From 5b0bf9098815e3cc85011aa5307774d1bb971fa6 Mon Sep 17 00:00:00 2001
From: Ali Gholami Rudi <ali@rudi.ir>
Date: Sat, 25 Nov 2017 19:08:53 +0330
Subject: [PATCH] box: use vsnprintf() to prevent buffer overflow

---
 box.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/box.c b/box.c
index 057a3f2..549912c 100644
--- a/box.c
+++ b/box.c
@@ -40,7 +40,7 @@ void box_putf(struct box *box, char *s, ...)
 	char buf[LNLEN];
 	va_list ap;
 	va_start(ap, s);
-	vsprintf(buf, s, ap);
+	vsnprintf(buf, sizeof(buf), s, ap);
 	va_end(ap);
 	box_put(box, buf);
 }
@@ -161,7 +161,7 @@ void box_puttext(struct box *box, int type, char *s, ...)
 	char buf[LNLEN];
 	va_list ap;
 	va_start(ap, s);
-	vsprintf(buf, s, ap);
+	vsnprintf(buf, sizeof(buf), s, ap);
 	va_end(ap);
 	box_beforeput(box, type, 0);
 	if (!(box->tcur & T_ITALIC) && (type & T_ITALIC))
-- 
2.11.4.GIT