diff -Nur lbreakout2-2.5beta-3.orig/client/chart.c lbreakout2-2.5beta-3/client/chart.c --- lbreakout2-2.5beta-3.orig/client/chart.c 2003-05-25 11:37:05.000000000 +0200 +++ lbreakout2-2.5beta-3/client/chart.c 2004-02-03 22:12:34.294996664 +0100 @@ -119,7 +119,7 @@ char aux[4]; Set_Chart *chart = 0; /* full file name */ - sprintf( file_name, "%s/%s", path, CHART_FILE_NAME ); + snprintf( file_name, sizeof(file_name), "%s/%s", path, CHART_FILE_NAME ); /* clear chart list */ list_clear( charts ); /* open file */ @@ -224,7 +224,7 @@ */ void chart_save() { - char file_name[512]; + char file_name[640]; int i; Set_Chart *chart = 0; FILE *file = 0; diff -Nur lbreakout2-2.5beta-3.orig/client/client_handlers.c lbreakout2-2.5beta-3/client/client_handlers.c --- lbreakout2-2.5beta-3.orig/client/client_handlers.c 2003-06-18 10:46:13.000000000 +0200 +++ lbreakout2-2.5beta-3/client/client_handlers.c 2004-02-03 22:12:34.296996360 +0100 @@ -111,7 +111,7 @@ /* disconnect */ socket_print_stats( &client ); - sprintf( buf, "disconnected from %s", + snprintf( buf, sizeof(buf), "disconnected from %s", net_addr_to_string(&client.remote_addr) ); client_add_chatter( buf, 1 ); buf[0] = MSG_DISCONNECT; @@ -146,7 +146,7 @@ /* extract ip and port and build a new socket out of it */ gui_edit_get_text( edit_server, server, 128, 0, -1 ); - snprintf( config.server, 64, server ); + snprintf( config.server, 64, "%s", server ); if ( !net_build_addr( &newaddr, server, 0 ) ) { client_printf_chatter( 1, "ERROR: address %s does not resolve", config.server ); return; @@ -562,7 +562,7 @@ event->type == GUI_KEY_RELEASED && event->key.keysym == SDLK_RETURN ) { /* get message */ - sprintf( buf, "<%s> ", client_name ); + snprintf( buf, sizeof(buf), "<%s> ", client_name ); gui_edit_get_text( edit_pausechatter, buf+strlen(buf), MAX_CHATTER_SIZE + 1, 0,-1 ); /* clear chat edit */ diff -Nur lbreakout2-2.5beta-3.orig/client/client_recv.c lbreakout2-2.5beta-3/client/client_recv.c --- lbreakout2-2.5beta-3.orig/client/client_recv.c 2003-05-29 21:05:39.000000000 +0200 +++ lbreakout2-2.5beta-3/client/client_recv.c 2004-02-03 22:12:34.302995448 +0100 @@ -79,7 +79,7 @@ va_start( args, format ); vsnprintf( buffer, 256, format, args ); va_end( args ); - gui_label_set_text( label_info, buffer ); + gui_label_set_text( label_info, "%s", buffer ); gui_widget_show( dlg_info ); client_state = CLIENT_INFO; } @@ -95,7 +95,7 @@ va_start( args, format ); vsnprintf( buffer, 256, format, args ); va_end( args ); - gui_label_set_text( label_confirm, buffer ); + gui_label_set_text( label_confirm, "%s", buffer ); gui_widget_show( dlg_confirm ); } @@ -157,7 +157,7 @@ /* users */ case MSG_ADD_USER: num = msg_read_int32(); - snprintf( name, 16, msg_read_string() ); name[15] = 0; + snprintf( name, 16, "%s", msg_read_string() ); name[15] = 0; if ( msg_read_failed() ) break; client_add_user( num, name ); gui_list_update( @@ -208,7 +208,7 @@ break; case MSG_SET_CHANNEL: /* we only need to update the name */ - gui_label_set_text( label_channel, msg_read_string() ); + gui_label_set_text( label_channel, "%s", msg_read_string() ); handled = 1; break; /* challenge */ @@ -223,8 +223,8 @@ client_transmit( CODE_BLUE, msglen, msgbuf ); break; } - snprintf( mp_peer_name, 15, msg_read_string() ); - snprintf( mp_levelset, 16, msg_read_string() ); + snprintf( mp_peer_name, 15, "%s", msg_read_string() ); + snprintf( mp_levelset, 16, "%s", msg_read_string() ); mp_diff = msg_read_int8(); mp_rounds = msg_read_int8(); mp_frags = msg_read_int8(); diff -Nur lbreakout2-2.5beta-3.orig/client/comm.c lbreakout2-2.5beta-3/client/comm.c --- lbreakout2-2.5beta-3.orig/client/comm.c 2003-06-04 14:02:41.000000000 +0200 +++ lbreakout2-2.5beta-3/client/comm.c 2004-02-03 22:12:34.304995144 +0100 @@ -191,7 +191,7 @@ close_pause_chat(); /* break up game but wait for the stats */ set_state( CS_FATAL_ERROR ); - display_text( chat_font_error, msg_read_string() ); + display_text( chat_font_error, "%s", msg_read_string() ); handled = 1; break; case MSG_LEVEL_DATA: @@ -209,7 +209,7 @@ break; case MSG_ADD_USER: i = msg_read_int32(); - snprintf( name, 16, msg_read_string() ); name[15] = 0; + snprintf( name, 16, "%s", msg_read_string() ); name[15] = 0; if ( msg_read_failed() ) break; client_add_user( i, name ); handled = 1; diff -Nur lbreakout2-2.5beta-3.orig/client/config.c lbreakout2-2.5beta-3/client/config.c --- lbreakout2-2.5beta-3.orig/client/config.c 2003-06-28 10:06:14.000000000 +0200 +++ lbreakout2-2.5beta-3/client/config.c 2004-02-03 22:12:34.305994992 +0100 @@ -37,7 +37,7 @@ /* check if config directory exists; if not create it and set config_dir */ void config_check_dir() { - char level_dir[512]; + char level_dir[640]; snprintf( config.dir_name, sizeof(config.dir_name)-1, "%s/%s", (getenv( "HOME" )?getenv( "HOME" ):"."), CONFIG_DIR_NAME ); /* test and create .lgames */ if ( opendir( config.dir_name ) == 0 ) { @@ -126,7 +126,7 @@ void config_load( ) { char *str; - char file_name[512]; + char file_name[640]; PData *pd; /* set to defaults */ config_check_dir(); @@ -202,7 +202,7 @@ void config_save( ) { FILE *file = 0; - char file_name[512]; + char file_name[640]; sprintf( file_name, "%s/%s", config.dir_name, CONFIG_FILE_NAME ); if ( ( file = fopen( file_name, "w" ) ) == 0 ) diff -Nur lbreakout2-2.5beta-3.orig/client/credit.c lbreakout2-2.5beta-3/client/credit.c --- lbreakout2-2.5beta-3.orig/client/credit.c 2003-05-23 21:21:44.000000000 +0200 +++ lbreakout2-2.5beta-3/client/credit.c 2004-02-03 22:12:34.310994232 +0100 @@ -41,7 +41,7 @@ credit_cur = 0; credit_alpha = 0; credit_status = 0; /* string */ - sprintf( credit_str, "%s (%i) - %s", name, level + 1, author ); + snprintf( credit_str, sizeof(credit_str), "%s (%i) - %s", name, level + 1, author ); /* position */ credit_w = stk_font_string_width( font, credit_str ) + 4; diff -Nur lbreakout2-2.5beta-3.orig/client/display.c lbreakout2-2.5beta-3/client/display.c --- lbreakout2-2.5beta-3.orig/client/display.c 2002-11-01 17:32:19.000000000 +0100 +++ lbreakout2-2.5beta-3/client/display.c 2004-02-03 22:12:34.311994080 +0100 @@ -116,7 +116,7 @@ void displays_show() { int i; - char str[64], numstr[10]; + char str[64], numstr[20]; Display *display; if ( displays == 0 ) return; list_reset( displays ); diff -Nur lbreakout2-2.5beta-3.orig/client/editor.c lbreakout2-2.5beta-3/client/editor.c --- lbreakout2-2.5beta-3.orig/client/editor.c 2003-05-18 19:22:11.000000000 +0200 +++ lbreakout2-2.5beta-3/client/editor.c 2004-02-03 22:12:34.314993624 +0100 @@ -263,7 +263,7 @@ int x = BRICK_WIDTH, y = ( MAP_HEIGHT - 1 ) * BRICK_HEIGHT - 2; int height = 10; /* locartion */ - sprintf( str, "Location: %s", edit_file_name ); + snprintf( str, sizeof(str), "Location: %s", edit_file_name ); mfont->align = STK_FONT_ALIGN_LEFT | STK_FONT_ALIGN_TOP; stk_font_write( mfont, stk_display, x, y, STK_OPAQUE, str ); /* current level */ @@ -278,15 +278,15 @@ } else { /* version */ - sprintf( str, "Version: %s ", edit_version ); + snprintf( str, sizeof(str), "Version: %s ", edit_version ); stk_font_write( mfont, stk_display, stk_display->w - BRICK_WIDTH, y + height, STK_OPAQUE, str ); } /* name and author */ mfont->align = STK_FONT_ALIGN_LEFT | STK_FONT_ALIGN_TOP; - sprintf( str, "Title: %s", edit_cur_level->name ); + snprintf( str, sizeof(str), "Title: %s", edit_cur_level->name ); stk_font_write( mfont, stk_display, BRICK_WIDTH + 2, ( MAP_HEIGHT - 5 ) * BRICK_HEIGHT + 5, STK_OPAQUE, str ); mfont->align = STK_FONT_ALIGN_RIGHT | STK_FONT_ALIGN_TOP; - sprintf( str, "Author: %s", edit_cur_level->author ); + snprintf( str, sizeof(str), "Author: %s", edit_cur_level->author ); stk_font_write( mfont, stk_display, stk_display->w - BRICK_WIDTH - 2, ( MAP_HEIGHT - 5 ) * BRICK_HEIGHT + 5, STK_OPAQUE, str ); } /* @@ -389,7 +389,7 @@ edit_level_count = 0; if ( ( file = fopen( edit_file_name, "rb" ) ) != 0 ) { levelset_get_version( file, &version, &update ); - sprintf( edit_version, "%i.%02i", version, update ); + snprintf( edit_version, sizeof(edit_version), "%i.%02i", version, update ); while ( ( level = level_load( file ) ) != 0 ) edit_levels[edit_level_count++] = level; fclose( file ); @@ -547,7 +547,7 @@ case BUTTON_VERSION: if ( enter_string( font, "Levelset Version:", edit_version, 8 ) ) { parse_version( edit_version, &version, &update ); - sprintf( edit_version, "%i.%02i", version, update ); + snprintf( edit_version, sizeof(edit_version), "%i.%02i", version, update ); *full_update = 1; } break; @@ -639,12 +639,12 @@ strcpy( str, "" ); if ( edit_buttons[x][y] == BUTTON_EDIT_AUTHOR ) if ( enter_string( font, "Author's Name:", str, 24 ) ) { - snprintf( edit_cur_level->author, 31, str ); + snprintf( edit_cur_level->author, 31, "%s", str ); *full_update = 1; } if ( edit_buttons[x][y] == BUTTON_EDIT_NAME ) if ( enter_string( font, "Title:", str, 24 ) ) { - snprintf( edit_cur_level->name, 31, str ); + snprintf( edit_cur_level->name, 31, "%s", str ); *full_update = 1; } /* sel frame tile position */ diff -Nur lbreakout2-2.5beta-3.orig/client/file.c lbreakout2-2.5beta-3/client/file.c --- lbreakout2-2.5beta-3.orig/client/file.c 2002-08-13 16:43:55.000000000 +0200 +++ lbreakout2-2.5beta-3/client/file.c 2004-02-03 22:12:34.320992712 +0100 @@ -469,13 +469,13 @@ if ( !strncmp( path + strlen( path ) - strlen( root ), root, strlen( root ) ) ) continue; /* get stats */ - sprintf( file_name, "%s/%s", path, dirent->d_name ); + snprintf( file_name, sizeof(file_name), "%s/%s", path, dirent->d_name ); if ( stat( file_name, &fstat ) == -1 ) continue; /* check directory */ if ( S_ISDIR( fstat.st_mode ) ) { if ( ( test_dir = opendir( file_name ) ) == 0 ) continue; closedir( test_dir ); - sprintf( file_name, "*%s", dirent->d_name ); + snprintf( file_name, sizeof(file_name), "*%s", dirent->d_name ); list_add( list, strdup( file_name ) ); } else diff -Nur lbreakout2-2.5beta-3.orig/client/game.c lbreakout2-2.5beta-3/client/game.c --- lbreakout2-2.5beta-3.orig/client/game.c 2003-06-28 10:21:57.000000000 +0200 +++ lbreakout2-2.5beta-3/client/game.c 2004-02-03 22:12:34.327991648 +0100 @@ -163,7 +163,7 @@ if ( game->game_type == GT_LOCAL ) { /* we put these displays to the old positions at the top of the frame */ - sprintf( str, "%s", player->name ); + snprintf( str, sizeof(str), "%s", player->name ); length = ( strlen( player->name ) ) * 8; display_player[0] = displays_add( 402, 0, length + 4, 16, str, player->lives, 0 ); @@ -173,14 +173,14 @@ display_score[0]->use_alpha = 0; } else { /* wins */ - sprintf( str, "%s ~x%i", + snprintf( str, sizeof(str), "%s ~x%i", game->paddles[0]->player->name, game->paddles[0]->player->stats.wins ); length = strlen( str ) * 8; display_player[0] = displays_add( BRICK_WIDTH + 20, ( MAP_HEIGHT - 1 ) * BRICK_HEIGHT + 2, length + 4, 16, str, 0, 0 ); - sprintf( str, "%s ~x%i", + snprintf( str, sizeof(str), "%s ~x%i", game->paddles[1]->player->name, game->paddles[1]->player->stats.wins ); length = strlen( str ) * 8; @@ -265,7 +265,7 @@ } } - display_text( font, info ); + display_text( font, "%s", info ); stk_display_update( STK_UPDATE_ALL ); } diff -Nur lbreakout2-2.5beta-3.orig/client/manager.c lbreakout2-2.5beta-3/client/manager.c --- lbreakout2-2.5beta-3.orig/client/manager.c 2003-06-28 10:22:26.000000000 +0200 +++ lbreakout2-2.5beta-3/client/manager.c 2004-02-03 22:12:34.330991192 +0100 @@ -207,7 +207,7 @@ /* filter stuff */ if ( text->lines[i][0] == '*' ) continue; /* add */ - sprintf( file_name, "~%s", text->lines[i] ); + snprintf( file_name, sizeof(file_name), "~%s", text->lines[i] ); list_add( levelset_names, strdup( file_name ) ); } delete_text( text ); @@ -362,7 +362,7 @@ if ( ( file = levelset_open( levelset_names_local[config.levelset_id_local], "rb" ) ) ) { levelset_get_version( file, &version, &update ); levelset_get_first_author( file, author ); - sprintf( hint_levelset, "%s v%i.%02i#Author: %s", + snprintf( hint_levelset, sizeof(hint_levelset), "%s v%i.%02i#Author: %s", levelset_names_local[config.levelset_id_local], version, update, author/*, HINT_LEVELSET_APPENDIX*/ ); hint_set_contents( item_levelset->hint, hint_levelset ); diff -Nur lbreakout2-2.5beta-3.orig/client/theme.c lbreakout2-2.5beta-3/client/theme.c --- lbreakout2-2.5beta-3.orig/client/theme.c 2003-05-28 19:03:30.000000000 +0200 +++ lbreakout2-2.5beta-3/client/theme.c 2004-02-03 22:12:34.337990128 +0100 @@ -132,7 +132,7 @@ ==================================================================== */ static char theme_dir[512]; -static char theme_path[512]; +static char theme_path[640]; void theme_set_dir( char *name ) { if ( name[0] == '~' ) @@ -159,10 +159,10 @@ { struct stat filestat; SDL_Surface *surf = 0; - sprintf( theme_path, "%s/%s", theme_dir, name ); + snprintf( theme_path, sizeof(theme_path), "%s/%s", theme_dir, name ); if ( stat( theme_path, &filestat ) == -1 || - ( surf = stk_surface_load( SDL_SWSURFACE | SDL_NONFATAL, theme_path ) ) == 0 ) - surf = stk_surface_load( SDL_SWSURFACE, name ); + ( surf = stk_surface_load( SDL_SWSURFACE | SDL_NONFATAL, "%s", theme_path ) ) == 0 ) + surf = stk_surface_load( SDL_SWSURFACE, "%s", name ); return surf; } #ifdef AUDIO_ENABLED @@ -170,10 +170,10 @@ { struct stat filestat; StkSound *sound = 0; - sprintf( theme_path, "%s/%s", theme_dir, name ); + snprintf( theme_path, sizeof(theme_path), "%s/%s", theme_dir, name ); if ( stat( theme_path, &filestat ) == -1 || - ( sound = stk_sound_load( -1, theme_path ) ) == 0 ) - sound = stk_sound_load( -1, name ); + ( sound = stk_sound_load( -1, "%s", theme_path ) ) == 0 ) + sound = stk_sound_load( -1, "%s", name ); return sound; } #endif @@ -181,10 +181,10 @@ { struct stat filestat; StkFont *font = 0; - sprintf( theme_path, "%s/%s", theme_dir, name ); + snprintf( theme_path, sizeof(theme_path), "%s/%s", theme_dir, name ); if ( stat( theme_path, &filestat ) == -1 || - ( font = stk_font_load( SDL_SWSURFACE | SDL_NONFATAL, theme_path ) ) == 0 ) - font = stk_font_load( SDL_SWSURFACE, name ); + ( font = stk_font_load( SDL_SWSURFACE | SDL_NONFATAL, "%s", theme_path ) ) == 0 ) + font = stk_font_load( SDL_SWSURFACE, "%s", name ); if ( font ) SDL_SetColorKey( font->surface, SDL_SRCCOLORKEY, stk_surface_get_pixel( font->surface, 0,0 ) ); @@ -250,7 +250,7 @@ bkgnds = calloc( ORIG_BACK_COUNT, sizeof( SDL_Surface* ) ); for ( i = 0; i < ORIG_BACK_COUNT; i++ ) { sprintf( theme_path, "back%i.png", i ); - bkgnds[i] = stk_surface_load( SDL_SWSURFACE, theme_path ); + bkgnds[i] = stk_surface_load( SDL_SWSURFACE, "%s", theme_path ); } bkgnd_count = ORIG_BACK_COUNT; } @@ -309,7 +309,7 @@ if ( entry->d_name[0] == '.' ) continue; /* full path */ - sprintf( theme_path, "%s/%s", dir, entry->d_name ); + snprintf( theme_path, sizeof(theme_path), "%s/%s", dir, entry->d_name ); stat( theme_path, &estat ); if ( S_ISDIR( estat.st_mode ) ) { /* ignore entry if it is a default theme */ @@ -320,7 +320,7 @@ } if ( i == -1 ) continue; /* store it otherwise */ - sprintf( name, "%s", entry->d_name ); + snprintf( name, sizeof(name), "%s", entry->d_name ); list_add( list, strdup( name ) ); } } @@ -333,10 +333,10 @@ if ( entry->d_name[0] == '.' ) continue; /* full path */ - sprintf( theme_path, "%s/%s", dir, entry->d_name ); + snprintf( theme_path, sizeof(theme_path), "%s/%s", dir, entry->d_name ); stat( theme_path, &estat ); if ( S_ISDIR( estat.st_mode ) ) { - sprintf( name, "~%s", entry->d_name ); + snprintf( name, sizeof(name), "~%s", entry->d_name ); list_add( list, strdup( name ) ); } } diff -Nur lbreakout2-2.5beta-3.orig/client/value.c lbreakout2-2.5beta-3/client/value.c --- lbreakout2-2.5beta-3.orig/client/value.c 2002-09-05 12:38:54.000000000 +0200 +++ lbreakout2-2.5beta-3/client/value.c 2004-02-03 22:12:34.338989976 +0100 @@ -33,7 +33,7 @@ { switch ( value->type ) { case VALUE_RANGE_INT: sprintf( value->val_str, "%i", *value->val_int ); break; - case VALUE_RANGE_STR: sprintf( value->val_str, "%s", value->names[*value->val_int] ); break; + case VALUE_RANGE_STR: snprintf( value->val_str, 256, "%s", value->names[*value->val_int] ); break; case VALUE_KEY: if ( value->grab ) { strcpy( value->val_str, "???" ); break; } switch ( *value->val_int ) { diff -Nur lbreakout2-2.5beta-3.orig/common/net.c lbreakout2-2.5beta-3/common/net.c --- lbreakout2-2.5beta-3.orig/common/net.c 2003-06-04 16:24:41.000000000 +0200 +++ lbreakout2-2.5beta-3/common/net.c 2004-02-03 22:12:34.344989064 +0100 @@ -275,7 +275,7 @@ sys_printf( "net_query_ip: unknown unix path\n" ); } else - snprintf( str, sun->sun_path, len );*/ + snprintf( str, len, "%s", sun->sun_path );*/ break; default: snprintf( str, len, "unknown" ); diff -Nur lbreakout2-2.5beta-3.orig/common/parser.c lbreakout2-2.5beta-3/common/parser.c --- lbreakout2-2.5beta-3.orig/common/parser.c 2002-07-31 17:06:08.000000000 +0200 +++ lbreakout2-2.5beta-3/common/parser.c 2004-02-03 22:12:34.351988000 +0100 @@ -96,7 +96,7 @@ FILE_READCHAR( file, c ); pos++; if ( c == 10 ) line_count++; } - sprintf( parser_error, "%s: %i: %s", + snprintf( parser_error, sizeof(parser_error), "%s: %i: %s", fname, line_count, error ); } @@ -283,7 +283,7 @@ if ( !file_read_token( file, PARSER_SYMBOLS, PARSER_SKIP_SYMBOLS, token ) ) return 0; if ( is_symbol( token[0], PARSER_SYMBOLS ) ) { - sprintf( parser_sub_error, "parse error before '%s'", token ); + snprintf( parser_sub_error, sizeof(parser_sub_error), "parse error before '%s'", token ); return 0; } pd = calloc( 1, sizeof( PData ) ); @@ -299,7 +299,7 @@ goto failure; if ( token[0] != PARSER_LIST_BEGIN ) { if ( is_symbol( token[0], PARSER_SYMBOLS ) ) { - sprintf( parser_sub_error, "parse error before '%s'", token ); + snprintf( parser_sub_error, sizeof(parser_sub_error), "parse error before '%s'", token ); goto failure; } else @@ -310,7 +310,7 @@ goto failure; while ( token[0] != PARSER_LIST_END ) { if ( is_symbol( token[0], PARSER_SYMBOLS ) ) { - sprintf( parser_sub_error, "parse error before '%s'", token ); + snprintf( parser_sub_error, sizeof(parser_sub_error), "parse error before '%s'", token ); goto failure; } else @@ -337,7 +337,7 @@ } break; default: - sprintf( parser_sub_error, "parse error before '%s'", token ); + snprintf( parser_sub_error, sizeof(parser_sub_error), "parse error before '%s'", token ); goto failure; } return pd; @@ -490,7 +490,7 @@ PData *top = 0; /* open file */ if ( ( file = fopen( fname, "r" ) ) == 0 ) { - sprintf( parser_error, "%s: file not found", fname ); + snprintf( parser_error, sizeof(parser_error), "%s: file not found", fname ); return 0; } /* create top level pdata */ @@ -579,7 +579,7 @@ for ( i = 0, list_reset( path ); i < path->count; i++ ) { sub = list_next( path ); if ( !pd_next->entries ) { - sprintf( parser_sub_error, "%s: no subtrees", pd_next->name ); + snprintf( parser_sub_error, sizeof(parser_sub_error), "%s: no subtrees", pd_next->name ); goto failure; } list_reset( pd_next->entries ); found = 0; @@ -590,7 +590,7 @@ break; } if ( !found ) { - sprintf( parser_sub_error, "%s: subtree '%s' not found", pd_next->name, sub ); + snprintf( parser_sub_error, sizeof(parser_sub_error), "%s: subtree '%s' not found", pd_next->name, sub ); goto failure; } } @@ -598,7 +598,7 @@ *result = pd_next; return 1; failure: - sprintf( parser_error, "parser_get_pdata: %s/%s: %s", pd->name, name, parser_sub_error ); + snprintf( parser_error, sizeof(parser_error), "parser_get_pdata: %s/%s: %s", pd->name, name, parser_sub_error ); list_delete( path ); *result = 0; return 0; @@ -608,12 +608,12 @@ PData *entry; *result = 0; if ( !parser_get_pdata( pd, name, &entry ) ) { - sprintf( parser_sub_error, "parser_get_entries:\n %s", parser_error ); + snprintf( parser_sub_error, sizeof(parser_sub_error), "parser_get_entries:\n %s", parser_error ); strcpy( parser_error, parser_sub_error ); return 0; } if ( !entry->entries || entry->entries->count == 0 ) { - sprintf( parser_error, "parser_get_entries: %s/%s: no subtrees", pd->name, name ); + snprintf( parser_error, sizeof(parser_error), "parser_get_entries: %s/%s: no subtrees", pd->name, name ); return 0; } *result = entry->entries; @@ -624,12 +624,12 @@ PData *entry; *result = 0; if ( !parser_get_pdata( pd, name, &entry ) ) { - sprintf( parser_sub_error, "parser_get_values:\n %s", parser_error ); + snprintf( parser_sub_error, sizeof(parser_sub_error), "parser_get_values:\n %s", parser_error ); strcpy( parser_error, parser_sub_error ); return 0; } if ( !entry->values || entry->values->count == 0 ) { - sprintf( parser_error, "parser_get_values: %s/%s: no values", pd->name, name ); + snprintf( parser_error, sizeof(parser_error), "parser_get_values: %s/%s: no values", pd->name, name ); return 0; } *result = entry->values; @@ -639,12 +639,12 @@ { List *values; if ( !parser_get_values( pd, name, &values ) ) { - sprintf( parser_sub_error, "parser_get_value:\n %s", parser_error ); + snprintf( parser_sub_error, sizeof(parser_sub_error), "parser_get_value:\n %s", parser_error ); strcpy( parser_error, parser_sub_error ); return 0; } if ( index >= values->count ) { - sprintf( parser_error, "parser_get_value: %s/%s: index %i out of range (%i elements)", + snprintf( parser_error, sizeof(parser_error), "parser_get_value: %s/%s: index %i out of range (%i elements)", pd->name, name, index, values->count ); return 0; } @@ -655,7 +655,7 @@ { char *value; if ( !parser_get_value( pd, name, &value, 0 ) ) { - sprintf( parser_sub_error, "parser_get_int:\n %s", parser_error ); + snprintf( parser_sub_error, sizeof(parser_sub_error), "parser_get_int:\n %s", parser_error ); strcpy( parser_error, parser_sub_error ); return 0; } @@ -666,7 +666,7 @@ { char *value; if ( !parser_get_value( pd, name, &value, 0 ) ) { - sprintf( parser_sub_error, "parser_get_double:\n %s", parser_error ); + snprintf( parser_sub_error, sizeof(parser_sub_error), "parser_get_double:\n %s", parser_error ); strcpy( parser_error, parser_sub_error ); return 0; } @@ -677,7 +677,7 @@ { char *value; if ( !parser_get_value( pd, name, &value, 0 ) ) { - sprintf( parser_sub_error, "parser_get_string:\n %s", parser_error ); + snprintf( parser_sub_error, sizeof(parser_sub_error), "parser_get_string:\n %s", parser_error ); strcpy( parser_error, parser_sub_error ); return 0; } diff -Nur lbreakout2-2.5beta-3.orig/game/comm.c lbreakout2-2.5beta-3/game/comm.c --- lbreakout2-2.5beta-3.orig/game/comm.c 2003-06-28 08:30:15.000000000 +0200 +++ lbreakout2-2.5beta-3/game/comm.c 2004-02-03 22:12:34.353987696 +0100 @@ -484,8 +484,8 @@ { char *ptr = msg + *pos; - snprintf( ptr, 16, level->name ); ptr[15] = 0; ptr += 16; - snprintf( ptr, 16, level->author); ptr[15] = 0; ptr += 16; + snprintf( ptr, 16, "%s", level->name ); ptr[15] = 0; ptr += 16; + snprintf( ptr, 16, "%s", level->author); ptr[15] = 0; ptr += 16; memcpy( ptr, level->bricks, 252 ); ptr += 252; memcpy( ptr, level->extras, 252 ); ptr += 252; @@ -497,8 +497,8 @@ { char *ptr = msg + *pos; - snprintf( level->name, 16, ptr ); ptr += 16; - snprintf( level->author, 16, ptr ); ptr += 16; + snprintf( level->name, 16, "%s", ptr ); ptr += 16; + snprintf( level->author, 16, "%s", ptr ); ptr += 16; memcpy( level->bricks, ptr, 252 ); ptr += 252; memcpy( level->extras, ptr, 252 ); ptr += 252; diff -Nur lbreakout2-2.5beta-3.orig/game/game.c lbreakout2-2.5beta-3/game/game.c --- lbreakout2-2.5beta-3.orig/game/game.c 2003-06-28 10:03:41.000000000 +0200 +++ lbreakout2-2.5beta-3/game/game.c 2004-02-03 22:12:34.354987544 +0100 @@ -133,8 +133,8 @@ game->level_over = 0; /* initiate level data */ - snprintf( game->title, 32, level->name ); - snprintf( game->author, 32, level->author ); + snprintf( game->title, 32, "%s", level->name ); + snprintf( game->author, 32, "%s", level->author ); bricks_init( game, game->game_type, level, game->diff->score_mod, game->rel_warp_limit ); if ( game->game_type == GT_LOCAL || game->brick_count > 0 ) game->level_type = LT_NORMAL; diff -Nur lbreakout2-2.5beta-3.orig/game/levels.c lbreakout2-2.5beta-3/game/levels.c --- lbreakout2-2.5beta-3.orig/game/levels.c 2003-05-19 09:46:39.000000000 +0200 +++ lbreakout2-2.5beta-3/game/levels.c 2004-02-03 22:12:34.360986632 +0100 @@ -174,7 +174,7 @@ if ( levels->count == 0 ) return 0; set = salloc( 1, sizeof( LevelSet ) ); - snprintf( set->name, 20, name ); + snprintf( set->name, 20, "%s", name ); set->levels = salloc( levels->count, sizeof( Level* ) ); set->count = levels->count; set->version = version; @@ -326,10 +326,10 @@ if ( !strequal( "Level:", buffer ) ) goto failure; /* author */ if ( !next_line( file, buffer ) ) goto failure; - snprintf( level->author, 31, buffer ); + snprintf( level->author, 31, "%s", buffer ); /* level name */ if ( !next_line( file, buffer ) ) goto failure; - snprintf( level->name, 31, buffer ); + snprintf( level->name, 31, "%s", buffer ); /* bricks: */ if ( !next_line( file, buffer ) ) goto failure; if ( !strequal( "Bricks:", buffer ) ) goto failure; @@ -365,8 +365,8 @@ { int i, j; Level *level = calloc( 1, sizeof( Level ) ); - snprintf( level->author, 31, author ); - snprintf( level->name, 31, name ); + snprintf( level->author, 31, "%s", author ); + snprintf( level->name, 31, "%s", name ); /* empty arena */ for ( i = 0; i < EDIT_WIDTH; i++ ) for ( j = 0; j < EDIT_HEIGHT; j++ ) { diff -Nur lbreakout2-2.5beta-3.orig/gui/gui_edit.c lbreakout2-2.5beta-3/gui/gui_edit.c --- lbreakout2-2.5beta-3.orig/gui/gui_edit.c 2003-06-04 21:15:30.000000000 +0200 +++ lbreakout2-2.5beta-3/gui/gui_edit.c 2004-02-03 22:12:34.362986328 +0100 @@ -422,7 +422,7 @@ { if ( widget->type != GUI_EDIT ) return; /* copy text */ - snprintf( widget->spec.edit.buffer, widget->spec.edit.size + 1, text ); + snprintf( widget->spec.edit.buffer, widget->spec.edit.size + 1, "%s", text ); widget->spec.edit.length = strlen( widget->spec.edit.buffer ); /* reset */ /* first character in first line */ @@ -456,7 +456,7 @@ if ( length > limit ) length = limit; if ( length ) - snprintf( buffer, limit, widget->spec.edit.buffer ); + snprintf( buffer, limit, "%s", widget->spec.edit.buffer ); else buffer[0] = 0; return 1; diff -Nur lbreakout2-2.5beta-3.orig/gui/gui_label.c lbreakout2-2.5beta-3/gui/gui_label.c --- lbreakout2-2.5beta-3.orig/gui/gui_label.c 2003-06-04 18:55:10.000000000 +0200 +++ lbreakout2-2.5beta-3/gui/gui_label.c 2004-02-03 22:12:34.368985416 +0100 @@ -202,7 +202,7 @@ /* do the text */ if ( text ) widget->spec.label.text = strdup( text ); - gui_label_set_text( widget, text ); + gui_label_set_text( widget, "%s", text ); /* done */ return widget; } @@ -216,13 +216,13 @@ { if ( widget->type != GUI_LABEL ) return; widget->spec.label.font = font; - gui_label_set_text( widget, widget->spec.label.text ); + gui_label_set_text( widget, "%s", widget->spec.label.text ); } void gui_label_set_align( GuiWidget *widget, int align ) { if ( widget->type != GUI_LABEL ) return; widget->spec.label.align = align; - gui_label_set_text( widget, widget->spec.label.text ); + gui_label_set_text( widget, "%s", widget->spec.label.text ); } static char label_buffer[1024]; void gui_label_set_text( GuiWidget *widget, char *format, ... ) diff -Nur lbreakout2-2.5beta-3.orig/gui/stk.c lbreakout2-2.5beta-3/gui/stk.c --- lbreakout2-2.5beta-3.orig/gui/stk.c 2003-04-23 20:47:58.000000000 +0200 +++ lbreakout2-2.5beta-3/gui/stk.c 2004-02-03 22:18:00.292437520 +0100 @@ -625,18 +625,19 @@ { SDL_Surface *surface = 0; SDL_Surface *converted_surface = 0; - char path[512], *ptr; + char path[512], pathtmp[512], *ptr; va_list args; + va_start( args, format ); + vsnprintf( pathtmp, 511, format, args ); + va_end( args ); /* build full path */ memset( path, 0, 512 ); ptr = path; - if ( is_path_relative(format) && stk_surface_path ) { - sprintf( path, "%s/", stk_surface_path ); + if ( is_path_relative(pathtmp) && stk_surface_path ) { + snprintf( path, sizeof(path), "%s/", stk_surface_path ); ptr = path + strlen( path ); } - va_start( args, format ); - vsnprintf( ptr, 511 - (path-ptr), format, args ); - va_end( args ); + snprintf(ptr, 511 - (path-ptr), "%s", pathtmp); #ifdef STK_DEBUG printf( "loading %s\n", path ); #endif @@ -1024,7 +1025,7 @@ vsnprintf( path, 511, format, args ); va_end( args ); /* load surface */ - font->surface = stk_surface_load( flags, path ); + font->surface = stk_surface_load( flags, "%s", path ); if ( font == 0 ) { if ( flags & SDL_NONFATAL ) { fprintf( stderr, "%s\n", SDL_GetError() ); @@ -1332,18 +1333,19 @@ { StkSound *sound; #ifdef AUDIO_ENABLED - char path[512], *ptr; + char path[512], pathtmp[512], *ptr; va_list args; + va_start( args, format ); + vsnprintf( pathtmp, 511, format, args ); + va_end( args ); /* build full path */ memset( path, 0, 512 ); ptr = path; - if ( is_path_relative(format) && stk_audio_path ) { - sprintf( path, "%s/", stk_audio_path ); + if ( is_path_relative(pathtmp) && stk_audio_path ) { + snprintf( path, sizeof(path), "%s/", stk_audio_path ); ptr = path + strlen( path ); } - va_start( args, format ); - vsnprintf( ptr, 511 - (path-ptr), format, args ); - va_end( args ); + snprintf( ptr, 511 - (path-ptr), "%s", pathtmp ); #ifdef STK_DEBUG printf( "loading %s\n", path ); #endif diff -Nur lbreakout2-2.5beta-3.orig/server/server.c lbreakout2-2.5beta-3/server/server.c --- lbreakout2-2.5beta-3.orig/server/server.c 2003-06-04 17:39:47.000000000 +0200 +++ lbreakout2-2.5beta-3/server/server.c 2004-02-03 22:12:34.383983136 +0100 @@ -102,7 +102,7 @@ { ServerChannel *channel = salloc( 1, sizeof( ServerChannel ) ); - snprintf( channel->name, 20, name ); + snprintf( channel->name, 20, "%s", name ); channel->id = global_id++; channel->users = list_create( LIST_AUTO_DELETE, LIST_NO_CALLBACK ); @@ -140,7 +140,7 @@ /* add a dummy user to channel which can be challenged * but does nothing else */ - snprintf( user->name, 16, name ); + snprintf( user->name, 16, "%s", name ); user->id = global_id++; user->dummy = 1; net_build_addr( &addr, "localhost", 8000 ); @@ -267,7 +267,7 @@ if ( user == 0 ) return; snprintf( errbuf, 128, "You have been kicked! Reason: %s", reason ); - send_info( user, MSG_ERROR, errbuf ); + send_info( user, MSG_ERROR, "%s", errbuf ); errbuf[0] = MSG_DISCONNECT; socket_transmit( &user->socket, CODE_BLUE, 1, errbuf ); @@ -443,8 +443,8 @@ if ( msg_read_int8() != MSG_CONNECT ) return; protocol = msg_read_int8(); - snprintf( name, 20, msg_read_string() ); name[19] = 0; - snprintf( pwd, 20, msg_read_string() ); pwd[19] = 0; + snprintf( name, 20, "%s", msg_read_string() ); name[19] = 0; + snprintf( pwd, 20, "%s", msg_read_string() ); pwd[19] = 0; if ( msg_read_failed() ) { sprintf( errbuf+1, "Login data corrupted, please retry." ); goto failure; @@ -493,7 +493,7 @@ user->admin = 1; } else - snprintf( user->name, 20, name ); + snprintf( user->name, 20, "%s", name ); socket_init( &user->socket, &net_sender_addr ); user->hidden = 1; /* don't get the ADD_USER message */ channel_add_user( main_channel, user ); @@ -575,7 +575,7 @@ sprintf( buf, "search: %s: in channel %s: %s", target->name, target_channel->name, user->game?"playing":"chatting" ); - send_info( user, MSG_SERVER_INFO, buf ); + send_info( user, MSG_SERVER_INFO, "%s", buf ); } } else if ( !strcmp( cmd, "version" ) ) { @@ -663,7 +663,7 @@ msg_write_int16( server_frame_delay ); broadcast_all( msglen, msgbuf ); } - send_info( user, MSG_SERVER_INFO, buf ); + send_info( user, MSG_SERVER_INFO, "%s", buf ); } else if ( !strcmp( cmd, "kick" ) && user->admin ) { if ( (name = list_next( args )) == 0 ) { @@ -792,7 +792,7 @@ } break; case MSG_ENTER_CHANNEL: - snprintf( name, 16, msg_read_string() ); + snprintf( name, 16, "%s", msg_read_string() ); if ( strchr( name, ' ' ) ) { sprintf( errbuf, "Channel name must not contain blanks!" ); send_info( user, MSG_ERROR, errbuf ); @@ -806,7 +806,7 @@ ctx.challenger = user; id = msg_read_int32(); ctx.challenged = find_user_by_id( id ); - snprintf( ctx.name, 20, msg_read_string() ); + snprintf( ctx.name, 20, "%s", msg_read_string() ); ctx.name[19] = 0; ctx.diff = msg_read_int8(); ctx.rounds = msg_read_int8(); @@ -1007,7 +1007,7 @@ } if ( !strcmp( "-D", argv[i] ) ) if ( argv[i + 1] ) - snprintf( datadir, 128, argv[i + 1] ); + snprintf( datadir, 128, "%s", argv[i + 1] ); if ( !strcmp( "-h", argv[i] ) || !strcmp( "--help", argv[i] ) ) display_help(); if ( !strcmp( "-m", argv[i] ) ) @@ -1024,7 +1024,7 @@ } if ( !strcmp( "-a", argv[i] ) ) if ( argv[i + 1] ) - snprintf( admin_pwd, 15, argv[i + 1] ); + snprintf( admin_pwd, 15, "%s", argv[i + 1] ); } } diff -Nur lbreakout2-2.5beta-3.orig/server/server_game.c lbreakout2-2.5beta-3/server/server_game.c --- lbreakout2-2.5beta-3.orig/server/server_game.c 2003-06-04 17:41:20.000000000 +0200 +++ lbreakout2-2.5beta-3/server/server_game.c 2004-02-03 22:12:34.385982832 +0100 @@ -224,8 +224,8 @@ game->set = find_levelset( ctx->name ); if ( game->set == 0 ) { /* should never happen... */ - sprintf( errbuf, "game_create_failed: no levelset '%s' found\n", ctx->name ); - send_info( ctx->challenger, MSG_ERROR, errbuf ); + snprintf( errbuf, 128, "game_create_failed: no levelset '%s' found\n", ctx->name ); + send_info( ctx->challenger, MSG_ERROR, "%s", errbuf ); free( game ); return; } @@ -236,7 +236,7 @@ if ( (game->game = game_create( GT_NETWORK, ctx->diff, 100/*no rel warp*/ )) == 0 ) { /* send error to user */ snprintf( errbuf, 128, "game_create failed: out of memory" ); - send_info( ctx->challenger, MSG_ERROR, errbuf ); + send_info( ctx->challenger, MSG_ERROR, "%s", errbuf ); free( game ); return; }