1diff -u regex.orig/regerror.c regex/regerror.c 2--- regex.orig/regerror.c 2011-08-09 19:49:30.000000000 +0800 3+++ regex/regerror.c 2011-08-12 10:45:57.000000000 +0800 4@@ -8,6 +8,7 @@ 5 #include "regex.h" 6 #include "utils.h" 7 #include "regerror.ih" 8+#include "php.h" 9 10 /* 11 = #define REG_OKAY 0 12@@ -74,17 +75,19 @@ 13 char convbuf[50]; 14 15 if (errcode == REG_ATOI) 16- s = regatoi(preg, convbuf); 17+ s = regatoi(preg, convbuf, sizeof(convbuf)); 18 else { 19 for (r = rerrs; r->code >= 0; r++) 20 if (r->code == target) 21 break; 22 23 if (errcode®_ITOA) { 24- if (r->code >= 0) 25- (void) strcpy(convbuf, r->name); 26- else 27- sprintf(convbuf, "REG_0x%x", target); 28+ if (r->code >= 0) { 29+ (void) strncpy(convbuf, r->name, sizeof(convbuf) - 1); 30+ convbuf[sizeof(convbuf) - 1] = '\0'; 31+ } else { 32+ snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target); 33+ } 34 assert(strlen(convbuf) < sizeof(convbuf)); 35 s = convbuf; 36 } else 37@@ -106,12 +109,13 @@ 38 39 /* 40 - regatoi - internal routine to implement REG_ATOI 41- == static char *regatoi(const regex_t *preg, char *localbuf); 42+ == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); 43 */ 44 static char * 45-regatoi(preg, localbuf) 46+regatoi(preg, localbuf, bufsize) 47 const regex_t *preg; 48 char *localbuf; 49+int bufsize; 50 { 51 register const struct rerr *r; 52 53@@ -121,6 +125,6 @@ 54 if (r->code < 0) 55 return("0"); 56 57- sprintf(localbuf, "%d", r->code); 58+ snprintf(localbuf, bufsize, "%d", r->code); 59 return(localbuf); 60 } 61diff -u regex.orig/regerror.ih regex/regerror.ih 62--- regex.orig/regerror.ih 2011-08-09 19:49:00.000000000 +0800 63+++ regex/regerror.ih 2011-08-09 19:41:07.000000000 +0800 64@@ -4,7 +4,7 @@ 65 #endif 66 67 /* === regerror.c === */ 68-static char *regatoi(const regex_t *preg, char *localbuf); 69+static char *regatoi(const regex_t *preg, char *localbuf, int bufsize); 70 71 #ifdef __cplusplus 72 } 73