generic-library/jsoncpp
1
0
Fork 0
mirror of https://github.com/open-source-parsers/jsoncpp.git synced 2024-12-14 02:35:09 +01:00
Code Issues Projects Releases Wiki Activity

Switched away from sprintf, which is prone to buffer overflows.

Browse Source 
Most reasonable platforms have this function. If you're here because
this broke the build for you, consider adding an ifdef for your platform
and using sprintf there (but not on other platforms).
This commit is contained in:
Aaron Jacobs 2013-08-06 23:12:56 +00:00
parent 700b38020e
commit 42d918b7aa
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/lib_json/json_reader.cpp
View File

@ -868,7 +868,7 @@ Reader::getLocationLineAndColumn( Location location ) const
int line, column; int line, column;
getLocationLineAndColumn( location, line, column ); getLocationLineAndColumn( location, line, column );
char buffer[18+16+16+1]; char buffer[18+16+16+1];
sprintf( buffer, "Line %d, Column %d", line, column ); snprintf(buffer, sizeof(buffer), "Line %d, Column %d", line, column);
return buffer; return buffer;
} }

2
src/lib_json/json_writer.cpp
View File

@ -77,7 +77,7 @@ std::string valueToString( double value )
#if defined(_MSC_VER) && defined(__STDC_SECURE_LIB__) // Use secure version with visual studio 2005 to avoid warning. #if defined(_MSC_VER) && defined(__STDC_SECURE_LIB__) // Use secure version with visual studio 2005 to avoid warning.
sprintf_s(buffer, sizeof(buffer), "%#.16g", value); sprintf_s(buffer, sizeof(buffer), "%#.16g", value);
#else #else
sprintf(buffer, "%#.16g", value); snprintf(buffer, sizeof(buffer), "%#.16g", value);
#endif #endif
char* ch = buffer + strlen(buffer) - 1; char* ch = buffer + strlen(buffer) - 1;
if (*ch != '0') return buffer; // nothing to truncate, so save time if (*ch != '0') return buffer; // nothing to truncate, so save time