Remove all sprintf calls

Replace them with snprintf, which ensures buffer overflows won't
happen.

2 files changed, 5 insertions, 4 deletions

diff --git a/swaynag/config.c b/swaynag/config.c
index 6db7cce5..ede0938c 100644
--- a/swaynag/config.c
+++ b/swaynag/config.c
@@ -414,8 +414,8 @@ int swaynag_load_config(char *path, struct swaynag *swaynag, list_t *types) {
 			}
 			free(name);
 		} else {
-			char *flag = malloc(sizeof(char) * (nread + 3));
-			sprintf(flag, "--%s", line);
+			char *flag = malloc(nread + 3);
+			snprintf(flag, nread + 3, "--%s", line);
 			char *argv[] = {"swaynag", flag};
 			result = swaynag_parse_options(2, argv, swaynag, types, type,
 					NULL, NULL);
diff --git a/swaynag/swaynag.c b/swaynag/swaynag.c
index 03ec0411..23d23f38 100644
--- a/swaynag/swaynag.c
+++ b/swaynag/swaynag.c
@@ -28,8 +28,9 @@ static bool terminal_execute(char *terminal, char *command) {
 	fprintf(tmp, "#!/bin/sh\nrm %s\n%s", fname, command);
 	fclose(tmp);
 	chmod(fname, S_IRUSR | S_IWUSR | S_IXUSR);
-	char *cmd = malloc(sizeof(char) * (strlen(terminal) + strlen(" -e ") + strlen(fname) + 1));
-	sprintf(cmd, "%s -e %s", terminal, fname);
+	size_t cmd_size = strlen(terminal) + strlen(" -e ") + strlen(fname) + 1;
+	char *cmd = malloc(cmd_size);
+	snprintf(cmd, cmd_size, "%s -e %s", terminal, fname);
 	execlp("sh", "sh", "-c", cmd, NULL);
 	sway_log_errno(SWAY_ERROR, "Failed to run command, execlp() returned.");
 	free(cmd);