Change sprintf to snprintf for security issue

author JunsuChoi <jsuya.choi@samsung.com>

Wed, 19 Apr 2017 10:57:35 +0000 (19:57 +0900)

committer junsu choi <jsuya.choi@samsung.com>

Wed, 24 May 2017 06:55:49 +0000 (06:55 +0000)
author JunsuChoi <jsuya.choi@samsung.com>
Wed, 19 Apr 2017 10:57:35 +0000 (19:57 +0900)
committer junsu choi <jsuya.choi@samsung.com>
Wed, 24 May 2017 06:55:49 +0000 (06:55 +0000)
diff --git a/src/wearable/circle/efl_extension_circle_object_datetime.c b/src/wearable/circle/efl_extension_circle_object_datetime.c

index b1342080c763e2b2cad6acb6c3ef6e5753efebfa..fb331a06a3f5782434eb4ee2f299f6c9de711cff 100644 (file)
--- a/src/wearable/circle/efl_extension_circle_object_datetime.c
+++ b/src/wearable/circle/efl_extension_circle_object_datetime.c
@@ -552,7 +552,7 @@ _eext_circle_object_datetime_bg_image_append(Eext_Circle_Object *obj)
  static void
  _accessibility_item_make_trait(char *trait, char *unit)
  {
-   sprintf(trait, _("WDS_TTS_TBBODY_ROTATE_BEZEL_TO_ADJUST_PS"), unit);
+   snprintf(trait, sizeof(trait), _("WDS_TTS_TBBODY_ROTATE_BEZEL_TO_ADJUST_PS"), unit);
  }
  
  //for accessibility
@@ -603,72 +603,72 @@ _accessibility_item_name_set_cb(void *data, Evas_Object *obj)
     switch(selected)
       {
          case ELM_DATETIME_DATE:
-           sprintf(buf_unit, _("IDS_COM_BODY_DAY"));
+           snprintf(buf_unit, sizeof(buf_unit),  _("IDS_COM_BODY_DAY"));
             _accessibility_item_make_trait(buf_trait, buf_unit);
-           sprintf(buf, "%2.0f %s %s",(double)t.tm_mday, buf_unit, buf_trait);
+           snprintf(buf, sizeof(buf),  "%2.0f %s %s",(double)t.tm_mday, buf_unit, buf_trait);
             break;
          case ELM_DATETIME_MONTH:
             if(t.tm_mon == 0)
-              sprintf(buf_month, _("IDS_COM_BODY_JANUARY"));
+              snprintf(buf_month, sizeof(buf_month),  _("IDS_COM_BODY_JANUARY"));
             else if(t.tm_mon == 1)
-              sprintf(buf_month, _("IDS_COM_BODY_FEBRUARY"));
+              snprintf(buf_month, sizeof(buf_month),  _("IDS_COM_BODY_FEBRUARY"));
             else if(t.tm_mon == 2)
-              sprintf(buf_month, _("IDS_COM_BODY_MARCH"));
+              snprintf(buf_month, sizeof(buf_month),  _("IDS_COM_BODY_MARCH"));
             else if(t.tm_mon == 3)
-              sprintf(buf_month, _("IDS_COM_BODY_APRIL"));
+              snprintf(buf_month, sizeof(buf_month),  _("IDS_COM_BODY_APRIL"));
             else if(t.tm_mon == 4)
-              sprintf(buf_month, _("IDS_COM_BODY_MAY"));
+              snprintf(buf_month, sizeof(buf_month),  _("IDS_COM_BODY_MAY"));
             else if(t.tm_mon == 5)
-              sprintf(buf_month, _("IDS_COM_BODY_JUNE"));
+              snprintf(buf_month, sizeof(buf_month),  _("IDS_COM_BODY_JUNE"));
             else if(t.tm_mon == 6)
-              sprintf(buf_month, _("IDS_COM_BODY_JULY"));
+              snprintf(buf_month, sizeof(buf_month),  _("IDS_COM_BODY_JULY"));
             else if(t.tm_mon == 7)
-              sprintf(buf_month, _("IDS_COM_BODY_AUGUST"));
+              snprintf(buf_month, sizeof(buf_month),  _("IDS_COM_BODY_AUGUST"));
             else if(t.tm_mon == 8)
-              sprintf(buf_month, _("IDS_COM_BODY_SEPTEMBER"));
+              snprintf(buf_month, sizeof(buf_month),  _("IDS_COM_BODY_SEPTEMBER"));
             else if(t.tm_mon == 9)
-              sprintf(buf_month, _("IDS_COM_BODY_OCTOBER"));
+              snprintf(buf_month, sizeof(buf_month),  _("IDS_COM_BODY_OCTOBER"));
             else if(t.tm_mon == 10)
-              sprintf(buf_month, _("IDS_COM_BODY_NOVEMBER"));
+              snprintf(buf_month, sizeof(buf_month),  _("IDS_COM_BODY_NOVEMBER"));
             else if(t.tm_mon == 11)
-              sprintf(buf_month, _("IDS_COM_BODY_DECEMBER"));
-           sprintf(buf_unit, _("IDS_COM_BODY_MONTH"));
+              snprintf(buf_month, sizeof(buf_month),  _("IDS_COM_BODY_DECEMBER"));
+           snprintf(buf_unit, sizeof(buf_unit),  _("IDS_COM_BODY_MONTH"));
             _accessibility_item_make_trait(buf_trait, buf_unit);
-           sprintf(buf, "%s %s %s",buf_month, buf_unit, buf_trait);
+           snprintf(buf, sizeof(buf),  "%s %s %s",buf_month, buf_unit, buf_trait);
             break;
          case ELM_DATETIME_YEAR:
-           sprintf(buf_unit, _("IDS_COM_BODY_YEAR"));
+           snprintf(buf_unit, sizeof(buf_unit),  _("IDS_COM_BODY_YEAR"));
             _accessibility_item_make_trait(buf_trait, buf_unit);
-           sprintf(buf, "%4.0f %s %s",(double)t.tm_year + (double)1900.0f, buf_unit, buf_trait);
+           snprintf(buf, sizeof(buf),  "%4.0f %s %s",(double)t.tm_year + (double)1900.0f, buf_unit, buf_trait);
             break;
          case ELM_DATETIME_AMPM:
             snprintf(buf_trait, sizeof(buf_trait), _("WDS_TTS_TBBODY_DOUBLE_TAP_TO_CHANGE"));
             if((double)t.tm_hour <= 12.0f)
-              sprintf(buf_unit, _("IDS_COM_BODY_AM"));
+              snprintf(buf_unit, sizeof(buf_unit),  _("IDS_COM_BODY_AM"));
             else
-              sprintf(buf_unit, _("IDS_COM_BODY_PM"));
+              snprintf(buf_unit, sizeof(buf_unit),  _("IDS_COM_BODY_PM"));
             _accessibility_item_make_trait(buf_trait, buf_unit);
-           sprintf(buf, "%s %s",buf_unit, buf_trait);
+           snprintf(buf, sizeof(buf),  "%s %s",buf_unit, buf_trait);
             break;
          case ELM_DATETIME_HOUR:
-           sprintf(buf_unit, _("IDS_COM_BODY_HOUR"));
+           snprintf(buf_unit, sizeof(buf_unit),  _("IDS_COM_BODY_HOUR"));
             if((double)t.tm_hour <= 12.0f)
               {
-                sprintf(buf_ampm, _("IDS_COM_BODY_AM"));
+                snprintf(buf_ampm, sizeof(buf_ampm), _("IDS_COM_BODY_AM"));
                  _accessibility_item_make_trait(buf_trait, buf_unit);
-                sprintf(buf, "%2.0f %s %s %s",(double)t.tm_hour, buf_ampm, buf_unit, buf_trait);
+                snprintf(buf, sizeof(buf),  "%2.0f %s %s %s",(double)t.tm_hour, buf_ampm, buf_unit, buf_trait);
               }
             else
               {
-                sprintf(buf_ampm, _("IDS_COM_BODY_PM"));
+                snprintf(buf_ampm, sizeof(buf_ampm), _("IDS_COM_BODY_PM"));
                  _accessibility_item_make_trait(buf_trait, buf_unit);
-                sprintf(buf, "%2.0f %s %s %s",(double)t.tm_hour - (double)12.0f, buf_ampm, buf_unit, buf_trait);
+                snprintf(buf, sizeof(buf),  "%2.0f %s %s %s",(double)t.tm_hour - (double)12.0f, buf_ampm, buf_unit, buf_trait);
               }
             break;
          case ELM_DATETIME_MINUTE:
-           sprintf(buf_unit, _("IDS_COM_BODY_MINUTE"));
+           snprintf(buf_unit, sizeof(buf_unit),  _("IDS_COM_BODY_MINUTE"));
             _accessibility_item_make_trait(buf_trait, buf_unit);
-           sprintf(buf, "%2.0f %s %s",(double)t.tm_min, buf_unit, buf_trait);
+           snprintf(buf, sizeof(buf),  "%2.0f %s %s",(double)t.tm_min, buf_unit, buf_trait);
             break;
       }
author	JunsuChoi <jsuya.choi@samsung.com>
	Wed, 19 Apr 2017 10:57:35 +0000 (19:57 +0900)
committer	junsu choi <jsuya.choi@samsung.com>
	Wed, 24 May 2017 06:55:49 +0000 (06:55 +0000)