FIXME: buffer overflow warning

diff --git a/slstatus.c b/slstatus.c
index 90534d9cf1229ede5430efff3d3e5ec657a7a69d..4dbe650b20a05e445ecfe9af47935452c71835ca 100644 (file)
--- a/slstatus.c
+++ b/slstatus.c
@@ -78,17 +78,17 @@ setstatus(const char *str)
 static char *
 smprintf(const char *fmt, ...)
 {
-       va_list fmtargs;
-       char tmp[120];
+       /* FIXME: This code should have
+       bound checks, it is vulnerable to
+       buffer overflows */
+       va_list ap;
        char *ret = NULL;
 
-       va_start(fmtargs, fmt);
-       snprintf(tmp, sizeof(tmp)-1, fmt, fmtargs);
-       tmp[sizeof(tmp)] = '\0';
-       if (asprintf(&ret, "%s", tmp) < 0)
+       va_start(ap, fmt);
+       if (vasprintf(&ret, fmt, ap) < 0)
                return NULL;
 
-       va_end(fmtargs);
+       va_end(ap);
        return ret;
 }