From fd3a887113618591789638783893e5f0f8445abb Mon Sep 17 00:00:00 2001 From: Andreas Scherer Date: Wed, 2 Aug 2023 08:10:19 +0000 Subject: [PATCH] [CWEB] Replace 'sprintf' with 'snprintf'. Apple's XCode 14 (Clang) issues deprecation warnings for the 'sprintf' system function (from ) when used with C++. As I am compiling CWEB as C++ code (locally, not in TeX Live), I became aware of this possible future issue. While common.w diligently checks user-provided file names for possible buffer overflows before invoking 'sprintf' (sections 77--79), I replace the uses of 'sprintf' in ctangle.w and cweave.w and cweav-twill.ch with the safer 'snprintf' alternative. git-svn-id: svn://tug.org/texlive/trunk/Build/source@67794 c570f23f-e606-0410-a88d-b1316a301751 --- texk/web2c/ctangleboot.cin | 6 +++--- texk/web2c/cwebdir/ChangeLog | 9 +++++++++ texk/web2c/cwebdir/ctang-bs.ch | 4 ++-- texk/web2c/cwebdir/ctangle.c | 6 +++--- texk/web2c/cwebdir/ctangle.w | 6 +++--- texk/web2c/cwebdir/ctwill-w2c.ch | 8 ++++---- texk/web2c/cwebdir/cweave.w | 4 ++-- texk/web2c/cwebdir/system.bux | 3 ++- 8 files changed, 28 insertions(+), 18 deletions(-) diff --git a/texk/web2c/ctangleboot.cin b/texk/web2c/ctangleboot.cin index d659410f9c..e614b2b5c9 100644 --- a/texk/web2c/ctangleboot.cin +++ b/texk/web2c/ctangleboot.cin @@ -517,9 +517,9 @@ cur_out_file= end_output_files= output_files+max_files; /*:46*//*58:*/ #line 696 "cwebdir/ctangle.w" -{ -int i; -for(i= 0;i<0200;i++)sprintf(translit[i],"X%02X",(unsigned int)(0200+i)); +{int i; +for(i= 0;i<0200;i++) +snprintf(translit[i],translit_length,"X%02X",(unsigned int)(0200+i)); } #line 178 "cwebdir/ctang-w2c.ch" diff --git a/texk/web2c/cwebdir/ChangeLog b/texk/web2c/cwebdir/ChangeLog index e952f92955..261f7d4b08 100644 --- a/texk/web2c/cwebdir/ChangeLog +++ b/texk/web2c/cwebdir/ChangeLog @@ -1,3 +1,12 @@ +2023-08-02 Andreas Scherer + + * ctang-bs.ch, + * ctangle.c, + * ctangle.w, + * ctwill-w2c.ch, + * cweave.w, + * system.bux: Replace 'sprintf' with 'snprintf'. + 2023-08-01 Andreas Scherer * comm-w2c.ch, diff --git a/texk/web2c/cwebdir/ctang-bs.ch b/texk/web2c/cwebdir/ctang-bs.ch index b8de3d58d6..9c32641476 100644 --- a/texk/web2c/cwebdir/ctang-bs.ch +++ b/texk/web2c/cwebdir/ctang-bs.ch @@ -154,10 +154,10 @@ text_ptr=text_info+1; text_ptr->tok_start=tok_mem; out_char( eight_bits cur_char) { - char *j, *k; /* pointer into |byte_mem| */ + char *j; /* pointer into |byte_mem| */ @y out_char(cur_char) eight_bits cur_char; { - char huge* j, huge* k; /* pointer into |byte_mem| */ + char huge* j; /* pointer into |byte_mem| */ @z diff --git a/texk/web2c/cwebdir/ctangle.c b/texk/web2c/cwebdir/ctangle.c index 9a123acec3..e742f5abfd 100644 --- a/texk/web2c/cwebdir/ctangle.c +++ b/texk/web2c/cwebdir/ctangle.c @@ -485,9 +485,9 @@ cur_out_file= end_output_files= output_files+max_files; /*:46*//*58:*/ #line 696 "ctangle.w" -{ -int i; -for(i= 0;i<0200;i++)sprintf(translit[i],"X%02X",(unsigned int)(0200+i)); +{int i; +for(i= 0;i<0200;i++) +snprintf(translit[i],translit_length,"X%02X",(unsigned int)(0200+i)); } /*:58*//*63:*/ diff --git a/texk/web2c/cwebdir/ctangle.w b/texk/web2c/cwebdir/ctangle.w index a36bee69fe..dbdf94ec21 100644 --- a/texk/web2c/cwebdir/ctangle.w +++ b/texk/web2c/cwebdir/ctangle.w @@ -694,9 +694,9 @@ This makes debugging a lot less confusing. static char translit[0200][translit_length]; @ @= -{ - int i; - for (i=0;i<0200;i++) sprintf(translit[i],"X%02X",(unsigned int)(0200+i)); +{ int i; + for (i=0;i<0200;i++) + snprintf(translit[i],translit_length,"X%02X",(unsigned int)(0200+i)); } @ @=@t\1\quad@> diff --git a/texk/web2c/cwebdir/ctwill-w2c.ch b/texk/web2c/cwebdir/ctwill-w2c.ch index c570b2a68a..cacca86705 100644 --- a/texk/web2c/cwebdir/ctwill-w2c.ch +++ b/texk/web2c/cwebdir/ctwill-w2c.ch @@ -1854,15 +1854,15 @@ placed on the list, unless they are reserved and their current @ @c static void out_mini( meaning_struct *m) -{ char s[60]; +{ char s[90]; name_pointer cur_name=m->id; if (m->prog_no==0) { /* reference within current program */ if (m->sec_no==section_count) return; /* defined in current section */ - sprintf(s,"\\[%d",m->sec_no); + snprintf(s,90,"\\[%d",m->sec_no); } else { name_pointer n=title_code[m->prog_no]; if (*(n->byte_start)=='{') - sprintf(s,"\\]%.*s%d",(int)length(n),n->byte_start,m->sec_no); - else sprintf(s,"\\]%.*s",(int)length(n),n->byte_start); + snprintf(s,90,"\\]%.*s%d",(int)length(n),n->byte_start,m->sec_no); + else snprintf(s,90,"\\]%.*s",(int)length(n),n->byte_start); } out_str(s); out(' '); @@; diff --git a/texk/web2c/cwebdir/cweave.w b/texk/web2c/cwebdir/cweave.w index 1f2529e7d1..a8d80d9590 100644 --- a/texk/web2c/cwebdir/cweave.w +++ b/texk/web2c/cwebdir/cweave.w @@ -1482,7 +1482,7 @@ out_section( sixteen_bits n) { char s[6]; - sprintf(s,"%d",(int)n); out_str(s); + snprintf(s,6,"%d",(int)n); out_str(s); if (changed_section[n]) out_str("\\*"); @.\\*@> } @@ -4236,7 +4236,7 @@ else { group_found=true; out_str("\\N"); @.\\N@> - {@+ char s[32];@+sprintf(s,"{%d}",sec_depth+1);@+out_str(s);@+} + {@+ char s[32];@+snprintf(s,32,"{%d}",sec_depth+1);@+out_str(s);@+} if (show_progress) printf("*%d",(int)section_count); update_terminal(); /* print a progress report */ } diff --git a/texk/web2c/cwebdir/system.bux b/texk/web2c/cwebdir/system.bux index 6b44254835..52877fd11d 100644 --- a/texk/web2c/cwebdir/system.bux +++ b/texk/web2c/cwebdir/system.bux @@ -26,8 +26,9 @@ @$puts "" \zip@> @$rename "" \zip@> @$remove "" \zip@> -@$sscanf "" \zip@> +@$snprintf "" \zip@> @$sprintf "" \zip@> +@$sscanf "" \zip@> @$stderr "" \zip@> @$stdin "" \zip@> @$stdout "" \zip@>