feat: Use snprintf instead of sprintf to avoid potential buffer overflow

AppImage#1075 (comment)
srevinsaju · Sep 10, 2020 · 63b6e6a · 63b6e6a
1 parent bf7c4c5
commit 63b6e6a
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/appimagetool.c b/src/appimagetool.c
@@ -908,7 +908,6 @@ main (int argc, char *argv[])
                         printf("Will not guess update information since zsyncmake is missing\n");
                     }
                 }
-			sprintf(buf, "gh-releases-zsync|%s|%s|%s|%s*-%s.AppImage.zsync", parts[0], parts[1], channel, app_name_for_filename, arch);
             } else if (github_repository != NULL && github_ref != NULL) {
                 printf("Running on GitHub Actions\n");
                 gchar *zsyncmake_path = g_find_program_in_path ("zsyncmake");
@@ -925,6 +924,11 @@ main (int argc, char *argv[])
                         } else {
                             channel = "continuous";
                         }
+                        int is_zsync_write_success = snprintf(buf, 1024, "gh-releases-zsync|%s|%s|%s|%s*-%s.AppImage.zsync", parts[0], parts[1], channel, app_name_for_filename, arch);
+                        if (is_zsync_write_success < 0) {
+                            printf("Writing updateinformation failed. zsync information is too long. (> 1024)\n");
+                            exit(is_zsync_write_success);
+                        }
                         updateinformation = buf;
                         printf("%s\n", updateinformation);
                     }