1https://github.com/uclouvain/openjpeg/pull/1450 2https://patch-diff.githubusercontent.com/raw/uclouvain/openjpeg/pull/1450.patch 3 4From 093ccb0ecdba7d5c4b5363e7dda33b1769fcc08a Mon Sep 17 00:00:00 2001 5From: Mark Mentovai <[email protected]> 6Date: Mon, 7 Nov 2022 09:32:02 -0500 7Subject: [PATCH] openjp2/j2k: replace sprintf calls with snprintf 8MIME-Version: 1.0 9Content-Type: text/plain; charset=UTF-8 10Content-Transfer-Encoding: 8bit 11 12This makes it possible to build j2k.c without warnings using the macOS 1313 SDK. Calls to sprintf are replaced with snprintf, passing appropriate 14buffer sizes. 15 16It doesn’t appear that any of the changed uses of sprintf were actually 17unsafe, so no behavior change is expected aside from SDK compatibility. 18 19The macOS 13 SDK deprecates sprintf as it’s difficult to use safely. The 20deprecation warning message is visible when building C++, but it is not 21normally visible when building plain C code due to a quirk in how 22sprintf is declared in the SDK. However, the deprecation message is 23visible when building plain C under Address Sanitizer 24(-fsanitize=address). This discrepancy was discovered at 25https://crbug.com/1381706 and reported to Apple with a copy at 26https://openradar.appspot.com/FB11761475. 27 28The macOS 13 SDK is packaged in Xcode 14.1, released on 2022-11-01. This 29also affects the iOS 16 SDK and other 2022-era Apple OS SDKs packaged in 30Xcode 14.0, released on 2022-09-12. 31 32j2k.c is visible to the Chromium build via PDFium, and this change is 33needed to allow Chromium to move forward to the macOS 13 SDK. 34 35This change is limited to src/lib/openjp2. Other uses of sprintf were 36found throughout openjpeg. 37--- 38 src/lib/openjp2/j2k.c | 13 ++++++++----- 39 1 file changed, 8 insertions(+), 5 deletions(-) 40 41diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c 42index 923bd8916..354415df7 100644 43--- a/src/lib/openjp2/j2k.c 44+++ b/src/lib/openjp2/j2k.c 45@@ -7954,21 +7954,24 @@ OPJ_BOOL opj_j2k_setup_encoder(opj_j2k_t *p_j2k, 46 47 /* UniPG>> */ 48 #ifdef USE_JPWL 49- cp->comment = (char*)opj_malloc(clen + strlen(version) + 11); 50+ const size_t cp_comment_buf_size = clen + strlen(version) + 11; 51+ cp->comment = (char*)opj_malloc(cp_comment_buf_size); 52 if (!cp->comment) { 53 opj_event_msg(p_manager, EVT_ERROR, 54 "Not enough memory to allocate comment string\n"); 55 return OPJ_FALSE; 56 } 57- sprintf(cp->comment, "%s%s with JPWL", comment, version); 58+ snprintf(cp->comment, cp_comment_buf_size, "%s%s with JPWL", 59+ comment, version); 60 #else 61- cp->comment = (char*)opj_malloc(clen + strlen(version) + 1); 62+ const size_t cp_comment_buf_size = clen + strlen(version) + 1; 63+ cp->comment = (char*)opj_malloc(cp_comment_buf_size); 64 if (!cp->comment) { 65 opj_event_msg(p_manager, EVT_ERROR, 66 "Not enough memory to allocate comment string\n"); 67 return OPJ_FALSE; 68 } 69- sprintf(cp->comment, "%s%s", comment, version); 70+ snprintf(cp->comment, cp_comment_buf_size, "%s%s", comment, version); 71 #endif 72 /* <<UniPG */ 73 } 74@@ -11973,7 +11976,7 @@ static OPJ_BOOL opj_j2k_move_data_from_codec_to_output_image(opj_j2k_t * p_j2k, 75 p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; 76 #if 0 77 char fn[256]; 78- sprintf(fn, "/tmp/%d.raw", compno); 79+ snprintf(fn, sizeof fn, "/tmp/%d.raw", compno); 80 FILE *debug = fopen(fn, "wb"); 81 fwrite(p_image->comps[compno].data, sizeof(OPJ_INT32), 82 p_image->comps[compno].w * p_image->comps[compno].h, debug); 83