From 5db2d745164db6c375edd86a5bb28eeb6041d7c0 Mon Sep 17 00:00:00 2001
From: matz <matz@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Tue, 19 Jul 2005 08:25:39 +0000
Subject: * io.c (rb_io_inspect): replace sprintf() with "%s" format all   over
 the place by snprintf() to avoid integer overflow.

* sample/svr.rb: service can be stopped by ill-behaved client; use
  tsvr.rb instead.


git-svn-id: http://svn.ruby-lang.org/repos/ruby/branches/ruby_1_8@8799 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 error.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'error.c')

diff --git a/error.c b/error.c
index f741620ff..0b63aa051 100644
--- a/error.c
+++ b/error.c
@@ -907,9 +907,10 @@ syserr_initialize(argc, argv, self)
     else err = "unknown error";
     if (!NIL_P(mesg)) {
 	VALUE str = mesg;
+	size_t len = strlen(err)+RSTRING(str)->len+3;
 	StringValue(str);
-	mesg = rb_str_new(0, strlen(err)+RSTRING(str)->len+3);
-	sprintf(RSTRING(mesg)->ptr, "%s - %.*s", err,
+	mesg = rb_str_new(0, len);
+	snprintf(RSTRING(mesg)->ptr, len, "%s - %.*s", err,
 		(int)RSTRING(str)->len, RSTRING(str)->ptr);
 	rb_str_resize(mesg, strlen(RSTRING(mesg)->ptr));
     }
-- 
cgit