texlive[67794] Build/source/texk/web2c: [CWEB] Replace 'sprintf' with

commits+ascherer at tug.org commits+ascherer at tug.org
Wed Aug 2 10:10:20 CEST 2023 

Revision: 67794
          http://tug.org/svn/texlive?view=revision&revision=67794
Author:   ascherer
Date:     2023-08-02 10:10:19 +0200 (Wed, 02 Aug 2023)
Log Message:
-----------
[CWEB] Replace 'sprintf' with 'snprintf'.

Apple's XCode 14 (Clang) issues deprecation warnings for the 'sprintf'
system function (from <stdio.h>) when used with C++. As I am compiling
CWEB as C++ code (locally, not in TeX Live), I became aware of this
possible future issue.

While common.w diligently checks user-provided file names for possible
buffer overflows before invoking 'sprintf' (sections 77--79), I replace
the uses of 'sprintf' in ctangle.w and cweave.w and cweav-twill.ch with
the safer 'snprintf' alternative.

Modified Paths:
--------------
    trunk/Build/source/texk/web2c/ctangleboot.cin
    trunk/Build/source/texk/web2c/cwebdir/ChangeLog
    trunk/Build/source/texk/web2c/cwebdir/ctang-bs.ch
    trunk/Build/source/texk/web2c/cwebdir/ctangle.c
    trunk/Build/source/texk/web2c/cwebdir/ctangle.w
    trunk/Build/source/texk/web2c/cwebdir/ctwill-w2c.ch
    trunk/Build/source/texk/web2c/cwebdir/cweave.w
    trunk/Build/source/texk/web2c/cwebdir/system.bux

Modified: trunk/Build/source/texk/web2c/ctangleboot.cin
===================================================================
--- trunk/Build/source/texk/web2c/ctangleboot.cin	2023-08-01 23:43:13 UTC (rev 67793)
+++ trunk/Build/source/texk/web2c/ctangleboot.cin	2023-08-02 08:10:19 UTC (rev 67794)
@@ -517,9 +517,9 @@
 /*:46*//*58:*/
 #line 696 "cwebdir/ctangle.w"
 
-{
-int i;
-for(i= 0;i<0200;i++)sprintf(translit[i],"X%02X",(unsigned int)(0200+i));
+{int i;
+for(i= 0;i<0200;i++)
+snprintf(translit[i],translit_length,"X%02X",(unsigned int)(0200+i));
 }
 
 #line 178 "cwebdir/ctang-w2c.ch"

Modified: trunk/Build/source/texk/web2c/cwebdir/ChangeLog
===================================================================
--- trunk/Build/source/texk/web2c/cwebdir/ChangeLog	2023-08-01 23:43:13 UTC (rev 67793)
+++ trunk/Build/source/texk/web2c/cwebdir/ChangeLog	2023-08-02 08:10:19 UTC (rev 67794)
@@ -1,3 +1,12 @@
+2023-08-02  Andreas Scherer  <https://ascherer.github.io>
+
+	* ctang-bs.ch,
+	* ctangle.c,
+	* ctangle.w,
+	* ctwill-w2c.ch,
+	* cweave.w,
+	* system.bux: Replace 'sprintf' with 'snprintf'.
+
 2023-08-01  Andreas Scherer  <https://ascherer.github.io>
 
 	* comm-w2c.ch,

Modified: trunk/Build/source/texk/web2c/cwebdir/ctang-bs.ch
===================================================================
--- trunk/Build/source/texk/web2c/cwebdir/ctang-bs.ch	2023-08-01 23:43:13 UTC (rev 67793)
+++ trunk/Build/source/texk/web2c/cwebdir/ctang-bs.ch	2023-08-02 08:10:19 UTC (rev 67794)
@@ -154,10 +154,10 @@
 out_char(
 eight_bits cur_char)
 {
-  char *j, *k; /* pointer into |byte_mem| */
+  char *j; /* pointer into |byte_mem| */
 @y
 out_char(cur_char)
 eight_bits cur_char;
 {
-  char huge* j, huge* k; /* pointer into |byte_mem| */
+  char huge* j; /* pointer into |byte_mem| */
 @z

Modified: trunk/Build/source/texk/web2c/cwebdir/ctangle.c
===================================================================
--- trunk/Build/source/texk/web2c/cwebdir/ctangle.c	2023-08-01 23:43:13 UTC (rev 67793)
+++ trunk/Build/source/texk/web2c/cwebdir/ctangle.c	2023-08-02 08:10:19 UTC (rev 67794)
@@ -485,9 +485,9 @@
 /*:46*//*58:*/
 #line 696 "ctangle.w"
 
-{
-int i;
-for(i= 0;i<0200;i++)sprintf(translit[i],"X%02X",(unsigned int)(0200+i));
+{int i;
+for(i= 0;i<0200;i++)
+snprintf(translit[i],translit_length,"X%02X",(unsigned int)(0200+i));
 }
 
 /*:58*//*63:*/

Modified: trunk/Build/source/texk/web2c/cwebdir/ctangle.w
===================================================================
--- trunk/Build/source/texk/web2c/cwebdir/ctangle.w	2023-08-01 23:43:13 UTC (rev 67793)
+++ trunk/Build/source/texk/web2c/cwebdir/ctangle.w	2023-08-02 08:10:19 UTC (rev 67794)
@@ -694,9 +694,9 @@
 static char translit[0200][translit_length];
 
 @ @<Set init...@>=
-{
-  int i;
-  for (i=0;i<0200;i++) sprintf(translit[i],"X%02X",(unsigned int)(0200+i));
+{ int i;
+  for (i=0;i<0200;i++)
+     snprintf(translit[i],translit_length,"X%02X",(unsigned int)(0200+i));
 }
 
 @ @<Case of an identifier@>=@t\1\quad@>

Modified: trunk/Build/source/texk/web2c/cwebdir/ctwill-w2c.ch
===================================================================
--- trunk/Build/source/texk/web2c/cwebdir/ctwill-w2c.ch	2023-08-01 23:43:13 UTC (rev 67793)
+++ trunk/Build/source/texk/web2c/cwebdir/ctwill-w2c.ch	2023-08-02 08:10:19 UTC (rev 67794)
@@ -1854,15 +1854,15 @@
 @ @c static void
 out_mini(
   meaning_struct *m)
-{ char s[60];
+{ char s[90];
   name_pointer cur_name=m->id;
   if (m->prog_no==0) { /* reference within current program */
     if (m->sec_no==section_count) return; /* defined in current section */
-    sprintf(s,"\\[%d",m->sec_no);
+    snprintf(s,90,"\\[%d",m->sec_no);
   } else { name_pointer n=title_code[m->prog_no];
     if (*(n->byte_start)=='{')
-      sprintf(s,"\\]%.*s%d",(int)length(n),n->byte_start,m->sec_no);
-    else sprintf(s,"\\]%.*s",(int)length(n),n->byte_start);
+      snprintf(s,90,"\\]%.*s%d",(int)length(n),n->byte_start,m->sec_no);
+    else snprintf(s,90,"\\]%.*s",(int)length(n),n->byte_start);
   }
   out_str(s); out(' ');
   @<Mini-output the name at |cur_name|@>@;

Modified: trunk/Build/source/texk/web2c/cwebdir/cweave.w
===================================================================
--- trunk/Build/source/texk/web2c/cwebdir/cweave.w	2023-08-01 23:43:13 UTC (rev 67793)
+++ trunk/Build/source/texk/web2c/cwebdir/cweave.w	2023-08-02 08:10:19 UTC (rev 67794)
@@ -1482,7 +1482,7 @@
 sixteen_bits n)
 {
   char s[6];
-  sprintf(s,"%d",(int)n); out_str(s);
+  snprintf(s,6,"%d",(int)n); out_str(s);
   if (changed_section[n]) out_str("\\*");
 @.\\*@>
 }
@@ -4236,7 +4236,7 @@
   group_found=true;
   out_str("\\N");
 @.\\N@>
-  {@+ char s[32];@+sprintf(s,"{%d}",sec_depth+1);@+out_str(s);@+}
+  {@+ char s[32];@+snprintf(s,32,"{%d}",sec_depth+1);@+out_str(s);@+}
   if (show_progress)
   printf("*%d",(int)section_count); update_terminal(); /* print a progress report */
 }

Modified: trunk/Build/source/texk/web2c/cwebdir/system.bux
===================================================================
--- trunk/Build/source/texk/web2c/cwebdir/system.bux	2023-08-01 23:43:13 UTC (rev 67793)
+++ trunk/Build/source/texk/web2c/cwebdir/system.bux	2023-08-02 08:10:19 UTC (rev 67794)
@@ -26,8 +26,9 @@
 @$puts "<stdio.h>" \zip@>
 @$rename "<stdio.h>" \zip@>
 @$remove "<stdio.h>" \zip@>
+@$snprintf "<stdio.h>" \zip@>
+@$sprintf "<stdio.h>" \zip@>
 @$sscanf "<stdio.h>" \zip@>
-@$sprintf "<stdio.h>" \zip@>
 @$stderr "<stdio.h>" \zip@>
 @$stdin "<stdio.h>" \zip@>
 @$stdout "<stdio.h>" \zip@>

More information about the tex-live-commits mailing list.