From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 8 Mar 2009 22:42:50 +0000 (+0000)
Subject: - Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
X-Git-Tag: upstream/7.37.1~6493
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=9274d3169089f86f7ba1b3553585cfe6a2747f2e;p=platform%2Fupstream%2Fcurl.git

- Bill Egert pointed out (curl.haxx.se/bug/view.cgi?id=2671602) that
  curl didn't use sprintf() in a way that is documented to work in POSIX but
  since we use our own printf() code (from libcurl) that shouldn't be a
  problem. Nonetheless I modified the code to not rely on such particular
  features and to not cause further raised eyebrowse with no good reason.
---

diff --git a/CHANGES b/CHANGES
index 01cc721..57d9098 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,13 @@
 
                                   Changelog
 
+Daniel Stenberg (8 Mar 2009)
+- Bill Egert pointed out (http://curl.haxx.se/bug/view.cgi?id=2671602) that
+  curl didn't use sprintf() in a way that is documented to work in POSIX but
+  since we use our own printf() code (from libcurl) that shouldn't be a
+  problem. Nonetheless I modified the code to not rely on such particular
+  features and to not cause further raised eyebrowse with no good reason.
+
 Daniel Fandrich (5 Mar 2009)
 - Expanded the security section of the libcurl-tutorial man page to cover
   more issues for authors to consider when writing robust libcurl-using
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 4398cce..9c7784e 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -23,6 +23,6 @@ This release includes the following known bugs:
 This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
- David James, Chris Deidun
+ Daniel Fandrich, Yang Tse, David James, Chris Deidun, Bill Egert
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/src/main.c b/src/main.c
index 958c8b5..aabd659 100644
--- a/src/main.c
+++ b/src/main.c
@@ -5286,13 +5286,14 @@ static int create_dir_hierarchy(const char *outfile, FILE *errors)
     /* since strtok returns a token for the last word even
        if not ending with DIR_CHAR, we need to prune it */
     if (tempdir2 != NULL) {
-      if (strlen(dirbuildup) > 0)
-        sprintf(dirbuildup,"%s%s%s",dirbuildup, DIR_CHAR, tempdir);
+      size_t dlen = strlen(dirbuildup);
+      if (dlen)
+        sprintf(&dirbuildup[dlen], "%s%s", DIR_CHAR, tempdir);
       else {
         if (0 != strncmp(outdup, DIR_CHAR, 1))
-          sprintf(dirbuildup,"%s",tempdir);
+          strcpy(dirbuildup, tempdir);
         else
-          sprintf(dirbuildup,"%s%s", DIR_CHAR, tempdir);
+          sprintf(dirbuildup, "%s%s", DIR_CHAR, tempdir);
       }
       if (access(dirbuildup, F_OK) == -1) {
         result = mkdir(dirbuildup,(mode_t)0000750);