf(&command, "cpp -P %s %s %s.cpp",
+                    specificsDefines, specificsFile, specificsFile);
+        system(command);
+        pm_strfree(command);
+    }
     strcat(specificsFile, ".cpp");
     if ((specificsFP = fopen(specificsFile, "r")) == NULL) {
         fprintf(stderr, "Error with specifics file, cannot open %s\n",
@@ -164,9 +174,14 @@ Specifics_Init() {
         exit(1);
     }
     printf("Specifics file: %s\n", specificsFile);
+
     Parse_Specifics_File(specificsFP);
-    sprintf(command, "rm -f %s.cpp", specificsFile);
-    system(command);
+    {
+        const char * command;
+        pm_asprintf(&command, "rm -f %s.cpp", specificsFile);
+        system(command);
+        pm_strfree(command);
+    }
 }
author	giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>	2020-06-07 19:47:00 +0000
committer	giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>	2020-06-07 19:47:00 +0000
commit	f9fd97fee9930b2d750b83dc0798934c44031b7e (patch)
tree	c6a09f49e1f8c3a9bb98d1d802e18526ce20a15a /converter
parent	576b0040048e92ac287b229877b605ab07d9eead (diff)
download	netpbm-mirror-f9fd97fee9930b2d750b83dc0798934c44031b7e.tar.gz netpbm-mirror-f9fd97fee9930b2d750b83dc0798934c44031b7e.tar.xz netpbm-mirror-f9fd97fee9930b2d750b83dc0798934c44031b7e.zip