--- preproc.c.orig 2004-12-16 10:49:55 -0500 +++ preproc.c 2004-12-16 10:51:48 -0500 @@ -528,7 +528,7 @@ fname++; fnlen = strcspn(fname, "\""); line = nasm_malloc(20 + fnlen); - sprintf(line, "%%line %d %.*s", lineno, fnlen, fname); + snprintf(line, 20+fnlen,"%%line %d %.*s", lineno, fnlen, fname); nasm_free(oldline); } if (tasm_compatible_mode) @@ -1043,7 +1043,7 @@ char *p, *q = t->text + 2; q += strspn(q, "$"); - sprintf(buffer, "..@%lu.", ctx->number); + snprintf(buffer, sizeof(buffer), "..@%lu.", ctx->number); p = nasm_strcat(buffer, q); nasm_free(t->text); t->text = p; @@ -1520,23 +1520,30 @@ t = t->next; continue; } - else if (tt->type == TOK_WHITESPACE) + if (tt->type == TOK_WHITESPACE) { tt = tt->next; continue; } - else if (tt->type != t->type || - mstrcmp(tt->text, t->text, casesense)) + if (tt->type != t->type) { j = FALSE; /* found mismatching tokens */ break; } - else + /* Unify surrounding quotes for strings */ + if (t->type == TOK_STRING) { - t = t->next; - tt = tt->next; - continue; + tt->text[0] = t->text[0]; + tt->text[strlen(tt->text) - 1] = t->text[0]; } + if (mstrcmp(tt->text, t->text, casesense) != 0) + { + j = FALSE; /* found mismatching tokens */ + break; + } + + t = t->next; + tt = tt->next; } if ((t->type != TOK_OTHER || strcmp(t->text, ",")) || tt) j = FALSE; /* trailing gunk on one end or other */ @@ -1954,7 +1961,7 @@ free_tlist(tt); /* Now define the macro for the argument */ - sprintf(directive, "%%define %s (%s+%d)", arg, StackPointer, + snprintf(directive, sizeof(directive), "%%define %s (%s+%d)", arg, StackPointer, offset); do_directive(tokenise(directive)); offset += size; @@ -2051,13 +2058,13 @@ free_tlist(tt); /* Now define the macro for the argument */ - sprintf(directive, "%%define %s (%s-%d)", local, StackPointer, + snprintf(directive, sizeof(directive), "%%define %s (%s-%d)", local, StackPointer, offset); do_directive(tokenise(directive)); offset += size; /* Now define the assign to setup the enter_c macro correctly */ - sprintf(directive, "%%assign %%$localsize %%$localsize+%d", + snprintf(directive, sizeof(directive), "%%assign %%$localsize %%$localsize+%d", size); do_directive(tokenise(directive)); @@ -3182,12 +3189,12 @@ */ case '0': type = TOK_NUMBER; - sprintf(tmpbuf, "%d", mac->nparam); + snprintf(tmpbuf, sizeof(tmpbuf), "%d", mac->nparam); text = nasm_strdup(tmpbuf); break; case '%': type = TOK_ID; - sprintf(tmpbuf, "..@%lu.", mac->unique); + snprintf(tmpbuf, sizeof(tmpbuf), "..@%lu.", mac->unique); text = nasm_strcat(tmpbuf, t->text + 2); break; case '-': @@ -4067,7 +4074,7 @@ return; va_start(arg, fmt); - vsprintf(buff, fmt, arg); + vsnprintf(buff, sizeof(buff), fmt, arg); va_end(arg); if (istk && istk->mstk && istk->mstk->name) @@ -4530,7 +4537,7 @@ make_tok_num(Token * tok, long val) { char numbuf[20]; - sprintf(numbuf, "%ld", val); + snprintf(numbuf, sizeof(numbuf), "%ld", val); tok->text = nasm_strdup(numbuf); tok->type = TOK_NUMBER; } --- disasm.c.orig 2003-02-24 18:22:45.000000000 -0500 +++ disasm.c 2004-12-15 18:00:13.000000000 -0500 @@ -484,8 +484,8 @@ return data - origdata; } -long disasm (unsigned char *data, char *output, int segsize, long offset, - int autosync, unsigned long prefer) +long disasm (unsigned char *data, char *output, int outbufsize, int segsize, + long offset, int autosync, unsigned long prefer) { struct itemplate **p, **best_p; int length, best_length = 0; @@ -583,26 +583,26 @@ slen = 0; if (lock) - slen += sprintf(output+slen, "lock "); + slen += snprintf(output+slen, outbufsize-slen, "lock "); for (i = 0; i < ins.nprefix; i++) switch (ins.prefixes[i]) { - case P_REP: slen += sprintf(output+slen, "rep "); break; - case P_REPE: slen += sprintf(output+slen, "repe "); break; - case P_REPNE: slen += sprintf(output+slen, "repne "); break; - case P_A16: slen += sprintf(output+slen, "a16 "); break; - case P_A32: slen += sprintf(output+slen, "a32 "); break; - case P_O16: slen += sprintf(output+slen, "o16 "); break; - case P_O32: slen += sprintf(output+slen, "o32 "); break; + case P_REP: slen += snprintf(output+slen, outbufsize-slen, "rep "); break; + case P_REPE: slen += snprintf(output+slen, outbufsize-slen, "repe "); break; + case P_REPNE: slen += snprintf(output+slen, outbufsize-slen, "repne "); break; + case P_A16: slen += snprintf(output+slen, outbufsize-slen, "a16 "); break; + case P_A32: slen += snprintf(output+slen, outbufsize-slen, "a32 "); break; + case P_O16: slen += snprintf(output+slen, outbufsize-slen, "o16 "); break; + case P_O32: slen += snprintf(output+slen, outbufsize-slen, "o32 "); break; } for (i = 0; i < elements(ico); i++) if ((*p)->opcode == ico[i]) { - slen += sprintf(output+slen, "%s%s", icn[i], + slen += snprintf(output+slen, outbufsize-slen, "%s%s", icn[i], whichcond(ins.condition)); break; } if (i >= elements(ico)) - slen += sprintf(output+slen, "%s", insn_names[(*p)->opcode]); + slen += snprintf(output+slen, outbufsize-slen, "%s", insn_names[(*p)->opcode]); colon = FALSE; length += data - origdata; /* fix up for prefixes */ for (i=0; i<(*p)->operands; i++) { @@ -633,14 +633,14 @@ ins.oprs[i].basereg = whichreg ((*p)->opd[i], ins.oprs[i].basereg); if ( (*p)->opd[i] & TO ) - slen += sprintf(output+slen, "to "); - slen += sprintf(output+slen, "%s", + slen += snprintf(output+slen, outbufsize-slen, "to "); + slen += snprintf(output+slen, outbufsize-slen, "%s", reg_names[ins.oprs[i].basereg-EXPR_REG_START]); } else if (!(UNITY & ~(*p)->opd[i])) { output[slen++] = '1'; } else if ( (*p)->opd[i] & IMMEDIATE ) { if ( (*p)->opd[i] & BITS8 ) { - slen += sprintf(output+slen, "byte "); + slen += snprintf(output+slen, outbufsize-slen, "byte "); if (ins.oprs[i].segment & SEG_SIGNED) { if (ins.oprs[i].offset < 0) { ins.oprs[i].offset *= -1; @@ -649,17 +649,17 @@ output[slen++] = '+'; } } else if ( (*p)->opd[i] & BITS16 ) { - slen += sprintf(output+slen, "word "); + slen += snprintf(output+slen, outbufsize-slen, "word "); } else if ( (*p)->opd[i] & BITS32 ) { - slen += sprintf(output+slen, "dword "); + slen += snprintf(output+slen, outbufsize-slen, "dword "); } else if ( (*p)->opd[i] & NEAR ) { - slen += sprintf(output+slen, "near "); + slen += snprintf(output+slen, outbufsize-slen, "near "); } else if ( (*p)->opd[i] & SHORT ) { - slen += sprintf(output+slen, "short "); + slen += snprintf(output+slen, outbufsize-slen, "short "); } - slen += sprintf(output+slen, "0x%lx", ins.oprs[i].offset); + slen += snprintf(output+slen, outbufsize-slen, "0x%lx", ins.oprs[i].offset); } else if ( !(MEM_OFFS & ~(*p)->opd[i]) ) { - slen += sprintf(output+slen, "[%s%s%s0x%lx]", + slen += snprintf(output+slen, outbufsize-slen, "[%s%s%s0x%lx]", (segover ? segover : ""), (segover ? ":" : ""), (ins.oprs[i].addr_size == 32 ? "dword " : @@ -669,30 +669,30 @@ } else if ( !(REGMEM & ~(*p)->opd[i]) ) { int started = FALSE; if ( (*p)->opd[i] & BITS8 ) - slen += sprintf(output+slen, "byte "); + slen += snprintf(output+slen, outbufsize-slen, "byte "); if ( (*p)->opd[i] & BITS16 ) - slen += sprintf(output+slen, "word "); + slen += snprintf(output+slen, outbufsize-slen, "word "); if ( (*p)->opd[i] & BITS32 ) - slen += sprintf(output+slen, "dword "); + slen += snprintf(output+slen, outbufsize-slen, "dword "); if ( (*p)->opd[i] & BITS64 ) - slen += sprintf(output+slen, "qword "); + slen += snprintf(output+slen, outbufsize-slen, "qword "); if ( (*p)->opd[i] & BITS80 ) - slen += sprintf(output+slen, "tword "); + slen += snprintf(output+slen, outbufsize-slen, "tword "); if ( (*p)->opd[i] & FAR ) - slen += sprintf(output+slen, "far "); + slen += snprintf(output+slen, outbufsize-slen, "far "); if ( (*p)->opd[i] & NEAR ) - slen += sprintf(output+slen, "near "); + slen += snprintf(output+slen, outbufsize-slen, "near "); output[slen++] = '['; if (ins.oprs[i].addr_size) - slen += sprintf(output+slen, "%s", + slen += snprintf(output+slen, outbufsize-slen, "%s", (ins.oprs[i].addr_size == 32 ? "dword " : ins.oprs[i].addr_size == 16 ? "word " : "")); if (segover) { - slen += sprintf(output+slen, "%s:", segover); + slen += snprintf(output+slen, outbufsize-slen, "%s:", segover); segover = NULL; } if (ins.oprs[i].basereg != -1) { - slen += sprintf(output+slen, "%s", + slen += snprintf(output+slen, outbufsize-slen, "%s", reg_names[(ins.oprs[i].basereg - EXPR_REG_START)]); started = TRUE; @@ -700,11 +700,11 @@ if (ins.oprs[i].indexreg != -1) { if (started) output[slen++] = '+'; - slen += sprintf(output+slen, "%s", + slen += snprintf(output+slen, outbufsize-slen, "%s", reg_names[(ins.oprs[i].indexreg - EXPR_REG_START)]); if (ins.oprs[i].scale > 1) - slen += sprintf(output+slen, "*%d", ins.oprs[i].scale); + slen += snprintf(output+slen, outbufsize-slen, "*%d", ins.oprs[i].scale); started = TRUE; } if (ins.oprs[i].segment & SEG_DISP8) { @@ -713,20 +713,20 @@ ins.oprs[i].offset = - (signed char) ins.oprs[i].offset; sign = '-'; } - slen += sprintf(output+slen, "%c0x%lx", sign, + slen += snprintf(output+slen, outbufsize-slen, "%c0x%lx", sign, ins.oprs[i].offset); } else if (ins.oprs[i].segment & SEG_DISP16) { if (started) output[slen++] = '+'; - slen += sprintf(output+slen, "0x%lx", ins.oprs[i].offset); + slen += snprintf(output+slen, outbufsize-slen, "0x%lx", ins.oprs[i].offset); } else if (ins.oprs[i].segment & SEG_DISP32) { if (started) output[slen++] = '+'; - slen += sprintf(output+slen, "0x%lx", ins.oprs[i].offset); + slen += snprintf(output+slen, outbufsize-slen, "0x%lx", ins.oprs[i].offset); } output[slen++] = ']'; } else { - slen += sprintf(output+slen, "", i); + slen += snprintf(output+slen, outbufsize-slen, "", i); } } output[slen] = '\0'; @@ -741,8 +741,8 @@ return length; } -long eatbyte (unsigned char *data, char *output) +long eatbyte (unsigned char *data, char *output, int outbufsize) { - sprintf(output, "db 0x%02X", *data); + snprintf(output, outbufsize, "db 0x%02X", *data); return 1; } --- ndisasm.c.orig 2002-04-30 17:04:18.000000000 -0400 +++ ndisasm.c 2004-12-15 13:27:21.000000000 -0500 @@ -243,10 +243,10 @@ nextsync = next_sync (offset, &synclen); } while (p > q && (p - q >= INSN_MAX || lenread == 0)) { - lendis = disasm (q, outbuf, bits, offset, autosync, prefer); + lendis = disasm (q, outbuf, sizeof(outbuf), bits, offset, autosync, prefer); if (!lendis || lendis > (p - q) || (unsigned long)lendis > nextsync-offset) - lendis = eatbyte (q, outbuf); + lendis = eatbyte (q, outbuf, sizeof(outbuf)); output_ins (offset, q, lendis, outbuf); q += lendis; offset += lendis; --- listing.c.orig 2002-09-11 22:23:54.000000000 -0400 +++ listing.c 2004-12-15 13:05:05.000000000 -0500 @@ -192,7 +192,7 @@ else if (typ == OUT_RESERVE) { char q[20]; - sprintf(q, "", size); + snprintf(q, sizeof(q), "", size); list_out (offset, q); } } --- labels.c.orig 2003-09-07 20:30:40.000000000 -0400 +++ labels.c 2004-12-15 13:03:20.000000000 -0500 @@ -221,7 +221,7 @@ slen += strlen(lpostfix); slen++; /* room for that null char */ xsymbol = nasm_malloc(slen); - sprintf(xsymbol,"%s%s%s",lprefix,lptr->defn.label,lpostfix); + snprintf(xsymbol,slen,"%s%s%s",lprefix,lptr->defn.label,lpostfix); ofmt->symdef (xsymbol, segment, offset, exi, special ? special : lptr->defn.special); @@ -286,7 +286,7 @@ slen += strlen(lpostfix); slen++; /* room for that null char */ xsymbol = nasm_malloc(slen); - sprintf(xsymbol,"%s%s%s",lprefix,lptr->defn.label,lpostfix); + snprintf(xsymbol,slen,"%s%s%s",lprefix,lptr->defn.label,lpostfix); ofmt->symdef (xsymbol, segment, offset, exi, special ? special : lptr->defn.special); --- nasm.c.orig 2003-09-10 19:34:23.000000000 -0400 +++ nasm.c 2004-12-15 12:10:25.000000000 -0500 @@ -185,7 +185,7 @@ /* define some macros dependent of command-line */ { char temp [64]; - sprintf (temp, "__OUTPUT_FORMAT__=%s\n", ofmt->shortname); + snprintf (temp, sizeof(temp), "__OUTPUT_FORMAT__=%s\n", ofmt->shortname); pp_pre_define (temp); } --- disasm.h.orig 2002-04-30 16:56:44.000000000 -0400 +++ disasm.h 2004-12-15 13:26:37.000000000 -0500 @@ -11,8 +11,8 @@ #define INSN_MAX 32 /* one instruction can't be longer than this */ -long disasm (unsigned char *data, char *output, int segsize, long offset, - int autosync, unsigned long prefer); -long eatbyte (unsigned char *data, char *output); +long disasm (unsigned char *data, char *output, int outbufsize, int segsize, + long offset, int autosync, unsigned long prefer); +long eatbyte (unsigned char *data, char *output, int outbufsize); #endif