Ignore:
Timestamp:
Feb 28, 2010, 9:59:12 PM (11 years ago)
Author:
jmr@…
Message:

error checking, sprintf -> snprintf, strcpy -> strncpy

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/base/src/registry2.0/itemobj.c

    r27967 r64294  
    111111            const char* result;
    112112            Tcl_Obj* resultObj;
    113             sprintf(query, "SELECT %s FROM items WHERE rowid=?", key);
     113            snprintf(query, sizeof(query), "SELECT %s FROM items WHERE rowid=?", key);
    114114            sqlite3_prepare(item->db, query, -1, &stmt, NULL);
    115115            sqlite3_bind_int64(stmt, 1, item->rowid);
     
    134134            char* key = Tcl_GetString(objv[2]);
    135135            char* value = Tcl_GetString(objv[3]);
    136             sprintf(query, "UPDATE items SET %s=? WHERE rowid=?", key);
     136            snprintf(query, sizeof(query), "UPDATE items SET %s=? WHERE rowid=?", key);
    137137            sqlite3_prepare(item->db, query, -1, &stmt, NULL);
    138138            sqlite3_bind_text(stmt, 1, value, -1, SQLITE_STATIC);
Note: See TracChangeset for help on using the changeset viewer.