Security review: check results of snprintf.

Calls marked with xSnprintf shouldn't fail.
Abort program cleanly if any of them does.

linux/Battery.c

@@ -56,7 +56,7 @@ static unsigned long int parseBatInfo(const char *fileName, const unsigned short
    unsigned long int total = 0;
    for (unsigned int i = 0; i < nBatteries; i++) {
       char infoPath[30];
-      snprintf(infoPath, sizeof infoPath, "%s%s/%s", batteryPath, batteries[i], fileName);
+      xSnprintf(infoPath, sizeof infoPath, "%s%s/%s", batteryPath, batteries[i], fileName);
 
       FILE* file = fopen(infoPath, "r");
       if (!file) {
@@ -106,7 +106,7 @@ static ACPresence procAcpiCheck() {
          continue;
 
       char statePath[50];
-      snprintf((char *) statePath, sizeof statePath, "%s/%s/state", power_supplyPath, entryName);
+      xSnprintf((char *) statePath, sizeof statePath, "%s/%s/state", power_supplyPath, entryName);
       FILE* file = fopen(statePath, "r");
 
       if (!file) {
@@ -196,7 +196,7 @@ static void Battery_getSysData(double* level, ACPresence* isOnAC) {
 
       if (entryName[0] == 'B' && entryName[1] == 'A' && entryName[2] == 'T') {
          
-         snprintf((char *) filePath, sizeof filePath, SYS_POWERSUPPLY_DIR "/%s/uevent", entryName);
+         xSnprintf((char *) filePath, sizeof filePath, SYS_POWERSUPPLY_DIR "/%s/uevent", entryName);
          int fd = open(filePath, O_RDONLY);
          if (fd == -1) {
             closedir(dir);
@@ -249,7 +249,7 @@ static void Battery_getSysData(double* level, ACPresence* isOnAC) {
             continue;
          }
       
-         snprintf((char *) filePath, sizeof filePath, SYS_POWERSUPPLY_DIR "/%s/online", entryName);
+         xSnprintf((char *) filePath, sizeof filePath, SYS_POWERSUPPLY_DIR "/%s/online", entryName);
          int fd = open(filePath, O_RDONLY);
          if (fd == -1) {
             closedir(dir);

linux/IOPriorityPanel.c

@@ -27,7 +27,7 @@ Panel* IOPriorityPanel_new(IOPriority currPrio) {
    for (int c = 0; classes[c].name; c++) {
       for (int i = 0; i < 8; i++) {
          char name[50];
-         snprintf(name, sizeof(name)-1, "%s %d %s", classes[c].name, i, i == 0 ? "(High)" : (i == 7 ? "(Low)" : ""));
+         xSnprintf(name, sizeof(name)-1, "%s %d %s", classes[c].name, i, i == 0 ? "(High)" : (i == 7 ? "(Low)" : ""));
          IOPriority ioprio = IOPriority_tuple(classes[c].klass, i);
          Panel_add(this, (Object*) ListItem_new(name, ioprio));
          if (currPrio == ioprio) Panel_setSelected(this, Panel_size(this) - 1);

linux/LinuxProcess.c

@@ -296,10 +296,10 @@ void LinuxProcess_writeField(Process* this, RichString* str, ProcessField field)
    switch ((int)field) {
    case TTY_NR: {
       if (lp->ttyDevice) {
-         snprintf(buffer, n, "%-9s", lp->ttyDevice + 5 /* skip "/dev/" */);
+         xSnprintf(buffer, n, "%-9s", lp->ttyDevice + 5 /* skip "/dev/" */);
       } else {
          attr = CRT_colors[PROCESS_SHADOW];
-         snprintf(buffer, n, "?        ");
+         xSnprintf(buffer, n, "?        ");
       }
       break;
    }
@@ -332,31 +332,31 @@ void LinuxProcess_writeField(Process* this, RichString* str, ProcessField field)
    }
    #endif
    #ifdef HAVE_OPENVZ
-   case CTID: snprintf(buffer, n, "%7u ", lp->ctid); break;
-   case VPID: snprintf(buffer, n, Process_pidFormat, lp->vpid); break;
+   case CTID: xSnprintf(buffer, n, "%7u ", lp->ctid); break;
+   case VPID: xSnprintf(buffer, n, Process_pidFormat, lp->vpid); break;
    #endif
    #ifdef HAVE_VSERVER
-   case VXID: snprintf(buffer, n, "%5u ", lp->vxid); break;
+   case VXID: xSnprintf(buffer, n, "%5u ", lp->vxid); break;
    #endif
    #ifdef HAVE_CGROUP
-   case CGROUP: snprintf(buffer, n, "%-10s ", lp->cgroup); break;
+   case CGROUP: xSnprintf(buffer, n, "%-10s ", lp->cgroup); break;
    #endif
-   case OOM: snprintf(buffer, n, Process_pidFormat, lp->oom); break;
+   case OOM: xSnprintf(buffer, n, Process_pidFormat, lp->oom); break;
    case IO_PRIORITY: {
       int klass = IOPriority_class(lp->ioPriority);
       if (klass == IOPRIO_CLASS_NONE) {
          // see note [1] above
-         snprintf(buffer, n, "B%1d ", (int) (this->nice + 20) / 5);
+         xSnprintf(buffer, n, "B%1d ", (int) (this->nice + 20) / 5);
       } else if (klass == IOPRIO_CLASS_BE) {
-         snprintf(buffer, n, "B%1d ", IOPriority_data(lp->ioPriority));
+         xSnprintf(buffer, n, "B%1d ", IOPriority_data(lp->ioPriority));
       } else if (klass == IOPRIO_CLASS_RT) {
          attr = CRT_colors[PROCESS_HIGH_PRIORITY];
-         snprintf(buffer, n, "R%1d ", IOPriority_data(lp->ioPriority));
+         xSnprintf(buffer, n, "R%1d ", IOPriority_data(lp->ioPriority));
       } else if (klass == IOPRIO_CLASS_IDLE) {
          attr = CRT_colors[PROCESS_LOW_PRIORITY]; 
-         snprintf(buffer, n, "id ");
+         xSnprintf(buffer, n, "id ");
       } else {
-         snprintf(buffer, n, "?? ");
+         xSnprintf(buffer, n, "?? ");
       }
       break;
    }

linux/LinuxProcessList.c

@@ -248,7 +248,7 @@ static inline unsigned long long LinuxProcess_adjustTime(unsigned long long t) {
 static bool LinuxProcessList_readStatFile(Process *process, const char* dirname, const char* name, char* command, int* commLen) {
    LinuxProcess* lp = (LinuxProcess*) process;
    char filename[MAX_NAME+1];
-   snprintf(filename, MAX_NAME, "%s/%s/stat", dirname, name);
+   xSnprintf(filename, MAX_NAME, "%s/%s/stat", dirname, name);
    int fd = open(filename, O_RDONLY);
    if (fd == -1)
       return false;
@@ -326,7 +326,7 @@ static bool LinuxProcessList_statProcessDir(Process* process, const char* dirnam
    char filename[MAX_NAME+1];
    filename[MAX_NAME] = '\0';
 
-   snprintf(filename, MAX_NAME, "%s/%s", dirname, name);
+   xSnprintf(filename, MAX_NAME, "%s/%s", dirname, name);
    struct stat sstat;
    int statok = stat(filename, &sstat);
    if (statok == -1)
@@ -348,7 +348,7 @@ static void LinuxProcessList_readIoFile(LinuxProcess* process, const char* dirna
    char filename[MAX_NAME+1];
    filename[MAX_NAME] = '\0';
 
-   snprintf(filename, MAX_NAME, "%s/%s/io", dirname, name);
+   xSnprintf(filename, MAX_NAME, "%s/%s/io", dirname, name);
    int fd = open(filename, O_RDONLY);
    if (fd == -1) {
       process->io_rate_read_bps = -1;
@@ -417,7 +417,7 @@ static void LinuxProcessList_readIoFile(LinuxProcess* process, const char* dirna
 
 static bool LinuxProcessList_readStatmFile(LinuxProcess* process, const char* dirname, const char* name) {
    char filename[MAX_NAME+1];
-   snprintf(filename, MAX_NAME, "%s/%s/statm", dirname, name);
+   xSnprintf(filename, MAX_NAME, "%s/%s/statm", dirname, name);
    int fd = open(filename, O_RDONLY);
    if (fd == -1)
       return false;
@@ -447,7 +447,7 @@ static void LinuxProcessList_readOpenVZData(LinuxProcess* process, const char* d
       return;
    }
    char filename[MAX_NAME+1];
-   snprintf(filename, MAX_NAME, "%s/%s/stat", dirname, name);
+   xSnprintf(filename, MAX_NAME, "%s/%s/stat", dirname, name);
    FILE* file = fopen(filename, "r");
    if (!file)
       return;
@@ -470,7 +470,7 @@ static void LinuxProcessList_readOpenVZData(LinuxProcess* process, const char* d
 
 static void LinuxProcessList_readCGroupFile(LinuxProcess* process, const char* dirname, const char* name) {
    char filename[MAX_NAME+1];
-   snprintf(filename, MAX_NAME, "%s/%s/cgroup", dirname, name);
+   xSnprintf(filename, MAX_NAME, "%s/%s/cgroup", dirname, name);
    FILE* file = fopen(filename, "r");
    if (!file) {
       process->cgroup = xStrdup("");
@@ -491,7 +491,7 @@ static void LinuxProcessList_readCGroupFile(LinuxProcess* process, const char* d
          at++;
          left--;
       }
-      int wrote = snprintf(at, left, "%s", group);
+      int wrote = xSnprintf(at, left, "%s", group);
       left -= wrote;
    }
    fclose(file);
@@ -505,7 +505,7 @@ static void LinuxProcessList_readCGroupFile(LinuxProcess* process, const char* d
 
 static void LinuxProcessList_readVServerData(LinuxProcess* process, const char* dirname, const char* name) {
    char filename[MAX_NAME+1];
-   snprintf(filename, MAX_NAME, "%s/%s/status", dirname, name);
+   xSnprintf(filename, MAX_NAME, "%s/%s/status", dirname, name);
    FILE* file = fopen(filename, "r");
    if (!file)
       return;
@@ -536,7 +536,7 @@ static void LinuxProcessList_readVServerData(LinuxProcess* process, const char*
 
 static void LinuxProcessList_readOomData(LinuxProcess* process, const char* dirname, const char* name) {
    char filename[MAX_NAME+1];
-   snprintf(filename, MAX_NAME, "%s/%s/oom_score", dirname, name);
+   xSnprintf(filename, MAX_NAME, "%s/%s/oom_score", dirname, name);
    FILE* file = fopen(filename, "r");
    if (!file) {
       return;
@@ -567,7 +567,7 @@ static bool LinuxProcessList_readCmdlineFile(Process* process, const char* dirna
       return true;
 
    char filename[MAX_NAME+1];
-   snprintf(filename, MAX_NAME, "%s/%s/cmdline", dirname, name);
+   xSnprintf(filename, MAX_NAME, "%s/%s/cmdline", dirname, name);
    int fd = open(filename, O_RDONLY);
    if (fd == -1)
       return false;
@@ -688,7 +688,7 @@ static bool LinuxProcessList_recurseProcTree(LinuxProcessList* this, const char*
       LinuxProcess* lp = (LinuxProcess*) proc;
 
       char subdirname[MAX_NAME+1];
-      snprintf(subdirname, MAX_NAME, "%s/%s/task", dirname, name);
+      xSnprintf(subdirname, MAX_NAME, "%s/%s/task", dirname, name);
       LinuxProcessList_recurseProcTree(this, subdirname, proc, period, tv);
 
       #ifdef HAVE_TASKSTATS

linux/Platform.c

@@ -215,7 +215,7 @@ void Platform_setSwapValues(Meter* this) {
 
 char* Platform_getProcessEnv(pid_t pid) {
    char procname[32+1];
-   snprintf(procname, 32, "/proc/%d/environ", pid);
+   xSnprintf(procname, 32, "/proc/%d/environ", pid);
    FILE* fd = fopen(procname, "r");
    char *env = NULL;
    if (fd) {