office/antiword: Update script.

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>

office/antiword/10_fix_buffer_overflow_wordole_c.patch

@@ -0,0 +1,21 @@
+Description: Add check for buffer overflow with malformed input files
+ This was later re-found and became CVE-2014-8123. 
+Author: <eriks@debian.org>
+Bug-Debian: https://bugs.debian.org/407015
+Bug-Debian: https://bugs.debian.org/771768
+Forwarded: https://seclists.org/oss-sec/2014/q4/870
+Last-Update: 2018-11-30
+
+--- antiword-0.37~/wordole.c	2005-08-26 21:49:57.000000000 +0200
++++ antiword-0.37/wordole.c	2009-06-03 22:31:15.948014682 +0200
+@@ -259,6 +259,10 @@
+ 		}
+ 		tNameSize = (size_t)usGetWord(0x40, aucBytes);
+ 		tNameSize = (tNameSize + 1) / 2;
++		if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) {
++			werr(0, "Name Size of PPS %d is too large", iIndex);
++			tNameSize = sizeof(atPPSlist[iIndex].szName);
++		}
+ 		vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
+ 		atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
+ 		if (atPPSlist[iIndex].ucType == 5) {

office/antiword/30_kantiword.patch

@@ -0,0 +1,205 @@
+Description: Improve kantiword scripts and use secure temp files
+ Closes: #259999, #363428, [CVE-2005-3126]
+Author: <eriks@debian.org>
+Bug-Debian: http://bugs.debian.org/259999
+Bug-Debian: http://bugs.debian.org/363428
+Last-Update: 2009-06-07
+
+--- antiword-0.37~/Unix-only/KDE3-only/kantiword.sh	2009-06-07 00:47:17.000000000 +0200
++++ antiword-0.37/Unix-only/KDE3-only/kantiword.sh	2009-06-07 00:57:27.564012775 +0200
+@@ -3,69 +3,145 @@
+ # Script to make drag and drop in KDE possible
+ #set -x
+ #
++CONFS=$(kde-config --path config | tr ':' ' ')
++CONF_FILE=kantiwordrc
++mapping=
+ 
+-if [ $# -lt 2 ]
+-then
+-	exit 0
++# default output format is PDF
++format="-a"
++ext=pdf
++
++for i in $CONFS; do
++    if [ -r "$i/$CONF_FILE" ]; then
++        ENCODING=$(grep ^encoding "$i/$CONF_FILE" | tr -d '[:blank:]' | cut -d '=' -f 2)
++        if [ -f "/usr/share/antiword/$ENCODING.txt" ]; then
++            mapping="-m $ENCODING.txt"
++        fi
++        FORMAT=$(grep ^output_format "$i/$CONF_FILE" | tr -d '[:blank:]' | cut -d '=' -f 2)
++        if [ "$FORMAT" = "PS" ]; then
++            # switch to output format PS, Cyrillic is better supported
++            format="-p"
++            ext=ps
++        fi
++        break
++    fi
++done
++
++DESKTOP=$(kde-config --userpath desktop)
++
++if [ $# -lt 2 ]; then
++    echo "Would you like to install an icon on your Desktop, where you"
++    echo "will be able to drop an *.doc file on to? It will be displayed"
++    echo "as a PDF document or as plain text (if no PDF viewer available)."
++    echo -n "[Y/n]: > "
++    read n
++    if [ "x$n" = "xy" ] || [ "x$n" = "xY" ] || [ "x$n" = "x" ]; then
++        if [ -r /etc/papersize ]; then
++            n=$(cat /etc/papersize)
++        fi
++        if [ "x$n" != "xa4" ] && [ "x$n" != "xletter" ]; then
++            echo
++            echo "Type"
++            echo "'a' for output papersize A4,"
++            echo "'l' for letter or"
++            echo "'n' for cancel."
++            echo -n "[a/l/N]: > "
++            read n
++        fi
++        if [ "x$n" = "xa" ] || [ "x$n" = "xa4" ]; then
++            cp -f /usr/share/antiword/kantiword.eu.desktop "$DESKTOP/kantiword.desktop"
++        elif [ "x$n" = "xl" ] || [ "x$n" = "xletter" ]; then
++            cp -f /usr/share/antiword/kantiword.us.desktop "$DESKTOP/kantiword.desktop"
++        fi
++    fi
++    exit 0
+ fi
+ 
+ # Determine the temp directory
+-if [ -d "$TMPDIR" ] && [ -w "$TMPDIR" ]
+-then
+-	tmp_dir=$TMPDIR
+-elif [ -d "$TEMP" ] && [ -w "$TEMP" ]
+-then
+-	tmp_dir=$TEMP
++if [ -d "$TMPDIR" ] && [ -w "$TMPDIR" ]; then
++    tmp_dir="$TMPDIR"
++elif [ -d "$TEMP" ] && [ -w "$TEMP" ]; then
++    tmp_dir="$TEMP"
+ else
+-	tmp_dir="/tmp"
+-fi                        
++    tmp_dir="/tmp"
++fi
+ 
+ # Try to create the temp files in a secure way
+-if [ -x /bin/tempfile ]
+-then
+-	out_file=`/bin/tempfile -d "$tmp_dir" -p antiword -s ".ps"` || exit 1
+-	err_file=`/bin/tempfile -d "$tmp_dir" -p antiword -s ".err"`
+-	if [ $? -ne 0 ]
+-	then
+-		rm -f "$out_file"
+-		exit 1
+-	fi
+-elif [ -x /bin/mktemp ]
+-then
+-	out_file=`/bin/mktemp -q -p "$tmp_dir" antiword.ps.XXXXXXXXX` || exit 1
+-	err_file=`/bin/mktemp -q -p "$tmp_dir" antiword.err.XXXXXXXXX`
+-	if [ $? -ne 0 ]
+-	then
+-		rm -f "$out_file"
+-		exit 1
+-	fi
++if [ -x /bin/tempfile ]; then
++    out_file=$(/bin/tempfile -d "$tmp_dir" -p antiword -s ".$ext") || exit 1
++    err_file=$(/bin/tempfile -d "$tmp_dir" -p antiword -s ".err")
++    txt_file=$(/bin/tempfile -d "$tmp_dir" -p antiword -s ".txt")
++    if [ $? -ne 0 ]; then
++        rm -f "$out_file"
++        exit 1
++    fi
++elif [ -x /bin/mktemp ]; then
++    out_file=$(/bin/mktemp -q -p "$tmp_dir" antiword.$ext.XXXXXXXXX) || exit 1
++    err_file=$(/bin/mktemp -q -p "$tmp_dir" antiword.err.XXXXXXXXX)
++    txt_file=$(/bin/mktemp -q -p "$tmp_dir" antiword.txt.XXXXXXXXX)
++    if [ $? -ne 0 ]; then
++        rm -f "$out_file"
++        exit 1
++    fi
+ else
+-	# Creating the temp files in an un-secure way
+-	out_file=$tmp_dir"/antiword.$$.ps"
+-	err_file=$tmp_dir"/antiword.$$.err"
++    # Creating the temp files in an un-secure way
++    out_file="$tmp_dir/antiword.$$.$ext"
++    err_file="$tmp_dir/antiword.$$.err"
++    txt_file="$tmp_dir/antiword.$$.txt"
+ fi
+ 
+-# Determine the paper size
+-paper_size=$1
+-shift
++error=0
++# filename is empty, user had clicked on icon, so print a help message
++# in err_file
++if [ -z $2 ]; then
++    cat >"$err_file" <<EOF
++    You should drag any *.doc file and drop it on this icon for
++    displaying. Kantiword can not do anything with an empty filename.
+ 
+-# Make the PostScript file
+-antiword -p $paper_size -i 0 "$@" 2>"$err_file" >"$out_file"
+-if [ $? -ne 0 ]
+-then
+-	# Something went wrong
+-	if [ -r "$err_file" ] && [ -s "$err_file" ]
+-	then
+-		konsole --caption "Error from Antword" -e less "$err_file"
+-	fi
+-	# Clean up
+-	rm -f "$out_file" "$err_file"
+-	exit 1
++EOF
++error=1
++else
++    # Determine the paper size
++    paper_size=$1
++    shift
++
++    # Make the output file (default PDF)
++    antiword $mapping $format $paper_size -i 0 "$@" 2>"$err_file" >"$out_file"
++    if [ $? -ne 0 ]; then
++        error=1
++    fi
++fi
++if [ $error -ne 0 ]; then
++    # Something went wrong
++    if [ -r "$err_file" ] && [ -s "$err_file" ]; then
++       if [ -x /usr/bin/konsole ]; then
++           /usr/bin/konsole --hold --caption "Error from Antiword" -e more "$err_file"
++       else
++           /usr/bin/X11/xterm -T "Error from Antiword" -e less "$err_file"
++       fi
++    fi
++    # Clean up
++    rm -f "$out_file" "$err_file" "$txt_file"
++    exit 1
+ fi
+ 
+-# Show the PostScript file
+-gv "$out_file" -nocentre -media $paper_size
++# Show the PDF file
++if [ "$ext" = "pdf" -a -x /usr/bin/kpdf ]; then
++    /usr/bin/kpdf "$out_file"
++elif [ "$ext" = "pdf" -a -x /usr/bin/xpdf ]; then
++    /usr/bin/xpdf "$out_file" -paper=$paper_size
++elif [ -x /usr/bin/gv ]; then
++    /usr/bin/gv "$out_file" --nocenter --media=$paper_size
++else
++    # no viewer available, so display as plain text
++    antiword $mapping "$@" 2>"$err_file" >"$txt_file"
++    if [ -x /usr/bin/konsole ]; then
++        /usr/bin/konsole --hold --caption "Text output from Antiword" -e more "$txt_file"
++    else
++        /usr/bin/X11/xterm -T "Text output from Antiword" -e less "$txt_file"
++    fi
++fi
+ 
+ # Clean up
+-rm -f "$out_file" "$err_file"
++rm -f "$out_file" "$err_file" "$txt_file"
+ exit 0

office/antiword/40_desktop_files.patch

@@ -0,0 +1,50 @@
+Description: Extend desktop files
+Author: <eriks@debian.org>
+Last-Update: 2009-06-04
+
+diff -urNad antiword-0.37~/Unix-only/KDE3-only/Antiword.desktop.eu antiword-0.37/Unix-only/KDE3-only/Antiword.desktop.eu
+--- antiword-0.37~/Unix-only/KDE3-only/Antiword.desktop.eu	2001-07-08 20:45:44.000000000 +0200
++++ antiword-0.37/Unix-only/KDE3-only/Antiword.desktop.eu	2009-06-04 10:03:59.508015784 +0200
+@@ -1,8 +1,16 @@
+ [Desktop Entry]
++Encoding=UTF-8
+ BinaryPattern=kantiword;Kantiword
+-MimeType=application/msword
+-Name=Antiword
++Comment=*.doc Dateien per Drag&Drop auf das Icon anzeigen
++Comment[de]=*.doc Dateien per Drag&Drop auf das Icon anzeigen
++Comment[en]=displays *.doc files via drag'n'drop on this icon
+ Exec=kantiword a4 "%f"
++GenericName=Anzeige für MS-Word-Dokument
++GenericName[de]=Anzeige für MS-Word-Dokument
++GenericName[en]=MS-Word document viewer
+ Icon=antiword
++MimeType=application/msword
++Name=Kantiword
++StartupNotify=false
++Terminal=false
+ Type=Application
+-Terminal=0
+diff -urNad antiword-0.37~/Unix-only/KDE3-only/Antiword.desktop.us antiword-0.37/Unix-only/KDE3-only/Antiword.desktop.us
+--- antiword-0.37~/Unix-only/KDE3-only/Antiword.desktop.us	2001-07-08 20:45:54.000000000 +0200
++++ antiword-0.37/Unix-only/KDE3-only/Antiword.desktop.us	2009-06-04 10:03:59.508015784 +0200
+@@ -1,8 +1,16 @@
+ [Desktop Entry]
++Encoding=UTF-8
+ BinaryPattern=kantiword;Kantiword
+-MimeType=application/msword
+-Name=Antiword
++Comment=*.doc Dateien per Drag&Drop auf das Icon anzeigen
++Comment[de]=*.doc Dateien per Drag&Drop auf das Icon anzeigen
++Comment[en]=displays *.doc files via drag'n'drop on this icon
+ Exec=kantiword letter "%f"
++GenericName=Anzeige für MS-Word-Dokument
++GenericName[de]=Anzeige für MS-Word-Dokument
++GenericName[en]=MS-Word document viewer
+ Icon=antiword
++MimeType=application/msword
++Name=Kantiword
++StartupNotify=false
++Terminal=false
+ Type=Application
+-Terminal=0

office/antiword/50_antiword-manpage-hyphen-to-minus.patch

@@ -0,0 +1,15 @@
+Description: Fix hyphen in antiword.1 to be a minus
+Author: Olly Betts <olly@survex.com>
+Last-Update: 2011-11-26
+
+--- antiword-0.37.orig/Docs/antiword.1
++++ antiword-0.37/Docs/antiword.1
+@@ -108,7 +108,7 @@ file that cannot be opened for reading.
+ Antiword uses the environment variable ``ANTIWORDHOME'' as the first directory
+ to look for its files. Antiword uses the environment variable ``HOME'' to find
+ the user's home directory. When in text mode it uses the variable ``COLUMNS''
+-to set the width of the output (unless overridden by the -w option).
++to set the width of the output (unless overridden by the \-w option).
+ 
+ Antiword uses the environment variables ``LC_ALL'', ``LC_CTYPE'' and ``LANG''
+ (in that order) to get the current locale and uses this information to

office/antiword/antiword.SlackBuild

@@ -27,7 +27,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PRGNAM=antiword
 VERSION=${VERSION:-0.37}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
 TAG=${TAG:-_SBo}
 PKGTYPE=${PKGTYPE:-tgz}
 
@@ -73,6 +73,17 @@ cd $TMP
 rm -rf $PRGNAM-$VERSION
 tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
 cd $PRGNAM-$VERSION
+
+# apply some patches from debian
+# see  https://framagit.org/medoc92/recoll-antiword
+patch -p1 < $CWD/10_fix_buffer_overflow_wordole_c.patch
+patch -p1 < $CWD/30_kantiword.patch
+patch -p1 < $CWD/40_desktop_files.patch
+patch -p1 < $CWD/50_antiword-manpage-hyphen-to-minus.patch
+patch -p1 < $CWD/docx.patch
+patch -p1 < $CWD/remove-cjb.net-references.patch
+patch -p1 < $CWD/use-snprintf.patch
+
 chown -R root:root .
 find -L . \
  \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \

office/antiword/docx.patch

@@ -0,0 +1,182 @@
+Description: Try to reduce confusion around docx files
+ Now also checks for XML files and HTML files
+Author: Olly Betts <olly@survex.com>
+Bug-Debian: https://bugs.debian.org/758959
+Bug-Debian: https://bugs.debian.org/791532
+Forwarded: no
+Last-Update: 2015-01-11
+
+--- a/Docs/antiword.1
++++ b/Docs/antiword.1
+@@ -14,7 +14,11 @@
+ .br
+ A wordfile named - stands for a Word document read from the standard input.
+ .br
+-Only documents made by MS Word version 2 and version 6 or later are supported.
++Only the binary format documents made by MS Word version 2, 6, 7, 97, 2000 and
++2003 are supported.  Newer Word versions default to using a completely
++different format consisting of XML files in a ZIP container (usually with a
++".docx" file extension) which antiword doesn't support.  It also doesn't
++support the "flat" XML format which MS Word 2003 supported.
+ .SH OPTIONS
+ .TP
+ .BI "\-a " papersize
+--- a/antiword.h
++++ b/antiword.h
+@@ -695,6 +695,9 @@
+ extern BOOL	bIsWordForDosFile(FILE *, long);
+ extern BOOL	bIsRtfFile(FILE *);
+ extern BOOL	bIsWordPerfectFile(FILE *);
++extern BOOL	bIsZipFile(FILE *);
++extern BOOL	bIsXMLFile(FILE *);
++extern BOOL	bIsHTMLFile(FILE *);
+ extern BOOL	bIsWinWord12File(FILE *, long);
+ extern BOOL	bIsMacWord45File(FILE *);
+ extern int	iGuessVersionNumber(FILE *, long);
+--- a/main_u.c
++++ b/main_u.c
+@@ -187,10 +187,29 @@
+ 			werr(0, "%s is not a Word Document."
+ 				" It is probably a Rich Text Format file",
+ 				szFilename);
+-		} if (bIsWordPerfectFile(pFile)) {
++		} else if (bIsWordPerfectFile(pFile)) {
+ 			werr(0, "%s is not a Word Document."
+ 				" It is probably a Word Perfect file",
+ 				szFilename);
++		} else if (bIsZipFile(pFile)) {
++			werr(0, "%s is not a Word Document."
++				" It seems to be a ZIP file, so is probably"
++				" an OpenDocument file, or a \"docx\" file"
++				" from MS Word 2007 or newer"
++				" (antiword only handles binary format"
++				" documents from MS Word 2003 and earlier)",
++				szFilename);
++		} else if (bIsXMLFile(pFile)) {
++			werr(0, "%s is not a Word Document."
++				" It seems to be an XML file, perhaps"
++				" the XML format from MS Word 2003"
++				" (antiword only handles binary format"
++				" documents from MS Word 2003 and earlier)",
++				szFilename);
++		} else if (bIsHTMLFile(pFile)) {
++			werr(0, "%s is not a Word Document."
++				" It is probably an HTML file",
++				szFilename);
+ 		} else {
+ #if defined(__dos)
+ 			werr(0, "%s is not a Word Document or the filename"
+--- a/wordlib.c
++++ b/wordlib.c
+@@ -41,7 +41,7 @@
+ BOOL
+ bIsWordForDosFile(FILE *pFile, long lFilesize)
+ {
+-	static UCHAR	aucBytes[] =
++	static const UCHAR	aucBytes[] =
+ 		{ 0x31, 0xbe, 0x00, 0x00, 0x00, 0xab };	/* Word for DOS */
+ 
+ 	DBG_MSG("bIsWordForDosFile");
+@@ -64,7 +64,7 @@
+ static BOOL
+ bIsWordFileWithOLE(FILE *pFile, long lFilesize)
+ {
+-	static UCHAR	aucBytes[] =
++	static const UCHAR	aucBytes[] =
+ 		{ 0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1 };
+ 	int	iTailLen;
+ 
+@@ -108,7 +108,7 @@
+ BOOL
+ bIsRtfFile(FILE *pFile)
+ {
+-	static UCHAR	aucBytes[] =
++	static const UCHAR	aucBytes[] =
+ 		{ '{', '\\', 'r', 't', 'f', '1' };
+ 
+ 	DBG_MSG("bIsRtfFile");
+@@ -122,7 +122,7 @@
+ BOOL
+ bIsWordPerfectFile(FILE *pFile)
+ {
+-	static UCHAR	aucBytes[] =
++	static const UCHAR	aucBytes[] =
+ 		{ 0xff, 'W', 'P', 'C' };
+ 
+ 	DBG_MSG("bIsWordPerfectFile");
+@@ -131,13 +131,65 @@
+ } /* end of bIsWordPerfectFile */
+ 
+ /*
++ * This function checks whether the given file is or is not a ZIP file
++ */
++BOOL
++bIsZipFile(FILE *pFile)
++{
++	static const UCHAR	aucBytes[] =
++		{ 'P', 'K', 0x03, 0x04 };
++
++	DBG_MSG("bIsZipFile");
++
++	return bCheckBytes(pFile, aucBytes, elementsof(aucBytes));
++} /* end of bIsZipFile */
++
++/*
++ * This function checks whether the given file is or is not a XML file
++ */
++BOOL
++bIsXMLFile(FILE *pFile)
++{
++	static const UCHAR	aucBytes[] =
++		{ '<', '?', 'x', 'm', 'l' };
++
++	DBG_MSG("bIsXMLFile");
++
++	return bCheckBytes(pFile, aucBytes, elementsof(aucBytes));
++} /* end of bIsXMLFile */
++
++/*
++ * This function checks whether the given file is or is not a HTML file
++ */
++BOOL
++bIsHTMLFile(FILE *pFile)
++{
++	static const UCHAR	aucBytes[2][5] = {
++		{ '<', 'h', 't', 'm', 'l' },
++		{ '<', 'H', 'T', 'M', 'L' },
++	};
++	int	iIndex;
++
++	DBG_MSG("bIsHTMLFile");
++
++	for (iIndex = 0; iIndex < (int)elementsof(aucBytes); iIndex++) {
++		if (bCheckBytes(pFile,
++				aucBytes[iIndex],
++				elementsof(aucBytes[iIndex]))) {
++			return TRUE;
++		}
++	}
++	return FALSE;
++} /* end of bIsHTMLFile */
++
++/*
+  * This function checks whether the given file is or is not a "Win Word 1 or 2"
+  * document
+  */
+ BOOL
+ bIsWinWord12File(FILE *pFile, long lFilesize)
+ {
+-	static UCHAR	aucBytes[2][4] = {
++	static const UCHAR	aucBytes[2][4] = {
+ 		{ 0x9b, 0xa5, 0x21, 0x00 },	/* Win Word 1.x */
+ 		{ 0xdb, 0xa5, 0x2d, 0x00 },	/* Win Word 2.0 */
+ 	};
+@@ -171,7 +223,7 @@
+ BOOL
+ bIsMacWord45File(FILE *pFile)
+ {
+-	static UCHAR	aucBytes[2][6] = {
++	static const UCHAR	aucBytes[2][6] = {
+ 		{ 0xfe, 0x37, 0x00, 0x1c, 0x00, 0x00 },	/* Mac Word 4 */
+ 		{ 0xfe, 0x37, 0x00, 0x23, 0x00, 0x00 },	/* Mac Word 5 */
+ 	};

office/antiword/remove-cjb.net-references.patch

@@ -0,0 +1,40 @@
+Description: Remove cjb.net references
+ The domain has been let lapse and is now a holding page.
+Author: Olly Betts <olly@survex.com>
+Forwarded: no
+Last-Update: 2016-01-11
+
+--- antiword-0.37.orig/Docs/ReadMe
++++ antiword-0.37/Docs/ReadMe
+@@ -101,7 +101,6 @@ Most recent version
+ 
+ Most recent version of Antiword can be found on the author's website:
+ ==>>  http://www.winfield.demon.nl/index.html  <<==
+-==>>  http://antiword.cjb.net/  <<==
+ 
+ 
+ Author
+@@ -109,6 +108,5 @@ Author
+ 
+ The author can be reached by e-mail:
+ antiword@winfield.demon.nl
+-comments@antiword.cjb.net
+ 
+ But PLEASE read the FAQ before you write!!
+--- antiword-0.37.orig/Docs/antiword.1
++++ antiword-0.37/Docs/antiword.1
+@@ -125,14 +125,8 @@ PostScript output is only available in I
+ The most recent released version of Antiword is always available from:
+ .br
+ http://www.winfield.demon.nl/index.html
+-.br
+-or try
+-.br
+-http://antiword.cjb.net/
+ .SH AUTHOR
+ Adri van Os <antiword@winfield.demon.nl>
+-.br
+-or try <comments@antiword.cjb.net>
+ .sp
+ R.F. Smith <rsmith@xs4all.nl> and
+ .br

office/antiword/use-snprintf.patch

@@ -0,0 +1,36 @@
+Description: Use snprintf
+ Use snprintf() when converting dates to strings to make completely sure we
+ can't overrun the buffer.
+Author: Olly Betts <olly@survex.com>
+Forwarded: no
+Last-Update: 2018-11-29
+
+--- antiword-0.37.orig/summary.c
++++ antiword-0.37/summary.c
+@@ -729,7 +729,7 @@ szGetLastSaveDtm(void)
+ 	if (pTime == NULL) {
+ 		return NULL;
+ 	}
+-	sprintf(szTime, "%04d-%02d-%02d",
++	snprintf(szTime, sizeof(szTime), "%04d-%02d-%02d",
+ 		pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday);
+ 	return szTime;
+ } /* end of szGetLastSaveDtm */
+@@ -750,7 +750,7 @@ szGetModDate(void)
+ 	if (pTime == NULL) {
+ 		return NULL;
+ 	}
+-	sprintf(szTime, "D:%04d%02d%02d%02d%02d",
++	snprintf(szTime, sizeof(szTime), "D:%04d%02d%02d%02d%02d",
+ 		pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday,
+ 		pTime->tm_hour, pTime->tm_min);
+ 	return szTime;
+@@ -772,7 +772,7 @@ szGetCreationDate(void)
+ 	if (pTime == NULL) {
+ 		return NULL;
+ 	}
+-	sprintf(szTime, "D:%04d%02d%02d%02d%02d",
++	snprintf(szTime, sizeof(szTime), "D:%04d%02d%02d%02d%02d",
+ 		pTime->tm_year + 1900, pTime->tm_mon + 1, pTime->tm_mday,
+ 		pTime->tm_hour, pTime->tm_min);
+ 	return szTime;