Skip to content

Commit 254934b

Browse files
alexandre-dauboisalexandre-daubois
authored
Avoid using unsafe sprintf() (#19598)
1 parent 5d2cf26 commit 254934b

File tree

2 files changed

+4
-24
lines changed

2 files changed

+4
-24
lines changed

Zend/zend_alloc.c

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -379,24 +379,6 @@ static const uint32_t bin_pages[] = {
379379
ZEND_MM_BINS_INFO(_BIN_DATA_PAGES, x, y)
380380
};
381381

382-
#if ZEND_DEBUG
383-
ZEND_COLD void zend_debug_alloc_output(char *format, ...)
384-
{
385-
char output_buf[256];
386-
va_list args;
387-
388-
va_start(args, format);
389-
vsprintf(output_buf, format, args);
390-
va_end(args);
391-
392-
#ifdef ZEND_WIN32
393-
OutputDebugString(output_buf);
394-
#else
395-
fprintf(stderr, "%s", output_buf);
396-
#endif
397-
}
398-
#endif
399-
400382
static ZEND_COLD ZEND_NORETURN void zend_mm_panic(const char *message)
401383
{
402384
fprintf(stderr, "%s\n", message);

ext/pdo_firebird/firebird_statement.c

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,6 @@ static int get_formatted_time_tz(pdo_stmt_t *stmt, const ISC_TIME_TZ* timeTz, zv
8787
struct tm t;
8888
ISC_TIME time;
8989
char timeBuf[80] = {0};
90-
char timeTzBuf[124] = {0};
9190
if (fb_decode_time_tz(S->H->isc_status, timeTz, &hours, &minutes, &seconds, &fractions, sizeof(timeZoneBuffer), timeZoneBuffer)) {
9291
return 1;
9392
}
@@ -100,8 +99,8 @@ static int get_formatted_time_tz(pdo_stmt_t *stmt, const ISC_TIME_TZ* timeTz, zv
10099
return 1;
101100
}
102101

103-
size_t time_tz_len = sprintf(timeTzBuf, "%s %s", timeBuf, timeZoneBuffer);
104-
ZVAL_STRINGL(result, timeTzBuf, time_tz_len);
102+
zend_string *time_tz_str = zend_strpprintf(0, "%s %s", timeBuf, timeZoneBuffer);
103+
ZVAL_NEW_STR(result, time_tz_str);
105104
return 0;
106105
}
107106

@@ -115,7 +114,6 @@ static int get_formatted_timestamp_tz(pdo_stmt_t *stmt, const ISC_TIMESTAMP_TZ*
115114
struct tm t;
116115
ISC_TIMESTAMP ts;
117116
char timestampBuf[80] = {0};
118-
char timestampTzBuf[124] = {0};
119117
if (fb_decode_timestamp_tz(S->H->isc_status, timestampTz, &year, &month, &day, &hours, &minutes, &seconds, &fractions, sizeof(timeZoneBuffer), timeZoneBuffer)) {
120118
return 1;
121119
}
@@ -130,8 +128,8 @@ static int get_formatted_timestamp_tz(pdo_stmt_t *stmt, const ISC_TIMESTAMP_TZ*
130128
return 1;
131129
}
132130

133-
size_t timestamp_tz_len = sprintf(timestampTzBuf, "%s %s", timestampBuf, timeZoneBuffer);
134-
ZVAL_STRINGL(result, timestampTzBuf, timestamp_tz_len);
131+
zend_string *timestamp_tz_str = zend_strpprintf(0, "%s %s", timestampBuf, timeZoneBuffer);
132+
ZVAL_NEW_STR(result, timestamp_tz_str);
135133
return 0;
136134
}
137135

0 commit comments

Comments
 (0)