builtin: do not use unsafe sprintf/vsprintf functions

2025-09-15 15:32:27 +03:00 · 2020-03-21 06:37:58 +01:00 · 2020-03-21 06:37:58 +01:00 · c21e976cad
commit c21e976cad
parent 7e139b5384
4 changed files with 140 additions and 47 deletions
--- a/vlib/compiler/live.v
+++ b/vlib/compiler/live.v
@ -110,24 +110,35 @@ fn (v &V) generate_hot_reload_code() {
 		cgen.genln('

 void lfnmutex_print(char *s){
-	if(0){
-		fflush(stderr);
-		fprintf(stderr,">> live_fn_mutex: %p | %s\\n", &live_fn_mutex, s);
-		fflush(stderr);
-	}
+#if 0
+	fflush(stderr);
+	fprintf(stderr,">> live_fn_mutex: %p | %s\\n", &live_fn_mutex, s);
+	fflush(stderr);
+#endif
 }
 ')
 		if v.pref.os != .windows {
 			cgen.genln('
-void* live_lib=0;
+#define _POSIX_C_SOURCE 1
+#include <limits.h>
+#ifndef PATH_MAX
+#define PATH_MAX 1024
+#endif
+
+void* live_lib = 0;
+
 int load_so(byteptr path) {
-	char cpath[1024];
-	sprintf(cpath,"./%s", path);
+	char cpath[PATH_MAX] = {0};
+	int res = snprintf(cpath, sizeof (cpath), "./%s", path);
+	if (res >= sizeof (cpath)) {
+		fprintf (stderr, "path is too long");
+		return 0;
+	}
 	//printf("load_so %s\\n", cpath);
 	if (live_lib) dlclose(live_lib);
 	live_lib = dlopen(cpath, RTLD_LAZY);
 	if (!live_lib) {
-		puts("open failed");
+		fprintf(stderr, "open failed");
 		exit(1);
 		return 0;
 	}
@ -138,6 +149,11 @@ int load_so(byteptr path) {
 		}
 		else {
 			cgen.genln('
+
+#ifndef PATH_MAX
+#define PATH_MAX 1024
+#endif
+
 void pthread_mutex_lock(HANDLE *m) {
 	WaitForSingleObject(*m, INFINITE);
 }
@ -146,14 +162,19 @@ void pthread_mutex_unlock(HANDLE *m) {
 	ReleaseMutex(*m);
 }

-void* live_lib=0;
+void* live_lib = NULL;
 int load_so(byteptr path) {
-	char cpath[1024];
-	sprintf(cpath, "./%s", path);
+	char cpath[PATH_MAX];
+	int res = snprintf(cpath, sizeof (cpath), "./%s", path);
+	if (res >= sizeof(cpath)) {
+		puts("path is too long\\n");
+		exit(1);
+		return 0;
+	}
 	if (live_lib) FreeLibrary(live_lib);
 	live_lib = LoadLibraryA(cpath);
 	if (!live_lib) {
-		puts("open failed");
+		puts("open failed\\n");
 		exit(1);
 		return 0;
 	}
@ -167,9 +188,9 @@ int load_so(byteptr path) {

 int _live_reloads = 0;
 void reload_so() {
-	char new_so_base[1024];
-	char new_so_name[1024];
-	char compile_cmd[1024];
+	char new_so_base[PATH_MAX] = {0};
+	char new_so_name[PATH_MAX] = {0};
+	char compile_cmd[PATH_MAX] = {0};
 	int last = os__file_last_mod_unix(tos2("$file"));
 	while (1) {
 		// TODO use inotify
@ -179,22 +200,22 @@ void reload_so() {
 			_live_reloads++;

 			//v -o bounce -shared bounce.v
-			sprintf(new_so_base, ".tmp.%d.${file_base}", _live_reloads);
+			snprintf(new_so_base, sizeof (new_so_base), ".tmp.%d.${file_base}", _live_reloads);
 			#ifdef _WIN32
 			// We have to make this directory becuase windows WILL NOT
 			// do it for us
 			os__mkdir(string_all_before_last(tos2(new_so_base), tos2("/")));
 			#endif
 			#ifdef _MSC_VER
-			sprintf(new_so_name, "%s.dll", new_so_base);
+			snprintf(new_so_name, sizeof (new_so_name), "%s.dll", new_so_base);
 			#else
-			sprintf(new_so_name, "%s.so", new_so_base);
+			snprintf(new_so_name, sizeof (new_so_name), "%s.so", new_so_base);
 			#endif
-			sprintf(compile_cmd, "$vexe $msvc -o %s -solive -shared $file", new_so_base);
+			snprintf(compile_cmd, sizeof (compile_cmd), "$vexe $msvc -o %s -solive -shared $file", new_so_base);
 			os__system(tos2(compile_cmd));

 			if( !os__exists(tos2(new_so_name)) ) {
-				fprintf(stderr, "Errors while compiling $file\\n");
+				puts("Errors while compiling $file\\n");
 				continue;
 			}