Changed sprintf() calls to snprintf().

diff --git a/main.c b/main.c
index 52ec58e..46d6250 100644 (file)
--- a/main.c
+++ b/main.c
@@ -1258,8 +1258,8 @@ static RETSIGTYPE rsync_panic_handler(UNUSED(int whatsig))
        char cmd_buf[300];
        int ret;
 
-       sprintf(cmd_buf, get_panic_action(),
-               getpid(), getpid());
+       snprintf(cmd_buf, sizeof cmd_buf, get_panic_action(),
+                getpid(), getpid());
 
        /* Unless we failed to execute gdb, we allow the process to
         * continue.  I'm not sure if that's right. */

diff --git a/util.c b/util.c
index f32d881..0887e7f 100644 (file)
--- a/util.c
+++ b/util.c
@@ -359,7 +359,7 @@ int robust_unlink(const char *fname)
        /* start where the last one left off to reduce chance of clashes */
        start = counter;
        do {
-               sprintf(&path[pos], "%03d", counter);
+               snprintf(&path[pos], 4, "%03d", counter);
                if (++counter >= MAX_RENAMES)
                        counter = 1;
        } while ((rc = access(path, 0)) == 0 && counter != start);
@@ -1115,7 +1115,7 @@ char *human_num(int64 num)
                        units = 'K';
                }
                if (units) {
-                       sprintf(bufs[n], "%.2f%c", dnum, units);
+                       snprintf(bufs[n], sizeof bufs[0], "%.2f%c", dnum, units);
                        return bufs[n];
                }
        }