replaced sprintf() with snprintf() to prevent possible buffer overflow

* DOCBparser.c HTMLparser.c debugXML.c encoding.c nanoftp.c nanohttp.c parser.c tree.c uri.c xmlIO.c xmllint.c xpath.c: replaced sprintf() with snprintf() to prevent possible buffer overflow (the bug was pointed out by Anju Premachandran)
2025-07-29 11:41:22 +03:00 · 2002-06-14 17:07:10 +00:00
parent e059b891ef
commit 49cc97565f
13 changed files with 72 additions and 45 deletions
--- a/HTMLparser.c
+++ b/HTMLparser.c
@ -1572,7 +1572,7 @@ htmlEncodeEntities(unsigned char* out, int *outlen,
 	     */
 	    ent = htmlEntityValueLookup(c);
 	    if (ent == NULL) {
-		sprintf(nbuf, "#%u", c);
+		snprintf(nbuf, sizeof(nbuf), "#%u", c);
 		cp = nbuf;
 	    }
 	    else