People: Fix buffer overflow in string handling.

Also move some variable declarations closer to their usages. Fixes #18618.
2023-10-23 22:14:58 -04:00 · 2023-10-23 22:14:58 -04:00 · 5c040b731c
commit 5c040b731c
parent de9f473cda
1 changed files with 9 additions and 11 deletions
--- a/src/apps/people/PersonWindow.cpp
+++ b/src/apps/people/PersonWindow.cpp
@ -167,12 +167,6 @@ PersonWindow::MenusBeginning()
 void
 PersonWindow::MessageReceived(BMessage* msg)
 {
 	char			str[256];
 	BDirectory		directory;
 	BEntry			entry;
 	BFile			file;
 	BNodeInfo		*node;
 	switch (msg->what) {
 		case M_SAVE:
 			if (!fRef) {
@ -206,23 +200,27 @@ PersonWindow::MessageReceived(BMessage* msg)
 			if (msg->FindRef("directory", &dir) == B_OK) {
 				const char* name = NULL;
 				msg->FindString("name", &name);
 				BDirectory directory;
 				directory.SetTo(&dir);
 				if (directory.InitCheck() == B_NO_ERROR) {
 					BFile file;
 					directory.CreateFile(name, &file);
 					if (file.InitCheck() == B_NO_ERROR) {
-						node = new BNodeInfo(&file);
+						BNodeInfo* node = new BNodeInfo(&file);
 						node->SetType("application/x-person");
 						delete node;
 						BEntry entry;
 						directory.FindEntry(name, &entry);
 						entry.GetRef(&dir);
 						_SetToRef(new entry_ref(dir));
 						SetTitle(fRef->name);
 						fView->CreateFile(fRef);
-					}
+					} else {
-					else {
+						BString str;
-						sprintf(str, B_TRANSLATE("Could not create %s."), name);
+						str.SetToFormat(B_TRANSLATE("Could not create %s."), name);
-						BAlert* alert = new BAlert("", str, B_TRANSLATE("Sorry"));
+						BAlert* alert = new BAlert("", str.String(), B_TRANSLATE("Sorry"));
 						alert->SetFlags(alert->Flags() | B_CLOSE_ON_ESCAPE);
 						alert->Go();
 					}