From: Zeev Suraski <zeev@php.net>
Date: Sat, 9 Sep 2000 15:06:38 +0000 (+0000)
Subject: Don't use unsafe sprintf()
X-Git-Tag: php-4.0.3RC1~224
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4acff8f37f59bded8e613cccf474c1576a8334b4;p=php

Don't use unsafe sprintf()
---

diff --git a/Zend/zend.c b/Zend/zend.c
index 8e706b2481..2c2fa082ae 100644
--- a/Zend/zend.c
+++ b/Zend/zend.c
@@ -615,12 +615,13 @@ ZEND_API void zend_error(int type, const char *format, ...)
 
 #ifdef HAVE_VSNPRINTF
 			z_error_message->value.str.len = vsnprintf(z_error_message->value.str.val, ZEND_ERROR_BUFFER_SIZE, format, args);
-			if(z_error_message->value.str.len > ZEND_ERROR_BUFFER_SIZE-1) {
+			if (z_error_message->value.str.len > ZEND_ERROR_BUFFER_SIZE-1) {
 				z_error_message->value.str.len = ZEND_ERROR_BUFFER_SIZE-1;
 			}
 #else
+			strncpy(z_error_message->value.str.val, format, ZEND_ERROR_BUFFER_SIZE);
 			/* This is risky... */
-			z_error_message->value.str.len = vsprintf(z_error_message->value.str.val, format, args);
+			/* z_error_message->value.str.len = vsprintf(z_error_message->value.str.val, format, args); */
 #endif
 			z_error_message->type = IS_STRING;