From fa0fd8214f9db72413738686b81bb8a0576528c2 Mon Sep 17 00:00:00 2001
From: Stefan Schmidt <s.schmidt@samsung.com>
Date: Tue, 25 Feb 2020 11:20:21 +0100
Subject: [PATCH] exactness: player: allow space for the terminating null

Allocate extra space for the terminating null byte and / of the string.
Switch to snprintf() as well.

CID: 1419863

Reviewed-by: Mike Blumenkrantz <michael.blumenkrantz@gmail.com>
Differential Revision: https://phab.enlightenment.org/D11410
---
 src/bin/exactness/player.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/bin/exactness/player.c b/src/bin/exactness/player.c
index 13de9bffe3..048232e537 100644
--- a/src/bin/exactness/player.c
+++ b/src/bin/exactness/player.c
@@ -1004,8 +1004,9 @@ _old_shots_rm_cb(const char *name, const char *path, void *data)
    unsigned int len = strlen(prefix);
    if (!strncmp(name, prefix, len) && (strlen(name) > len) && (name[len] == SHOT_DELIMITER))
      {
-        char *buf = alloca(strlen(path) + strlen(name));
-        sprintf(buf, "%s/%s", path, name);
+        unsigned int length = strlen(path) + strlen(name) + 2;
+        char *buf = alloca(length);
+        snprintf(buf, length, "%s/%s", path, name);
         if (unlink(buf))
           {
              printf("Failed deleting '%s/%s': ", path, name);