From fece5afe88597138c5b8649d9a19911461e3622b Mon Sep 17 00:00:00 2001
From: Ingo Schwarze <schwarze@openbsd.org>
Date: Sun, 20 Apr 2014 20:18:12 +0000
Subject: fix unchecked snprintf(3) in page header printing: the length of the
 title is unknown, and speed doesn't matter here, so use asprintf/free rather
 than a static buffer

---
 mdoc_html.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'mdoc_html.c')

diff --git a/mdoc_html.c b/mdoc_html.c
index 04d03f2b..ac1e43b4 100644
--- a/mdoc_html.c
+++ b/mdoc_html.c
@@ -1,4 +1,4 @@
-/*	$Id: mdoc_html.c,v 1.188 2014/04/20 16:46:05 schwarze Exp $ */
+/*	$Id: mdoc_html.c,v 1.189 2014/04/20 20:18:12 schwarze Exp $ */
 /*
  * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2014 Ingo Schwarze <schwarze@openbsd.org>
@@ -29,6 +29,7 @@
 #include <unistd.h>
 
 #include "mandoc.h"
+#include "mandoc_aux.h"
 #include "out.h"
 #include "html.h"
 #include "mdoc.h"
@@ -514,9 +515,10 @@ mdoc_root_post(MDOC_ARGS)
 static int
 mdoc_root_pre(MDOC_ARGS)
 {
+	char		 b[BUFSIZ];
 	struct htmlpair	 tag[3];
 	struct tag	*t, *tt;
-	char		 b[BUFSIZ], title[BUFSIZ];
+	char		*title;
 
 	strlcpy(b, meta->vol, BUFSIZ);
 
@@ -526,7 +528,7 @@ mdoc_root_pre(MDOC_ARGS)
 		strlcat(b, ")", BUFSIZ);
 	}
 
-	snprintf(title, BUFSIZ - 1, "%s(%s)", meta->title, meta->msec);
+	mandoc_asprintf(&title, "%s(%s)", meta->title, meta->msec);
 
 	PAIR_SUMMARY_INIT(&tag[0], "Document Header");
 	PAIR_CLASS_INIT(&tag[1], "head");
@@ -557,6 +559,8 @@ mdoc_root_pre(MDOC_ARGS)
 	print_otag(h, TAG_TD, 2, tag);
 	print_text(h, title);
 	print_tagq(h, t);
+
+	free(title);
 	return(1);
 }
 
-- 
cgit v1.2.3-56-ge451