commit e5fe9820e1023c59578934cdfd25487e9d4be427
from: Marcel Rodrigues <marcelgmr@gmail.com>
date: Fri Apr 17 01:39:21 2015 UTC

Use snprintf().

This breaks C89 compatibility, but is necessary in order to avoid
buffer overflows.

commit - e1a8adcd0c41c50a442c257fea4e98d5b239f12a
commit + e5fe9820e1023c59578934cdfd25487e9d4be427
blob - cb37a5392e8e88ff895e3455e04e1b4e423608f7
blob + 425bebd1dbf540449487c8b71bc0402ef94d28f9
--- README.md
+++ README.md
@@ -67,8 +67,8 @@ Dependencies
 ============
 
  Rover is supposed to run on any Unix-like system with a curses implementation.
-To build Rover, you need an ANSI C compiler and a curses library with the
-corresponding header file.
+To build Rover, you need a C compiler and a curses library with the corresponding
+header file.
 
 
 Configuration
blob - f0c8d42ec4120bcb6d46544e53ed7da355e9ed18
blob + 630e50c714c4bfbf204f1aee0856d972fd3e0f48
--- rover.c
+++ rover.c
@@ -242,7 +242,7 @@ update_view()
     color_set(DEFAULT, NULL);
     attr_off(A_BOLD, NULL);
     if (rover.marks.nentries) {
-        numsize = sprintf(STATUS, "%d", rover.marks.nentries);
+        numsize = snprintf(STATUS, STATUSSZ, "%d", rover.marks.nentries);
         color_set(RVC_NMARKS, NULL);
         mvaddstr(0, COLS - 3 - numsize, STATUS);
         color_set(DEFAULT, NULL);
@@ -270,7 +270,7 @@ update_view()
         else
             wcolor_set(rover.window, RVC_FILE, NULL);
         if (!isdir)
-            sprintf(ROW, "%s%*d", ENAME(j),
+            snprintf(ROW, ROWSZ, "%s%*d", ENAME(j),
                     (int) (COLS - strlen(ENAME(j)) - 4), (int) ESIZE(j));
         else
             strcpy(ROW, ENAME(j));
@@ -303,8 +303,8 @@ update_view()
     if (!rover.nfiles)
         strcpy(ROW, "0/0");
     else
-        sprintf(ROW, "%d/%d", ESEL + 1, rover.nfiles);
-    sprintf(STATUS+3, "%12s", ROW);
+        snprintf(ROW, ROWSZ, "%d/%d", ESEL + 1, rover.nfiles);
+    snprintf(STATUS+3, STATUSSZ-3, "%12s", ROW);
     color_set(RVC_STATUS, NULL);
     mvaddstr(LINES - 1, STATUSPOS, STATUS);
     color_set(DEFAULT, NULL);
@@ -489,7 +489,7 @@ process_dir(PROCESS pre, PROCESS proc, PROCESS pos, co
     while ((ep = readdir(dp))) {
         if (!strcmp(ep->d_name, ".") || !strcmp(ep->d_name, ".."))
             continue;
-        sprintf(subpath, "%s%s", path, ep->d_name);
+        snprintf(subpath, PATH_MAX, "%s%s", path, ep->d_name);
         stat(subpath, &statbuf);
         if (S_ISDIR(statbuf.st_mode)) {
             strcat(subpath, "/");
@@ -517,7 +517,7 @@ process_marked(PROCESS pre, PROCESS proc, PROCESS pos)
     for (i = 0; i < rover.marks.bulk; i++)
         if (rover.marks.entries[i]) {
             ret = 0;
-            sprintf(path, "%s%s", rover.marks.dirpath, rover.marks.entries[i]);
+            snprintf(path, PATH_MAX, "%s%s", rover.marks.dirpath, rover.marks.entries[i]);
             if (ISDIR(rover.marks.entries[i])) {
                 if (!strncmp(path, CWD, strlen(path)))
                     ret = -1;