From: Ngie Cooper <yanegomi@gmail.com>
Date: Sun, 11 Dec 2016 00:22:10 +0000 (-0800)
Subject: Don't overrun `tmpdir` buffer with sprintf
X-Git-Tag: v3.3.0~90^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e08543094231b9b209a5f0a48e87520a3083a011;p=thirdparty%2Flibarchive.git

Don't overrun `tmpdir` buffer with sprintf

If progname is sufficiently large enough, it would overflow the `tmpdir`
buffer, causing an illegal memory access

Reported by:	Coverity
CID:	1331594
---

diff --git a/tar/test/main.c b/tar/test/main.c
index 6077af5f0..6bc355783 100644
--- a/tar/test/main.c
+++ b/tar/test/main.c
@@ -2958,8 +2958,8 @@ main(int argc, char **argv)
 		strftime(tmpdir_timestamp, sizeof(tmpdir_timestamp),
 		    "%Y-%m-%dT%H.%M.%S",
 		    localtime(&now));
-		sprintf(tmpdir, "%s/%s.%s-%03d", tmp, progname,
-		    tmpdir_timestamp, i);
+		snprintf(tmpdir, sizeof(tmpdir), "%s/%s.%s-%03d", tmp,
+		    progname, tmpdir_timestamp, i);
 		if (assertMakeDir(tmpdir,0755))
 			break;
 		if (i >= 999) {