summaryrefslogtreecommitdiff
path: root/core/src
diff options
context:
space:
mode:
Diffstat (limited to 'core/src')
-rw-r--r--core/src/fxcodec/codec/fx_codec_png.cpp6
-rw-r--r--core/src/fxcodec/libjpeg/fpdfapi_jerror.c4
-rw-r--r--core/src/fxcrt/fx_basic_bstring.cpp10
3 files changed, 12 insertions, 8 deletions
diff --git a/core/src/fxcodec/codec/fx_codec_png.cpp b/core/src/fxcodec/codec/fx_codec_png.cpp
index 0ddae7a7cd..8c26381514 100644
--- a/core/src/fxcodec/codec/fx_codec_png.cpp
+++ b/core/src/fxcodec/codec/fx_codec_png.cpp
@@ -50,8 +50,10 @@ static void _png_load_bmp_attribute(png_structp png_ptr, png_infop info_ptr, CFX
png_timep t = NULL;
png_get_tIME(png_ptr, info_ptr, &t);
if (t) {
- FXSYS_memset32(pAttribute->m_strTime, 0, 20);
- FXSYS_sprintf((FX_LPSTR)pAttribute->m_strTime, "%4d:%2d:%2d %2d:%2d:%2d", t->year, t->month, t->day, t->hour, t->minute, t->second);
+ FXSYS_memset32(pAttribute->m_strTime, 0, sizeof(pAttribute->m_strTime));
+ FXSYS_snprintf((FX_LPSTR)pAttribute->m_strTime, sizeof(pAttribute->m_strTime), "%4d:%2d:%2d %2d:%2d:%2d",
+ t->year, t->month, t->day, t->hour, t->minute, t->second);
+ pAttribute->m_strTime[sizeof(pAttribute->m_strTime) - 1] = 0;
bTime = 1;
}
#endif
diff --git a/core/src/fxcodec/libjpeg/fpdfapi_jerror.c b/core/src/fxcodec/libjpeg/fpdfapi_jerror.c
index 943ced798f..282f889ebd 100644
--- a/core/src/fxcodec/libjpeg/fpdfapi_jerror.c
+++ b/core/src/fxcodec/libjpeg/fpdfapi_jerror.c
@@ -177,9 +177,9 @@ format_message (j_common_ptr cinfo, char * buffer)
/* Format the message into the passed buffer */
if (isstring)
- FXSYS_sprintf(buffer, msgtext, err->msg_parm.s);
+ sprintf(buffer, msgtext, err->msg_parm.s);
else
- FXSYS_sprintf(buffer, msgtext,
+ sprintf(buffer, msgtext,
err->msg_parm.i[0], err->msg_parm.i[1],
err->msg_parm.i[2], err->msg_parm.i[3],
err->msg_parm.i[4], err->msg_parm.i[5],
diff --git a/core/src/fxcrt/fx_basic_bstring.cpp b/core/src/fxcrt/fx_basic_bstring.cpp
index 5c8a2fa8f3..895c8e560e 100644
--- a/core/src/fxcrt/fx_basic_bstring.cpp
+++ b/core/src/fxcrt/fx_basic_bstring.cpp
@@ -676,10 +676,10 @@ void CFX_ByteString::FormatV(FX_LPCSTR lpszFormat, va_list argList)
if (nWidth + nPrecision > 100) {
nItemLen = nPrecision + nWidth + 128;
} else {
- double f;
char pszTemp[256];
- f = va_arg(argList, double);
- FXSYS_sprintf(pszTemp, "%*.*f", nWidth, nPrecision + 6, f );
+ double f = va_arg(argList, double);
+ memset(pszTemp, 0, sizeof(pszTemp));
+ FXSYS_snprintf(pszTemp, sizeof(pszTemp) - 1, "%*.*f", nWidth, nPrecision + 6, f);
nItemLen = (FX_STRSIZE)FXSYS_strlen(pszTemp);
}
break;
@@ -697,9 +697,11 @@ void CFX_ByteString::FormatV(FX_LPCSTR lpszFormat, va_list argList)
}
nMaxLen += nItemLen;
}
+ nMaxLen += 32; // Fudge factor.
GetBuffer(nMaxLen);
if (m_pData) {
- FXSYS_vsprintf(m_pData->m_String, lpszFormat, argListSave);
+ memset(m_pData->m_String, 0, nMaxLen);
+ FXSYS_vsnprintf(m_pData->m_String, nMaxLen - 1, lpszFormat, argListSave);
ReleaseBuffer();
}
va_end(argListSave);