diff --git a/trunk/src/app/srs_app_rtc_dtls.cpp b/trunk/src/app/srs_app_rtc_dtls.cpp index e65266ec926..9588cb63deb 100644 --- a/trunk/src/app/srs_app_rtc_dtls.cpp +++ b/trunk/src/app/srs_app_rtc_dtls.cpp @@ -333,17 +333,20 @@ srs_error_t SrsDtlsCertificate::initialize() // Show DTLS fingerprint if (true) { - char fp[100] = {0}; - char *p = fp; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int n = 0; // TODO: FIXME: Unused variable. /*int r = */X509_digest(dtls_cert, EVP_sha256(), md, &n); + char* fp = new char[3 * n]; + SrsAutoFreeA(char, fp); + char *p = fp; + for (unsigned int i = 0; i < n; i++, ++p) { - sprintf(p, "%02X", md[i]); - p += 2; + int nb = snprintf(p, 3, "%02X", md[i]); + srs_assert(nb > 0 && nb < (3 * n - (p - fp))); + p += nb; if(i < (n-1)) { *p = ':'; diff --git a/trunk/src/app/srs_app_tencentcloud.cpp b/trunk/src/app/srs_app_tencentcloud.cpp index 2b4ac9c9a84..18e973bb6fc 100644 --- a/trunk/src/app/srs_app_tencentcloud.cpp +++ b/trunk/src/app/srs_app_tencentcloud.cpp @@ -40,7 +40,7 @@ namespace tencentcloud_api_sign { SHA1_Final(digest, &ctx); char c_sha1[SHA_DIGEST_LENGTH*2+1]; for (unsigned i = 0; i < SHA_DIGEST_LENGTH; ++i) { - sprintf(&c_sha1[i*2], "%02x", (unsigned int)digest[i]); + snprintf(&c_sha1[i*2], 3, "%02x", (unsigned int)digest[i]); } return c_sha1; } @@ -65,7 +65,7 @@ namespace tencentcloud_api_sign { HMAC_CTX_free(ctx); #endif for (unsigned i = 0; i != digest_len; ++i) { - sprintf(&c_hmacsha1[i*2], "%02x", (unsigned int)digest[i]); + snprintf(&c_hmacsha1[i*2], 3, "%02x", (unsigned int)digest[i]); } return c_hmacsha1; } diff --git a/trunk/src/protocol/srs_protocol_json.cpp b/trunk/src/protocol/srs_protocol_json.cpp index 9c2b14f2efd..91f5059b720 100644 --- a/trunk/src/protocol/srs_protocol_json.cpp +++ b/trunk/src/protocol/srs_protocol_json.cpp @@ -567,7 +567,8 @@ json_value * json_parse_ex (json_settings * settings, if (flags & flag_string) { if (!b) - { sprintf (error, "Unexpected EOF in string (at %d:%d)", line_and_col); + { + snprintf(error, json_error_max, "Unexpected EOF in string (at %d:%d)", line_and_col); goto e_failed; } @@ -593,7 +594,7 @@ json_value * json_parse_ex (json_settings * settings, (uc_b3 = hex_value (*++ state.ptr)) == 0xFF || (uc_b4 = hex_value (*++ state.ptr)) == 0xFF) { - sprintf (error, "Invalid character value `%c` (at %d:%d)", b, line_and_col); + snprintf(error, json_error_max, "Invalid character value `%c` (at %d:%d)", b, line_and_col); goto e_failed; } @@ -610,7 +611,7 @@ json_value * json_parse_ex (json_settings * settings, (uc_b3 = hex_value (*++ state.ptr)) == 0xFF || (uc_b4 = hex_value (*++ state.ptr)) == 0xFF) { - sprintf (error, "Invalid character value `%c` (at %d:%d)", b, line_and_col); + snprintf(error, json_error_max, "Invalid character value `%c` (at %d:%d)", b, line_and_col); goto e_failed; } @@ -739,7 +740,8 @@ json_value * json_parse_ex (json_settings * settings, if (flags & flag_block_comment) { if (!b) - { sprintf (error, "%d:%d: Unexpected EOF in block comment", line_and_col); + { + snprintf(error, json_error_max, "%d:%d: Unexpected EOF in block comment", line_and_col); goto e_failed; } @@ -755,12 +757,14 @@ json_value * json_parse_ex (json_settings * settings, else if (b == '/') { if (! (flags & (flag_seek_value | flag_done)) && top->type != json_object) - { sprintf (error, "%d:%d: Comment not allowed here", line_and_col); + { + snprintf(error, json_error_max, "%d:%d: Comment not allowed here", line_and_col); goto e_failed; } if (++ state.ptr == end) - { sprintf (error, "%d:%d: EOF unexpected", line_and_col); + { + snprintf(error, json_error_max, "%d:%d: EOF unexpected", line_and_col); goto e_failed; } @@ -775,7 +779,7 @@ json_value * json_parse_ex (json_settings * settings, continue; default: - sprintf (error, "%d:%d: Unexpected `%c` in comment opening sequence", line_and_col, b); + snprintf(error, json_error_max, "%d:%d: Unexpected `%c` in comment opening sequence", line_and_col, b); goto e_failed; }; } @@ -793,7 +797,7 @@ json_value * json_parse_ex (json_settings * settings, default: - sprintf (error, "%d:%d: Trailing garbage: `%c`", + snprintf(error, json_error_max, "%d:%d: Trailing garbage: `%c`", state.cur_line, state.cur_col, b); goto e_failed; @@ -812,7 +816,8 @@ json_value * json_parse_ex (json_settings * settings, if (top && top->type == json_array) flags = (flags & ~ (flag_need_comma | flag_seek_value)) | flag_next; else - { sprintf (error, "%d:%d: Unexpected ]", line_and_col); + { + snprintf(error, json_error_max, "%d:%d: Unexpected ]", line_and_col); goto e_failed; } @@ -828,7 +833,7 @@ json_value * json_parse_ex (json_settings * settings, } else { - sprintf (error, "%d:%d: Expected , before %c", + snprintf(error, json_error_max, "%d:%d: Expected , before %c", state.cur_line, state.cur_col, b); goto e_failed; @@ -843,7 +848,7 @@ json_value * json_parse_ex (json_settings * settings, } else { - sprintf (error, "%d:%d: Expected : before %c", + snprintf(error, json_error_max, "%d:%d: Expected : before %c", state.cur_line, state.cur_col, b); goto e_failed; @@ -969,7 +974,8 @@ json_value * json_parse_ex (json_settings * settings, continue; } else - { sprintf (error, "%d:%d: Unexpected %c when seeking value", line_and_col, b); + { + snprintf(error, json_error_max, "%d:%d: Unexpected %c when seeking value", line_and_col, b); goto e_failed; } }; @@ -989,7 +995,8 @@ json_value * json_parse_ex (json_settings * settings, case '"': if (flags & flag_need_comma) - { sprintf (error, "%d:%d: Expected , before \"", line_and_col); + { + snprintf(error, json_error_max, "%d:%d: Expected , before \"", line_and_col); goto e_failed; } @@ -1014,7 +1021,7 @@ json_value * json_parse_ex (json_settings * settings, } default: - sprintf (error, "%d:%d: Unexpected `%c` in object", line_and_col, b); + snprintf(error, json_error_max, "%d:%d: Unexpected `%c` in object", line_and_col, b); goto e_failed; }; @@ -1032,7 +1039,8 @@ json_value * json_parse_ex (json_settings * settings, if (! (flags & flag_num_e)) { if (flags & flag_num_zero) - { sprintf (error, "%d:%d: Unexpected `0` before `%c`", line_and_col, b); + { + snprintf(error, json_error_max, "%d:%d: Unexpected `0` before `%c`", line_and_col, b); goto e_failed; } @@ -1069,7 +1077,8 @@ json_value * json_parse_ex (json_settings * settings, else if (b == '.' && top->type == json_integer) { if (!num_digits) - { sprintf (error, "%d:%d: Expected digit before `.`", line_and_col); + { + snprintf(error, json_error_max, "%d:%d: Expected digit before `.`", line_and_col); goto e_failed; } @@ -1085,7 +1094,8 @@ json_value * json_parse_ex (json_settings * settings, if (top->type == json_double) { if (!num_digits) - { sprintf (error, "%d:%d: Expected digit after `.`", line_and_col); + { + snprintf(error, json_error_max, "%d:%d: Expected digit after `.`", line_and_col); goto e_failed; } @@ -1111,7 +1121,8 @@ json_value * json_parse_ex (json_settings * settings, else { if (!num_digits) - { sprintf (error, "%d:%d: Expected digit after `e`", line_and_col); + { + snprintf(error, json_error_max, "%d:%d: Expected digit after `e`", line_and_col); goto e_failed; } @@ -1196,8 +1207,8 @@ json_value * json_parse_ex (json_settings * settings, return root; e_unknown_value: - - sprintf (error, "%d:%d: Unknown value", line_and_col); + + snprintf(error, json_error_max, "%d:%d: Unknown value", line_and_col); goto e_failed; e_alloc_failure: @@ -1206,8 +1217,8 @@ json_value * json_parse_ex (json_settings * settings, goto e_failed; e_overflow: - - sprintf (error, "%d:%d: Too long (caught overflow)", line_and_col); + + snprintf(error, json_error_max, "%d:%d: Too long (caught overflow)", line_and_col); goto e_failed; e_failed: diff --git a/trunk/src/utest/srs_utest_core.cpp b/trunk/src/utest/srs_utest_core.cpp index 85f3dd0c25a..379ab0078ae 100644 --- a/trunk/src/utest/srs_utest_core.cpp +++ b/trunk/src/utest/srs_utest_core.cpp @@ -54,7 +54,7 @@ VOID TEST(CoreLogger, CheckVsnprintf) HELPER_ARRAY_INIT(buf, sizeof(buf), 0xf); // Return the number of characters printed. - EXPECT_EQ(6, sprintf(buf, "%s", "Hello!")); + EXPECT_EQ(6, snprintf(buf, sizeof(buf), "%s", "Hello!")); EXPECT_EQ('H', buf[0]); EXPECT_EQ('!', buf[5]); EXPECT_EQ(0x0, buf[6]);