php/archived-php-src
1
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2026-03-24 08:12:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Avoid using unsafe sprintf() (#19598)

Browse Source
This commit is contained in:
Alexandre Daubois
2025-09-05 10:10:04 +02:00
committed by GitHub
parent 5d2cf26c87
commit 254934b2ee
2 changed files with 4 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
Zend/zend_alloc.c
View File

@@ -379,24 +379,6 @@ static const uint32_t bin_pages[] = {
ZEND_MM_BINS_INFO(_BIN_DATA_PAGES, x, y)
};
#if ZEND_DEBUG
ZEND_COLD void zend_debug_alloc_output(char *format, ...)
{
char output_buf[256];
va_list args;
va_start(args, format);
vsprintf(output_buf, format, args);
va_end(args);
#ifdef ZEND_WIN32
OutputDebugString(output_buf);
#else
fprintf(stderr, "%s", output_buf);
#endif
}
#endif
static ZEND_COLD ZEND_NORETURN void zend_mm_panic(const char *message)
{
fprintf(stderr, "%s\n", message);

10
ext/pdo_firebird/firebird_statement.c
View File

@@ -87,7 +87,6 @@ static int get_formatted_time_tz(pdo_stmt_t *stmt, const ISC_TIME_TZ* timeTz, zv
struct tm t;
ISC_TIME time;
char timeBuf[80] = {0};
char timeTzBuf[124] = {0};
if (fb_decode_time_tz(S->H->isc_status, timeTz, &hours, &minutes, &seconds, &fractions, sizeof(timeZoneBuffer), timeZoneBuffer)) {
return 1;
}
@@ -100,8 +99,8 @@ static int get_formatted_time_tz(pdo_stmt_t *stmt, const ISC_TIME_TZ* timeTz, zv
return 1;
}
size_t time_tz_len = sprintf(timeTzBuf, "%s %s", timeBuf, timeZoneBuffer);
ZVAL_STRINGL(result, timeTzBuf, time_tz_len);
zend_string *time_tz_str = zend_strpprintf(0, "%s %s", timeBuf, timeZoneBuffer);
ZVAL_NEW_STR(result, time_tz_str);
return 0;
}
@@ -115,7 +114,6 @@ static int get_formatted_timestamp_tz(pdo_stmt_t *stmt, const ISC_TIMESTAMP_TZ*
struct tm t;
ISC_TIMESTAMP ts;
char timestampBuf[80] = {0};
char timestampTzBuf[124] = {0};
if (fb_decode_timestamp_tz(S->H->isc_status, timestampTz, &year, &month, &day, &hours, &minutes, &seconds, &fractions, sizeof(timeZoneBuffer), timeZoneBuffer)) {
return 1;
}
@@ -130,8 +128,8 @@ static int get_formatted_timestamp_tz(pdo_stmt_t *stmt, const ISC_TIMESTAMP_TZ*
return 1;
}
size_t timestamp_tz_len = sprintf(timestampTzBuf, "%s %s", timestampBuf, timeZoneBuffer);
ZVAL_STRINGL(result, timestampTzBuf, timestamp_tz_len);
zend_string *timestamp_tz_str = zend_strpprintf(0, "%s %s", timestampBuf, timeZoneBuffer);
ZVAL_NEW_STR(result, timestamp_tz_str);
return 0;
}