From 093ccb0ecdba7d5c4b5363e7dda33b1769fcc08a Mon Sep 17 00:00:00 2001 From: Mark Mentovai Date: Mon, 7 Nov 2022 09:32:02 -0500 Subject: [PATCH] openjp2/j2k: replace sprintf calls with snprintf MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This makes it possible to build j2k.c without warnings using the macOS 13 SDK. Calls to sprintf are replaced with snprintf, passing appropriate buffer sizes. It doesn’t appear that any of the changed uses of sprintf were actually unsafe, so no behavior change is expected aside from SDK compatibility. The macOS 13 SDK deprecates sprintf as it’s difficult to use safely. The deprecation warning message is visible when building C++, but it is not normally visible when building plain C code due to a quirk in how sprintf is declared in the SDK. However, the deprecation message is visible when building plain C under Address Sanitizer (-fsanitize=address). This discrepancy was discovered at https://crbug.com/1381706 and reported to Apple with a copy at https://openradar.appspot.com/FB11761475. The macOS 13 SDK is packaged in Xcode 14.1, released on 2022-11-01. This also affects the iOS 16 SDK and other 2022-era Apple OS SDKs packaged in Xcode 14.0, released on 2022-09-12. j2k.c is visible to the Chromium build via PDFium, and this change is needed to allow Chromium to move forward to the macOS 13 SDK. This change is limited to src/lib/openjp2. Other uses of sprintf were found throughout openjpeg. --- src/lib/openjp2/j2k.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c index 923bd8916..354415df7 100644 --- a/src/lib/openjp2/j2k.c +++ b/src/lib/openjp2/j2k.c @@ -7954,21 +7954,24 @@ OPJ_BOOL opj_j2k_setup_encoder(opj_j2k_t *p_j2k, /* UniPG>> */ #ifdef USE_JPWL - cp->comment = (char*)opj_malloc(clen + strlen(version) + 11); + const size_t cp_comment_buf_size = clen + strlen(version) + 11; + cp->comment = (char*)opj_malloc(cp_comment_buf_size); if (!cp->comment) { opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to allocate comment string\n"); return OPJ_FALSE; } - sprintf(cp->comment, "%s%s with JPWL", comment, version); + snprintf(cp->comment, cp_comment_buf_size, "%s%s with JPWL", + comment, version); #else - cp->comment = (char*)opj_malloc(clen + strlen(version) + 1); + const size_t cp_comment_buf_size = clen + strlen(version) + 1; + cp->comment = (char*)opj_malloc(cp_comment_buf_size); if (!cp->comment) { opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to allocate comment string\n"); return OPJ_FALSE; } - sprintf(cp->comment, "%s%s", comment, version); + snprintf(cp->comment, cp_comment_buf_size, "%s%s", comment, version); #endif /* <comps[compno].data = p_j2k->m_output_image->comps[compno].data; #if 0 char fn[256]; - sprintf(fn, "/tmp/%d.raw", compno); + snprintf(fn, sizeof fn, "/tmp/%d.raw", compno); FILE *debug = fopen(fn, "wb"); fwrite(p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug);