From 8b5e303fc1f01521c727e351270dd68c4f15190b Mon Sep 17 00:00:00 2001 From: Mahendra Narvariya Date: Thu, 19 Nov 2015 13:45:52 +0100 Subject: [PATCH 5/8] Avoid possible overflow in sprintf Avoid possible overflow in sprintf, better to use snprintf. --- src/mms.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mms.c b/src/mms.c index c1dbc29..579c3f0 100644 --- a/src/mms.c +++ b/src/mms.c @@ -772,8 +772,8 @@ mms_t *mms_connect (mms_io_t *io, void *data, const char *url, int bandwidth) { mms_buffer_init(&command_buffer, this->scmd_body); mms_buffer_put_32 (&command_buffer, 0x0003001C); mms_gen_guid(this->guid); - sprintf(this->str, "NSPlayer/7.0.0.1956; {%s}; Host: %s", this->guid, - this->connect_host); + snprintf(this->str, sizeof(this->str), "NSPlayer/7.0.0.1956; {%s}; Host: %s", + this->guid, this->connect_host); res = mms_utf8_to_utf16le(this->scmd_body + command_buffer.pos, CMD_BODY_LEN - command_buffer.pos, this->str); -- 2.39.2