From: Antony Dovgal <tony2001@php.net>
Date: Thu, 18 Jan 2007 16:21:32 +0000 (+0000)
Subject: MFH
X-Git-Tag: php-5.2.1RC3~6
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=84a827e0d40d5b80c660baf16250f56a9992b67f;p=php

MFH
---

diff --git a/ext/soap/soap.c b/ext/soap/soap.c
index cf0333ff67..7c990fd33b 100644
--- a/ext/soap/soap.c
+++ b/ext/soap/soap.c
@@ -1853,7 +1853,7 @@ PHP_METHOD(SoapServer, handle)
 			php_error_docref(NULL TSRMLS_CC, E_ERROR, "Dump memory failed");
 		} 	
 
-		sprintf(cont_len, "Content-Length: %d", size);
+		snprintf(cont_len, sizeof(cont_len), "Content-Length: %d", size);
 		sapi_add_header(cont_len, strlen(cont_len), 1);
 		if (soap_version == SOAP_1_2) {
 			sapi_add_header("Content-Type: application/soap+xml; charset=utf-8", sizeof("Content-Type: application/soap+xml; charset=utf-8")-1, 1);
@@ -1982,7 +1982,7 @@ static void soap_server_fault_ex(sdlFunctionPtr function, zval* fault, soapHeade
 	   our fault code with their own handling... Figure this out later
 	*/
 	sapi_add_header("HTTP/1.1 500 Internal Service Error", sizeof("HTTP/1.1 500 Internal Service Error")-1, 1);
-	sprintf(cont_len,"Content-Length: %d", size);
+	snprintf(cont_len, sizeof(cont_len), "Content-Length: %d", size);
 	sapi_add_header(cont_len, strlen(cont_len), 1);
 	if (soap_version == SOAP_1_2) {
 		sapi_add_header("Content-Type: application/soap+xml; charset=utf-8", sizeof("Content-Type: application/soap+xml; charset=utf-8")-1, 1);
@@ -4223,7 +4223,7 @@ static xmlNodePtr serialize_parameter(sdlParamPtr param, zval *param_val, int in
 	} else {
 		if (name == NULL) {
 			paramName = paramNameBuf;
-			sprintf(paramName,"param%d",index);
+			snprintf(paramName, sizeof(paramNameBuf), "param%d",index);
 		} else {
 			paramName = name;
 		}
diff --git a/ext/standard/html.c b/ext/standard/html.c
index b71d724df7..5da3eaae07 100644
--- a/ext/standard/html.c
+++ b/ext/standard/html.c
@@ -1354,7 +1354,7 @@ PHP_FUNCTION(get_html_translation_table)
 						continue;
 					/* what about wide chars here ?? */
 					ind[0] = i + entity_map[j].basechar;
-					sprintf(buffer, "&%s;", entity_map[j].table[i]);
+					snprintf(buffer, sizeof(buffer), "&%s;", entity_map[j].table[i]);
 					add_assoc_string(return_value, ind, buffer, 1);
 
 				}
diff --git a/ext/wddx/wddx.c b/ext/wddx/wddx.c
index 33f4968528..b4900eb662 100644
--- a/ext/wddx/wddx.c
+++ b/ext/wddx/wddx.c
@@ -448,7 +448,7 @@ static void php_wddx_serialize_object(wddx_packet *packet, zval *obj)
 			PHP_SET_CLASS_ATTRIBUTES(obj);
 
 			php_wddx_add_chunk_static(packet, WDDX_STRUCT_S);
-			sprintf(tmp_buf, WDDX_VAR_S, PHP_CLASS_NAME_VAR);
+			snprintf(tmp_buf, WDDX_BUF_LEN, WDDX_VAR_S, PHP_CLASS_NAME_VAR);
 			php_wddx_add_chunk(packet, tmp_buf);
 			php_wddx_add_chunk_static(packet, WDDX_STRING_S);
 			php_wddx_add_chunk_ex(packet, class_name, name_len);
@@ -480,7 +480,7 @@ static void php_wddx_serialize_object(wddx_packet *packet, zval *obj)
 		PHP_SET_CLASS_ATTRIBUTES(obj);
 
 		php_wddx_add_chunk_static(packet, WDDX_STRUCT_S);
-		sprintf(tmp_buf, WDDX_VAR_S, PHP_CLASS_NAME_VAR);
+		snprintf(tmp_buf, WDDX_BUF_LEN, WDDX_VAR_S, PHP_CLASS_NAME_VAR);
 		php_wddx_add_chunk(packet, tmp_buf);
 		php_wddx_add_chunk_static(packet, WDDX_STRING_S);
 		php_wddx_add_chunk_ex(packet, class_name, name_len);