From fbdd97254de38951a859e9a96cf08f77435bb05a Mon Sep 17 00:00:00 2001 From: Ivan Maidanski Date: Sat, 10 Dec 2016 01:54:05 +0300 Subject: [PATCH] Eliminate 'use of vulnerable sprintf' code defect in de_win test (cord) * cord/tests/de_win.c (WinMain): Do not call sprintf() on RegisterClass and CreateWindow failure; invoke de_error() with the immediate error message strings (without the error code). --- cord/tests/de_win.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/cord/tests/de_win.c b/cord/tests/de_win.c index b36d864c..0af00df4 100644 --- a/cord/tests/de_win.c +++ b/cord/tests/de_win.c @@ -62,11 +62,7 @@ int APIENTRY WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wndclass.lpszClassName = szAppName; if (RegisterClass (&wndclass) == 0) { - char buf[50]; - - sprintf(buf, "RegisterClass: error code: 0x%X", - (unsigned)GetLastError()); - de_error(buf); + de_error("RegisterClass error"); return(0); } } @@ -99,11 +95,7 @@ int APIENTRY WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, NULL, /* Window class menu */ hInstance, NULL); if (hwnd == NULL) { - char buf[50]; - - sprintf(buf, "CreateWindow: error code: 0x%X", - (unsigned)GetLastError()); - de_error(buf); + de_error("CreateWindow error"); return(0); } -- 2.40.0