$OpenBSD: patch-src_lobject_c,v 1.3 2007/10/29 20:30:32 espie Exp $ --- src/lobject.c.orig Fri Feb 10 18:43:52 2006 +++ src/lobject.c Mon Oct 29 21:26:20 2007 @@ -142,7 +142,7 @@ const char *luaO_pushvfstring (lua_State *L, const cha } case 'p': { char buff[4*sizeof(void *) + 8]; /* should be enough space for a `%p' */ - sprintf(buff, "%p", va_arg(argp, void *)); + snprintf(buff, sizeof(buff), "%p", va_arg(argp, void *)); pushstr(L, buff); break; } @@ -180,35 +180,33 @@ const char *luaO_pushfstring (lua_State *L, const char void luaO_chunkid (char *out, const char *source, size_t bufflen) { - if (*source == '=') { - strncpy(out, source+1, bufflen); /* remove first char */ - out[bufflen-1] = '\0'; /* ensures null termination */ - } + if (*source == '=') + strlcpy(out, source+1, bufflen); /* remove first char */ else { /* out = "source", or "...source" */ if (*source == '@') { - size_t l; + size_t l, m; source++; /* skip the `@' */ - bufflen -= sizeof(" '...' "); l = strlen(source); - strcpy(out, ""); - if (l > bufflen) { - source += (l-bufflen); /* get last part of file name */ - strcat(out, "..."); + m = bufflen - sizeof(" '...' "); + strlcpy(out, "", bufflen); + if (l > m) { + source += (l-m); /* get last part of file name */ + strlcat(out, "...", bufflen); } - strcat(out, source); + strlcat(out, source, bufflen); } else { /* out = [string "string"] */ - size_t len = strcspn(source, "\n\r"); /* stop at first newline */ - bufflen -= sizeof(" [string \"...\"] "); - if (len > bufflen) len = bufflen; - strcpy(out, "[string \""); + size_t pos = strcspn(source, "\n\r"); /* stop at first newline */ + size_t len = bufflen - sizeof(" [string \"...\"] "); + if (pos > len) pos = len; + strlcpy(out, "[string \"", bufflen); if (source[len] != '\0') { /* must truncate? */ - strncat(out, source, len); - strcat(out, "..."); + strlcat(out, source, len); + strlcat(out, "...", bufflen); } else - strcat(out, source); - strcat(out, "\"]"); + strlcat(out, source, bufflen); + strlcat(out, "\"]", bufflen); } } }