This patch was created by oCert according to

http://www.ocert.org/advisories/ocert-2008-014.html

and can be downloaded from

http://www.ocert.org/analysis/2008-014/wordnet.patch

Unfortunately the original patch had a problem which

caused 'wordnet test -synsn' to fail. The critical

part of the patch was removed from the whole patch

set and is moved to 51_overflows_memcpy.patch which

uses memcpy instead of the formerly used strcpy.

Index: wordnet-3.0/lib/binsrch.c

===================================================================

--- wordnet-3.0.orig/lib/binsrch.c 2013-02-19 16:03:01.698031603 +0800

+++ wordnet-3.0/lib/binsrch.c 2013-02-19 16:03:01.686031603 +0800

@@ -28,7 +28,7 @@

char *linep;

linep = line;

- line[0] = '0';

+ line[0] = '\0';

fseek( fp, offset, SEEK_SET );

fgets(linep, LINE_LEN, fp);

@@ -58,6 +58,8 @@

last_bin_search_offset = ftell( fp );

fgets(linep, LINE_LEN, fp);

length = (int)(strchr(linep, ' ') - linep);

+ if (length > (sizeof(key) - 1))

+ return(NULL);

strncpy(key, linep, length);

key[length] = '\0';

if(strcmp(key, searchkey) < 0) {

@@ -110,6 +112,8 @@

line[length++] = c;

if (getc(fp) == EOF) { /* only 1 line in file */

length = (int)(strchr(linep, ' ') - linep);

+ if (length > (sizeof(key) - 1))

+ return(0);

strncpy(key, linep, length);

key[length] = '\0';

if(strcmp(key, searchkey) > 0) {

@@ -132,6 +136,8 @@

if (fgets(linep, LINE_LEN, fp) != NULL) {

offset2 = ftell(fp); /* offset at start of next line */

length = (int)(strchr(linep, ' ') - linep);

+ if (length > (sizeof(key) - 1))

+ return(0);

strncpy(key, linep, length);

key[length] = '\0';

if(strcmp(key, searchkey) < 0) { /* further in file */

Index: wordnet-3.0/lib/morph.c

===================================================================

--- wordnet-3.0.orig/lib/morph.c 2013-02-19 16:03:01.698031603 +0800

+++ wordnet-3.0/lib/morph.c 2013-02-19 16:06:14.850029761 +0800

@@ -51,21 +51,21 @@

char *str;

int strlen;

} prepositions[NUMPREPS] = {

- "to", 2,

- "at", 2,

- "of", 2,

- "on", 2,

- "off", 3,

- "in", 2,

- "out", 3,

- "up", 2,

- "down", 4,

- "from", 4,

- "with", 4,

- "into", 4,

- "for", 3,

- "about", 5,

- "between", 7,

+ { "to", 2 },

+ { "at", 2 },

+ { "of", 2 },

+ { "on", 2 },

+ { "off", 3 },

+ { "in", 2 },

+ { "out", 3 },

+ { "up", 2 },

+ { "down", 4 },

+ { "from", 4 },

+ { "with", 4 },

+ { "into", 4 },

+ { "for", 3 },

+ { "about", 5 },

+ { "between", 7 }

};

static FILE *exc_fps[NUMPARTS + 1];

@@ -144,18 +144,19 @@

} else

sprintf(searchdir, DEFAULTPATH);

#else

- if ((env = getenv("WNSEARCHDIR")) != NULL)

- strcpy(searchdir, env);

- else if ((env = getenv("WNHOME")) != NULL)

- sprintf(searchdir, "%s%s", env, DICTDIR);

- else

+ if ((env = getenv("WNSEARCHDIR")) != NULL) {

+ snprintf(searchdir, sizeof(searchdir), "%s", env);

+ } else if ((env = getenv("WNHOME")) != NULL) {

+ snprintf(searchdir, sizeof(searchdir), "%s%s", env, DICTDIR);

+ } else {

strcpy(searchdir, DEFAULTPATH);

+ }

#endif

for (i = 1; i <= NUMPARTS; i++) {

- sprintf(fname, EXCFILE, searchdir, partnames[i]);

+ snprintf(fname, sizeof(fname), EXCFILE, searchdir, partnames[i]);

if ((exc_fps[i] = fopen(fname, "r")) == NULL) {

- sprintf(msgbuf,

+ snprintf(msgbuf, sizeof(msgbuf),

"WordNet library error: Can't open exception file(%s)\n\n",

fname);

display_message(msgbuf);

@@ -178,13 +179,16 @@

int prep;

char *end_idx1, *end_idx2;

char *append;

-

+

if (pos == SATELLITE)

pos = ADJ;

/* First time through for this string */

if (origstr != NULL) {

+ if (strlen(origstr) > WORDBUF - 1)

+ return(NULL);

+

/* Assume string hasn't had spaces substitued with '_' */

strtolower(strsubst(strcpy(str, origstr), ' ', '_'));

searchstr[0] = '\0';

@@ -232,7 +236,7 @@

if (end_idx < 0) return(NULL); /* shouldn't do this */

strncpy(word, str + st_idx, end_idx - st_idx);

word[end_idx - st_idx] = '\0';

- if(tmp = morphword(word, pos))

+ if ((tmp = morphword(word, pos)) != NULL)

strcat(searchstr,tmp);

else

strcat(searchstr,word);

@@ -240,7 +244,7 @@

st_idx = end_idx + 1;

}

- if(tmp = morphword(strcpy(word, str + st_idx), pos))

+ if ((tmp = morphword(strcpy(word, str + st_idx), pos)) != NULL)

strcat(searchstr,tmp);

else

strcat(searchstr,word);

@@ -270,16 +274,15 @@

{

int offset, cnt;

int i;

- static char retval[WORDBUF];

- char *tmp, tmpbuf[WORDBUF], *end;

-

- sprintf(retval,"");

- sprintf(tmpbuf, "");

- end = "";

-

+ static char retval[WORDBUF] = "";

+ char *tmp, tmpbuf[WORDBUF] = "", *end = "";

+

if(word == NULL)

return(NULL);

+ if (strlen(word) > WORDBUF - 1)

+ return(NULL);

+

/* first look for word on exception list */

if((tmp = exc_lookup(word, pos)) != NULL)

@@ -335,7 +338,10 @@

{

char *pt1;

static char copy[WORDBUF];

-

+

+ if (strlen(word) > WORDBUF - 1)

+ return(NULL);

+

strcpy(copy, word);

if(strend(copy,sufx[ender])) {

pt1=strchr(copy,'\0');

@@ -368,13 +374,14 @@

{

static char line[WORDBUF], *beglp, *endlp;

char *excline;

- int found = 0;

if (exc_fps[pos] == NULL)

return(NULL);

/* first time through load line from exception file */

if(word != NULL){

+ if (strlen(word) > WORDBUF - 1)

+ return(NULL);

if ((excline = bin_search(word, exc_fps[pos])) != NULL) {

strcpy(line, excline);

endlp = strchr(line,' ');

@@ -403,6 +410,9 @@

char word[WORDBUF], end[WORDBUF];

static char retval[WORDBUF];

+ if (strlen(s) > WORDBUF - 1)

+ return (NULL);

+

/* Assume that the verb is the first word in the phrase. Strip it

off, check for validity, then try various morphs with the

rest of the phrase tacked on, trying to find a match. */

@@ -410,7 +420,7 @@

rest = strchr(s, '_');

last = strrchr(s, '_');

if (rest != last) { /* more than 2 words */

- if (lastwd = morphword(last + 1, NOUN)) {

+ if ((lastwd = morphword(last + 1, NOUN)) != NULL) {

strncpy(end, rest, last - rest + 1);

end[last-rest+1] = '\0';

strcat(end, lastwd);

Index: wordnet-3.0/lib/search.c

===================================================================

--- wordnet-3.0.orig/lib/search.c 2013-02-19 16:03:01.698031603 +0800

+++ wordnet-3.0/lib/search.c 2013-02-19 16:03:01.690031603 +0800

@@ -13,6 +13,7 @@

#include <stdlib.h>

#include <string.h>

#include <assert.h>

+#include <limits.h>

#include "wn.h"

@@ -119,33 +120,22 @@

if ( !line )

line = read_index( offset, indexfps[dbase] );

- idx = (IndexPtr)malloc(sizeof(Index));

+ idx = (IndexPtr)calloc(1, sizeof(Index));

assert(idx);

/* set offset of entry in index file */

idx->idxoffset = offset;

- idx->wd='\0';

- idx->pos='\0';

- idx->off_cnt=0;

- idx->tagged_cnt = 0;

- idx->sense_cnt=0;

- idx->offset='\0';

- idx->ptruse_cnt=0;

- idx->ptruse='\0';

-

/* get the word */

ptrtok=strtok(line," \n");

- idx->wd = malloc(strlen(ptrtok) + 1);

+ idx->wd = strdup(ptrtok);

assert(idx->wd);

- strcpy(idx->wd, ptrtok);

/* get the part of speech */

ptrtok=strtok(NULL," \n");

- idx->pos = malloc(strlen(ptrtok) + 1);

+ idx->pos = strdup(ptrtok);

assert(idx->pos);

- strcpy(idx->pos, ptrtok);

/* get the collins count */

ptrtok=strtok(NULL," \n");

@@ -154,7 +144,12 @@

/* get the number of pointers types */

ptrtok=strtok(NULL," \n");

idx->ptruse_cnt = atoi(ptrtok);

-

+

+ if (idx->ptruse_cnt < 0 || (unsigned int)idx->ptruse_cnt > UINT_MAX/sizeof(int)) {

+ free_index(idx);

+ return(NULL);

+ }

+

if (idx->ptruse_cnt) {

idx->ptruse = (int *) malloc(idx->ptruse_cnt * (sizeof(int)));

assert(idx->ptruse);

@@ -173,9 +168,14 @@

/* get the number of senses that are tagged */

ptrtok=strtok(NULL," \n");

idx->tagged_cnt = atoi(ptrtok);

-

+

+ if (idx->off_cnt < 0 || (unsigned long)idx->off_cnt > ULONG_MAX/sizeof(long)) {

+ free_index(idx);

+ return(NULL);

+ }

+

/* make space for the offsets */

- idx->offset = (long *) malloc(idx->off_cnt * (sizeof(long)));

+ idx->offset = (unsigned long *) malloc(idx->off_cnt * sizeof(long));

assert(idx->offset);

/* get the offsets */

@@ -197,15 +197,21 @@

char strings[MAX_FORMS][WORDBUF]; /* vector of search strings */

static IndexPtr offsets[MAX_FORMS];

static int offset;

-

+

/* This works like strrok(): if passed with a non-null string,

prepare vector of search strings and offsets. If string

is null, look at current list of offsets and return next

one, or NULL if no more alternatives for this word. */

if (searchstr != NULL) {

+ /* Bail out if the input is too long for us to handle */

+ if (strlen(searchstr) > (WORDBUF - 1)) {

+ strcpy(msgbuf, "WordNet library error: search term is too long\n");

+ display_message(msgbuf);

+ return(NULL);

+ }

- offset = 0;

+ offset = 0;

strtolower(searchstr);

for (i = 0; i < MAX_FORMS; i++) {

strcpy(strings[i], searchstr);

@@ -229,11 +235,11 @@

/* Get offset of first entry. Then eliminate duplicates

and get offsets of unique strings. */

- if (strings[0][0] != NULL)

+ if (strings[0] != NULL)

offsets[0] = index_lookup(strings[0], dbase);

for (i = 1; i < MAX_FORMS; i++)

- if ((strings[i][0]) != NULL && (strcmp(strings[0], strings[i])))

+ if (strings[i] != NULL && (strcmp(strings[0], strings[i])))

offsets[i] = index_lookup(strings[i], dbase);

}

@@ -272,7 +278,7 @@

SynsetPtr parse_synset(FILE *fp, int dbase, char *word)

{

static char line[LINEBUF];

- char tbuf[SMLINEBUF];

+ char tbuf[SMLINEBUF] = "";

char *ptrtok;

char *tmpptr;

int foundpert = 0;

@@ -286,33 +292,11 @@

if ((tmpptr = fgets(line, LINEBUF, fp)) == NULL)

return(NULL);

- synptr = (SynsetPtr)malloc(sizeof(Synset));

+ synptr = (SynsetPtr)calloc(1, sizeof(Synset));

assert(synptr);

-

- synptr->hereiam = 0;

+

synptr->sstype = DONT_KNOW;

- synptr->fnum = 0;

- synptr->pos = '\0';

- synptr->wcount = 0;

- synptr->words = '\0';

- synptr->whichword = 0;

- synptr->ptrcount = 0;

- synptr->ptrtyp = '\0';

- synptr->ptroff = '\0';

- synptr->ppos = '\0';

- synptr->pto = '\0';

- synptr->pfrm = '\0';

- synptr->fcount = 0;

- synptr->frmid = '\0';

- synptr->frmto = '\0';

- synptr->defn = '\0';

- synptr->key = 0;

- synptr->nextss = NULL;

- synptr->nextform = NULL;

synptr->searchtype = -1;

- synptr->ptrlist = NULL;

- synptr->headword = NULL;

- synptr->headsense = 0;

ptrtok = line;

@@ -322,7 +306,7 @@

/* sanity check - make sure starting file offset matches first field */

if (synptr->hereiam != loc) {

- sprintf(msgbuf, "WordNet library error: no synset at location %d\n",

+ sprintf(msgbuf, "WordNet library error: no synset at location %ld\n",

loc);

display_message(msgbuf);

free(synptr);

@@ -335,16 +319,20 @@

/* looking at POS */

ptrtok = strtok(NULL, " \n");

- synptr->pos = malloc(strlen(ptrtok) + 1);

+ synptr->pos = strdup(ptrtok);

assert(synptr->pos);

- strcpy(synptr->pos, ptrtok);

if (getsstype(synptr->pos) == SATELLITE)

synptr->sstype = INDIRECT_ANT;

/* looking at numwords */

ptrtok = strtok(NULL, " \n");

synptr->wcount = strtol(ptrtok, NULL, 16);

-

+

+ if (synptr->wcount < 0 || (unsigned int)synptr->wcount > UINT_MAX/sizeof(char *)) {

+ free_syns(synptr);

+ return(NULL);

+ }

+

synptr->words = (char **)malloc(synptr->wcount * sizeof(char *));

assert(synptr->words);

synptr->wnsns = (int *)malloc(synptr->wcount * sizeof(int));

@@ -354,9 +342,8 @@

for (i = 0; i < synptr->wcount; i++) {

ptrtok = strtok(NULL, " \n");

- synptr->words[i] = malloc(strlen(ptrtok) + 1);

+ synptr->words[i] = strdup(ptrtok);

assert(synptr->words[i]);

- strcpy(synptr->words[i], ptrtok);

/* is this the word we're looking for? */

@@ -371,6 +358,12 @@

ptrtok = strtok(NULL," \n");

synptr->ptrcount = atoi(ptrtok);

+ /* Should we check for long here as well? */

+ if (synptr->ptrcount < 0 || (unsigned int)synptr->ptrcount > UINT_MAX/sizeof(int)) {

+ free_syns(synptr);

+ return(NULL);

+ }

+

if (synptr->ptrcount) {

/* alloc storage for the pointers */

@@ -455,21 +448,23 @@

ptrtok = strtok(NULL," \n");

if (ptrtok) {

ptrtok = strtok(NULL," \n");

- sprintf(tbuf, "");

while (ptrtok != NULL) {

+ if (strlen(ptrtok) + strlen(tbuf) + 1 + 1 > sizeof(tbuf)) {

+ free_syns(synptr);

+ return(NULL);

+ }

strcat(tbuf,ptrtok);

ptrtok = strtok(NULL, " \n");

if(ptrtok)

strcat(tbuf," ");

}

- assert((1 + strlen(tbuf)) < sizeof(tbuf));

- synptr->defn = malloc(strlen(tbuf) + 4);

+ synptr->defn = malloc(strlen(tbuf) + 3);

assert(synptr->defn);

sprintf(synptr->defn,"(%s)",tbuf);

}

if (keyindexfp) { /* we have unique keys */

- sprintf(tmpbuf, "%c:%8.8d", partchars[dbase], synptr->hereiam);

+ sprintf(tmpbuf, "%c:%8.8ld", partchars[dbase], synptr->hereiam);

synptr->key = GetKeyForOffset(tmpbuf);

}

@@ -635,7 +630,7 @@

if ((ptrtyp == PERTPTR || ptrtyp == PPLPTR) &&

synptr->pto[i] != 0) {

- sprintf(tbuf, " (Sense %d)\n",

+ snprintf(tbuf, sizeof(tbuf), " (Sense %d)\n",

cursyn->wnsns[synptr->pto[i] - 1]);

printsynset(prefix, cursyn, tbuf, DEFOFF, synptr->pto[i],

SKIP_ANTS, PRINT_MARKER);

@@ -656,7 +651,7 @@

traceptrs(cursyn, HYPERPTR, getpos(cursyn->pos), 0);

}

} else if (ptrtyp == ANTPTR && dbase != ADJ && synptr->pto[i] != 0) {

- sprintf(tbuf, " (Sense %d)\n",

+ snprintf(tbuf, sizeof(tbuf), " (Sense %d)\n",

cursyn->wnsns[synptr->pto[i] - 1]);

printsynset(prefix, cursyn, tbuf, DEFOFF, synptr->pto[i],

SKIP_ANTS, PRINT_MARKER);

@@ -817,7 +812,7 @@

cursyn = read_synset(synptr->ppos[i], synptr->ptroff[i], "");

- sprintf(tbuf, "#%d\n",

+ snprintf(tbuf, sizeof(tbuf), "#%d\n",

cursyn->wnsns[synptr->pto[i] - 1]);

printsynset(prefix, cursyn, tbuf, DEFOFF, synptr->pto[i],

SKIP_ANTS, SKIP_MARKER);

@@ -989,12 +984,12 @@

char sentbuf[512];

if (vsentfilefp != NULL) {

- if (line = bin_search(offset, vsentfilefp)) {

+ if ((line = bin_search(offset, vsentfilefp)) != NULL) {

while(*line != ' ')

line++;

printbuffer(" EX: ");

- sprintf(sentbuf, line, wd);

+ snprintf(sentbuf, sizeof(sentbuf), line, wd);

printbuffer(sentbuf);

}

}

@@ -1011,7 +1006,7 @@

if (vidxfilefp != NULL) {

wdnum = synptr->whichword - 1;

- sprintf(tbuf,"%s%%%-1.1d:%-2.2d:%-2.2d::",

+ snprintf(tbuf, sizeof(tbuf), "%s%%%-1.1d:%-2.2d:%-2.2d::",

synptr->words[wdnum],

getpos(synptr->pos),

synptr->fnum,

@@ -1124,7 +1119,7 @@

if (cnt >= 17 && cnt <= 32) familiar = 6;

if (cnt > 32 ) familiar = 7;

- sprintf(tmpbuf,

+ snprintf(tmpbuf, sizeof(tmpbuf),

"\n%s used as %s is %s (polysemy count = %d)\n",

index->wd, a_an[getpos(index->pos)], freqcats[familiar], cnt);

printbuffer(tmpbuf);

@@ -1147,6 +1142,9 @@

}

rewind(inputfile);

+ if (strlen(word_passed) + 1 > sizeof(word))

+ return;

+

strcpy (word, word_passed);

ToLowerCase(word); /* map to lower case for index file search */

strsubst (word, ' ', '_'); /* replace spaces with underscores */

@@ -1169,7 +1167,7 @@

((line[loc + wordlen] == '-') || (line[loc + wordlen] == '_')))

) {

strsubst (line, '_', ' ');

- sprintf (tmpbuf, "%s\n", line);

+ snprintf (tmpbuf, sizeof(tmpbuf), "%s\n", line);

printbuffer (tmpbuf);

break;

}

@@ -1683,9 +1681,8 @@

cursyn = read_synset(synptr->ppos[i],

synptr->ptroff[i],

"");

- synptr->headword = malloc(strlen(cursyn->words[0]) + 1);

+ synptr->headword = strdup(cursyn->words[0]);

assert(synptr->headword);

- strcpy(synptr->headword, cursyn->words[0]);

synptr->headsense = cursyn->lexid[0];

free_synset(cursyn);

break;

@@ -2013,7 +2010,7 @@

strsubst(strcpy(wdbuf, synptr->words[whichword - 1]), ' ', '_');

strtolower(wdbuf);

- if (idx = index_lookup(wdbuf, getpos(synptr->pos))) {

+ if ((idx = index_lookup(wdbuf, getpos(synptr->pos))) != NULL) {

for (i = 0; i < idx->off_cnt; i++)

if (idx->offset[i] == synptr->hereiam) {

free_index(idx);

@@ -2037,7 +2034,7 @@

by flags */

if (offsetflag) /* print synset offset */

- sprintf(tbuf + strlen(tbuf),"{%8.8d} ", synptr->hereiam);

+ sprintf(tbuf + strlen(tbuf),"{%8.8ld} ", synptr->hereiam);

if (fileinfoflag) { /* print lexicographer file information */

sprintf(tbuf + strlen(tbuf), "<%s> ", lexfiles[synptr->fnum]);

prlexid = 1; /* print lexicographer id after word */

@@ -2072,7 +2069,7 @@

tbuf[0] = '\0';

if (offsetflag)

- sprintf(tbuf,"{%8.8d} ", synptr->hereiam);

+ sprintf(tbuf,"{%8.8ld} ", synptr->hereiam);

if (fileinfoflag) {

sprintf(tbuf + strlen(tbuf),"<%s> ", lexfiles[synptr->fnum]);

prlexid = 1;

Index: wordnet-3.0/lib/wnutil.c

===================================================================

--- wordnet-3.0.orig/lib/wnutil.c 2013-02-19 16:03:01.698031603 +0800

+++ wordnet-3.0/lib/wnutil.c 2013-02-19 16:03:01.690031603 +0800

@@ -48,7 +48,7 @@

char *env;

if (!done) {

- if (env = getenv("WNDBVERSION")) {

+ if ((env = getenv("WNDBVERSION")) != NULL) {

wnrelease = strdup(env); /* set release */

assert(wnrelease);

}

@@ -70,7 +70,7 @@

closefps();

- if (env = getenv("WNDBVERSION")) {

+ if ((env = getenv("WNDBVERSION")) != NULL) {

wnrelease = strdup(env); /* set release */

assert(wnrelease);

}

@@ -149,25 +149,25 @@

sprintf(searchdir, DEFAULTPATH);

#else

if ((env = getenv("WNSEARCHDIR")) != NULL)

- strcpy(searchdir, env);

+ snprintf(searchdir, sizeof(searchdir), "%s", env);

else if ((env = getenv("WNHOME")) != NULL)

- sprintf(searchdir, "%s%s", env, DICTDIR);

+ snprintf(searchdir, sizeof(searchdir), "%s%s", env, DICTDIR);

else

strcpy(searchdir, DEFAULTPATH);

#endif

for (i = 1; i < NUMPARTS + 1; i++) {

- sprintf(tmpbuf, DATAFILE, searchdir, partnames[i]);

+ snprintf(tmpbuf, sizeof(tmpbuf), DATAFILE, searchdir, partnames[i]);

if((datafps[i] = fopen(tmpbuf, "r")) == NULL) {

- sprintf(msgbuf,

+ snprintf(msgbuf, sizeof(msgbuf),

"WordNet library error: Can't open datafile(%s)\n",

tmpbuf);

display_message(msgbuf);

openerr = -1;

}

- sprintf(tmpbuf, INDEXFILE, searchdir, partnames[i]);

+ snprintf(tmpbuf, sizeof(tmpbuf), INDEXFILE, searchdir, partnames[i]);

if((indexfps[i] = fopen(tmpbuf, "r")) == NULL) {

- sprintf(msgbuf,

+ snprintf(msgbuf, sizeof(msgbuf),

"WordNet library error: Can't open indexfile(%s)\n",

tmpbuf);

display_message(msgbuf);

@@ -178,35 +178,35 @@

/* This file isn't used by the library and doesn't have to

be present. No error is reported if the open fails. */

- sprintf(tmpbuf, SENSEIDXFILE, searchdir);

+ snprintf(tmpbuf, sizeof(tmpbuf), SENSEIDXFILE, searchdir);

sensefp = fopen(tmpbuf, "r");

/* If this file isn't present, the runtime code will skip printint out

the number of times each sense was tagged. */

- sprintf(tmpbuf, CNTLISTFILE, searchdir);

+ snprintf(tmpbuf, sizeof(tmpbuf), CNTLISTFILE, searchdir);

cntlistfp = fopen(tmpbuf, "r");

/* This file doesn't have to be present. No error is reported if the

open fails. */

- sprintf(tmpbuf, KEYIDXFILE, searchdir);

+ snprintf(tmpbuf, sizeof(tmpbuf), KEYIDXFILE, searchdir);

keyindexfp = fopen(tmpbuf, "r");

- sprintf(tmpbuf, REVKEYIDXFILE, searchdir);

+ snprintf(tmpbuf, sizeof(tmpbuf), REVKEYIDXFILE, searchdir);

revkeyindexfp = fopen(tmpbuf, "r");

- sprintf(tmpbuf, VRBSENTFILE, searchdir);

+ snprintf(tmpbuf, sizeof(tmpbuf), VRBSENTFILE, searchdir);

if ((vsentfilefp = fopen(tmpbuf, "r")) == NULL) {

- sprintf(msgbuf,

+ snprintf(msgbuf, sizeof(msgbuf),

"WordNet library warning: Can't open verb example sentence file(%s)\n",

tmpbuf);

display_message(msgbuf);

}

- sprintf(tmpbuf, VRBIDXFILE, searchdir);

+ snprintf(tmpbuf, sizeof(tmpbuf), VRBIDXFILE, searchdir);

if ((vidxfilefp = fopen(tmpbuf, "r")) == NULL) {

- sprintf(msgbuf,

+ snprintf(msgbuf, sizeof(msgbuf),

"WordNet library warning: Can't open verb example sentence index file(%s)\n",

tmpbuf);

display_message(msgbuf);

Index: wordnet-3.0/src/wn.c

===================================================================

--- wordnet-3.0.orig/src/wn.c 2013-02-19 16:03:01.698031603 +0800

+++ wordnet-3.0/src/wn.c 2013-02-19 16:03:01.690031603 +0800

@@ -131,7 +131,7 @@

printsearches(char *, int, unsigned long);

static int error_message(char *);

-main(int argc,char *argv[])

+int main(int argc,char *argv[])

{

display_message = error_message;

@@ -228,14 +228,14 @@

printf("\n%s of %s %s\n%s",

label, partnames[pos], searchword, outbuf);

- if (morphword = morphstr(searchword, pos))

+ if ((morphword = morphstr(searchword, pos)) != NULL)

do {

outbuf = findtheinfo(morphword, pos, search, whichsense);

totsenses += wnresults.printcnt;

if (strlen(outbuf) > 0)

printf("\n%s of %s %s\n%s",

label, partnames[pos], morphword, outbuf);

- } while (morphword = morphstr(NULL, pos));

+ } while ((morphword = morphstr(NULL, pos)) != NULL);

return(totsenses);

}