From 0e671b23106993a04ea9629722c1308693db3523 Mon Sep 17 00:00:00 2001
From: Ingo Schwarze <schwarze@openbsd.org>
Date: Sun, 20 Apr 2014 20:18:12 +0000
Subject: fix unchecked snprintf(3) in page header printing: the length of the
 title is unknown, and speed doesn't matter here, so use asprintf/free rather
 than a static buffer

---
 mdoc_html.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'mdoc_html.c')

diff --git a/mdoc_html.c b/mdoc_html.c
index 5d2d4b7d..d2cee375 100644
--- a/mdoc_html.c
+++ b/mdoc_html.c
@@ -29,6 +29,7 @@
 #include <unistd.h>
 
 #include "mandoc.h"
+#include "mandoc_aux.h"
 #include "out.h"
 #include "html.h"
 #include "mdoc.h"
@@ -514,9 +515,10 @@ mdoc_root_post(MDOC_ARGS)
 static int
 mdoc_root_pre(MDOC_ARGS)
 {
+	char		 b[BUFSIZ];
 	struct htmlpair	 tag[3];
 	struct tag	*t, *tt;
-	char		 b[BUFSIZ], title[BUFSIZ];
+	char		*title;
 
 	strlcpy(b, meta->vol, BUFSIZ);
 
@@ -526,7 +528,7 @@ mdoc_root_pre(MDOC_ARGS)
 		strlcat(b, ")", BUFSIZ);
 	}
 
-	snprintf(title, BUFSIZ - 1, "%s(%s)", meta->title, meta->msec);
+	mandoc_asprintf(&title, "%s(%s)", meta->title, meta->msec);
 
 	PAIR_SUMMARY_INIT(&tag[0], "Document Header");
 	PAIR_CLASS_INIT(&tag[1], "head");
@@ -557,6 +559,8 @@ mdoc_root_pre(MDOC_ARGS)
 	print_otag(h, TAG_TD, 2, tag);
 	print_text(h, title);
 	print_tagq(h, t);
+
+	free(title);
 	return(1);
 }
 
-- 
cgit