security fix: replaced sprintf with snprintf

[xboard.git] / winboard / help.c

diff --git a/winboard/help.c b/winboard/help.c
index 228e493..b114497 100644 (file)
--- a/winboard/help.c
+++ b/winboard/help.c
@@ -60,7 +60,7 @@ HtmlHelp( HWND hwnd, LPCSTR helpFile, UINT action, DWORD_PTR data )
        siStartInfo.hStdOutput = NULL;\r
        siStartInfo.hStdError = debugFP;\r
 \r
-       sprintf(buf, "Hh.exe %s", helpFile);\r
+       snprintf(buf, sizeof(buf)/sizeof(buf[0]),"Hh.exe %s", helpFile);\r
 \r
        // ignore the other parameters; just start the viewer with the help file\r
        if(  CreateProcess(NULL,\r