diff --git a/src/java.base/share/native/libjli/java.c b/src/java.base/share/native/libjli/java.c index 7895153a624..57d25df4267 100644 --- a/src/java.base/share/native/libjli/java.c +++ b/src/java.base/share/native/libjli/java.c @@ -908,10 +908,11 @@ SetClassPath(const char *s) if (sizeof(format) - 2 + JLI_StrLen(s) < JLI_StrLen(s)) // s is became corrupted after expanding wildcards return; - def = JLI_MemAlloc(sizeof(format) + size_t defSize = sizeof(format) - 2 /* strlen("%s") */ - + JLI_StrLen(s)); - sprintf(def, format, s); + + JLI_StrLen(s); + def = JLI_MemAlloc(defSize); + snprintf(def, defSize, format, s); AddOption(def, NULL); if (s != orig) JLI_MemFree((char *) s); @@ -1364,8 +1365,9 @@ ParseArguments(int *pargc, char ***pargv, JLI_StrCCmp(arg, "-oss") == 0 || JLI_StrCCmp(arg, "-ms") == 0 || JLI_StrCCmp(arg, "-mx") == 0) { - char *tmp = JLI_MemAlloc(JLI_StrLen(arg) + 6); - sprintf(tmp, "-X%s", arg + 1); /* skip '-' */ + size_t tmpSize = JLI_StrLen(arg) + 6; + char *tmp = JLI_MemAlloc(tmpSize); + snprintf(tmp, tmpSize, "-X%s", arg + 1); /* skip '-' */ AddOption(tmp, NULL); } else if (JLI_StrCmp(arg, "-checksource") == 0 || JLI_StrCmp(arg, "-cs") == 0 || @@ -1699,8 +1701,9 @@ AddApplicationOptions(int cpathc, const char **cpathv) s = (char *) JLI_WildcardExpandClasspath(s); /* 40 for -Denv.class.path= */ if (JLI_StrLen(s) + 40 > JLI_StrLen(s)) { // Safeguard from overflow - envcp = (char *)JLI_MemAlloc(JLI_StrLen(s) + 40); - sprintf(envcp, "-Denv.class.path=%s", s); + size_t envcpSize = JLI_StrLen(s) + 40; + envcp = (char *)JLI_MemAlloc(envcpSize); + snprintf(envcp, envcpSize, "-Denv.class.path=%s", s); AddOption(envcp, NULL); } } @@ -1712,8 +1715,9 @@ AddApplicationOptions(int cpathc, const char **cpathv) } /* 40 for '-Dapplication.home=' */ - apphome = (char *)JLI_MemAlloc(JLI_StrLen(home) + 40); - sprintf(apphome, "-Dapplication.home=%s", home); + size_t apphomeSize = JLI_StrLen(home) + 40; + apphome = (char *)JLI_MemAlloc(apphomeSize); + snprintf(apphome, apphomeSize, "-Dapplication.home=%s", home); AddOption(apphome, NULL); /* How big is the application's classpath? */ diff --git a/src/java.base/unix/native/libjava/TimeZone_md.c b/src/java.base/unix/native/libjava/TimeZone_md.c index 2a1d8722b0f..eaf00fa1027 100644 --- a/src/java.base/unix/native/libjava/TimeZone_md.c +++ b/src/java.base/unix/native/libjava/TimeZone_md.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -588,14 +588,14 @@ getGMTOffsetID() // Ignore daylight saving settings to calculate current time difference localtm.tm_isdst = 0; int gmt_off = (int)(difftime(mktime(&localtm), mktime(&gmt)) / 60.0); - sprintf(buf, (const char *)"GMT%c%02.2d:%02.2d", + snprintf(buf, sizeof(buf), (const char *)"GMT%c%02.2d:%02.2d", gmt_off < 0 ? '-' : '+' , abs(gmt_off / 60), gmt_off % 60); #else if (strftime(offset, 6, "%z", &localtm) != 5) { return strdup("GMT"); } - sprintf(buf, (const char *)"GMT%c%c%c:%c%c", offset[0], offset[1], offset[2], + snprintf(buf, sizeof(buf), (const char *)"GMT%c%c%c:%c%c", offset[0], offset[1], offset[2], offset[3], offset[4]); #endif return strdup(buf); diff --git a/src/java.base/unix/native/libjli/java_md.c b/src/java.base/unix/native/libjli/java_md.c index 21ef4068858..024cec571b7 100644 --- a/src/java.base/unix/native/libjli/java_md.c +++ b/src/java.base/unix/native/libjli/java_md.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -387,7 +387,7 @@ CreateExecutionEnvironment(int *pargc, char ***pargv, if (lastslash) *lastslash = '\0'; - sprintf(new_runpath, LD_LIBRARY_PATH "=" + snprintf(new_runpath, new_runpath_size, LD_LIBRARY_PATH "=" "%s:" "%s/lib:" "%s/../lib", diff --git a/src/java.base/windows/native/libjava/Console_md.c b/src/java.base/windows/native/libjava/Console_md.c index 13809aaeba0..9423f7d9e31 100644 --- a/src/java.base/windows/native/libjava/Console_md.c +++ b/src/java.base/windows/native/libjava/Console_md.c @@ -56,10 +56,10 @@ Java_java_io_Console_encoding(JNIEnv *env, jclass cls) char buf[64]; int cp = GetConsoleCP(); if (cp >= 874 && cp <= 950) - sprintf(buf, "ms%d", cp); + snprintf(buf, sizeof(buf), "ms%d", cp); else if (cp == 65001) - sprintf(buf, "UTF-8"); + snprintf(buf, sizeof(buf), "UTF-8"); else - sprintf(buf, "cp%d", cp); + snprintf(buf, sizeof(buf), "cp%d", cp); return JNU_NewStringPlatform(env, buf); } diff --git a/src/java.base/windows/native/libjava/TimeZone_md.c b/src/java.base/windows/native/libjava/TimeZone_md.c index ed596550f42..bcf616dad91 100644 --- a/src/java.base/windows/native/libjava/TimeZone_md.c +++ b/src/java.base/windows/native/libjava/TimeZone_md.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1999, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -122,7 +122,7 @@ getValueInRegistry(HKEY hKey, /* * Produces custom name "GMT+hh:mm" from the given bias in buffer. */ -static void customZoneName(LONG bias, char *buffer) { +static void customZoneName(LONG bias, char *buffer, size_t bufSize) { LONG gmtOffset; int sign; @@ -134,7 +134,7 @@ static void customZoneName(LONG bias, char *buffer) { sign = 1; } if (gmtOffset != 0) { - sprintf(buffer, "GMT%c%02d:%02d", + snprintf(buffer, bufSize, "GMT%c%02d:%02d", ((sign >= 0) ? '+' : '-'), gmtOffset / 60, gmtOffset % 60); @@ -146,7 +146,7 @@ static void customZoneName(LONG bias, char *buffer) { /* * Gets the current time zone entry in the "Time Zones" registry. */ -static int getWinTimeZone(char *winZoneName) +static int getWinTimeZone(char *winZoneName, size_t winZoneNameBufSize) { DYNAMIC_TIME_ZONE_INFORMATION dtzi; DWORD timeType; @@ -173,7 +173,7 @@ static int getWinTimeZone(char *winZoneName) */ if (dtzi.TimeZoneKeyName[0] != 0) { if (dtzi.DynamicDaylightTimeDisabled) { - customZoneName(dtzi.Bias, winZoneName); + customZoneName(dtzi.Bias, winZoneName, winZoneNameBufSize); return VALUE_GMTOFFSET; } wcstombs(winZoneName, dtzi.TimeZoneKeyName, MAX_ZONE_CHAR); @@ -206,7 +206,7 @@ static int getWinTimeZone(char *winZoneName) * is disabled. */ if (val == 1) { - customZoneName(dtzi.Bias, winZoneName); + customZoneName(dtzi.Bias, winZoneName, winZoneNameBufSize); (void) RegCloseKey(hKey); return VALUE_GMTOFFSET; } @@ -251,7 +251,7 @@ static int getWinTimeZone(char *winZoneName) if (ret == ERROR_SUCCESS) { if (val == 1 && tzi.DaylightDate.wMonth != 0) { (void) RegCloseKey(hKey); - customZoneName(tzi.Bias, winZoneName); + customZoneName(tzi.Bias, winZoneName, winZoneNameBufSize); return VALUE_GMTOFFSET; } } @@ -518,7 +518,7 @@ char *findJavaTZ_md(const char *java_home_dir) char *std_timezone = NULL; int result; - result = getWinTimeZone(winZoneName); + result = getWinTimeZone(winZoneName, sizeof(winZoneName)); if (result != VALUE_UNKNOWN) { if (result == VALUE_GMTOFFSET) { @@ -568,6 +568,6 @@ getGMTOffsetID() } } - customZoneName(bias, zonename); + customZoneName(bias, zonename, sizeof(zonename)); return _strdup(zonename); } diff --git a/src/java.base/windows/native/libjava/java_props_md.c b/src/java.base/windows/native/libjava/java_props_md.c index 0403c71da2f..2ff4c9e8806 100644 --- a/src/java.base/windows/native/libjava/java_props_md.c +++ b/src/java.base/windows/native/libjava/java_props_md.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -134,18 +134,19 @@ getEncodingInternal(LCID lcid) static char* getConsoleEncoding() { - char* buf = malloc(16); + size_t buflen = 16; + char* buf = malloc(buflen); int cp; if (buf == NULL) { return NULL; } cp = GetConsoleCP(); if (cp >= 874 && cp <= 950) - sprintf(buf, "ms%d", cp); + snprintf(buf, buflen, "ms%d", cp); else if (cp == 65001) - sprintf(buf, "UTF-8"); + snprintf(buf, buflen, "UTF-8"); else - sprintf(buf, "cp%d", cp); + snprintf(buf, buflen, "cp%d", cp); return buf; } @@ -575,7 +576,7 @@ GetJavaProperties(JNIEnv* env) sprops.os_name = "Windows (unknown)"; break; } - sprintf(buf, "%d.%d", majorVersion, minorVersion); + snprintf(buf, sizeof(buf), "%d.%d", majorVersion, minorVersion); sprops.os_version = _strdup(buf); #if defined(_M_AMD64) sprops.os_arch = "amd64";