From fece5afe88597138c5b8649d9a19911461e3622b Mon Sep 17 00:00:00 2001
From: Ingo Schwarze <schwarze@openbsd.org>
Date: Sun, 20 Apr 2014 20:18:12 +0000
Subject: fix unchecked snprintf(3) in page header printing: the length of the
 title is unknown, and speed doesn't matter here, so use asprintf/free rather
 than a static buffer

---
 man_html.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'man_html.c')

diff --git a/man_html.c b/man_html.c
index 973ae789..092c4c21 100644
--- a/man_html.c
+++ b/man_html.c
@@ -1,4 +1,4 @@
-/*	$Id: man_html.c,v 1.93 2014/04/20 16:46:04 schwarze Exp $ */
+/*	$Id: man_html.c,v 1.94 2014/04/20 20:18:12 schwarze Exp $ */
 /*
  * Copyright (c) 2008-2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2013, 2014 Ingo Schwarze <schwarze@openbsd.org>
@@ -28,6 +28,7 @@
 #include <string.h>
 
 #include "mandoc.h"
+#include "mandoc_aux.h"
 #include "out.h"
 #include "html.h"
 #include "man.h"
@@ -300,9 +301,10 @@ a2width(const struct man_node *n, struct roffsu *su)
 static void
 man_root_pre(MAN_ARGS)
 {
+	char		 b[BUFSIZ];
 	struct htmlpair	 tag[3];
 	struct tag	*t, *tt;
-	char		 b[BUFSIZ], title[BUFSIZ];
+	char		*title;
 
 	b[0] = 0;
 	if (man->vol)
@@ -310,7 +312,7 @@ man_root_pre(MAN_ARGS)
 
 	assert(man->title);
 	assert(man->msec);
-	snprintf(title, BUFSIZ - 1, "%s(%s)", man->title, man->msec);
+	mandoc_asprintf(&title, "%s(%s)", man->title, man->msec);
 
 	PAIR_SUMMARY_INIT(&tag[0], "Document Header");
 	PAIR_CLASS_INIT(&tag[1], "head");
@@ -341,6 +343,7 @@ man_root_pre(MAN_ARGS)
 	print_otag(h, TAG_TD, 2, tag);
 	print_text(h, title);
 	print_tagq(h, t);
+	free(title);
 }
 
 static void
-- 
cgit v1.2.3-56-ge451