From c722e4fe09bc3f20f2f4ae9b5c433c0f945b6ba7 Mon Sep 17 00:00:00 2001
From: Fred Gleason <fredg@paraelsystems.com>
Date: Mon, 23 Jul 2018 17:39:03 +0000
Subject: [PATCH] 2018-07-23 Fred Gleason <fredg@paravelsystems.com> 	*
 Fixed a buffer overflow vulnerability in the 'RDWaveFile' class.

---
 ChangeLog          | 2 ++
 lib/rdwavefile.cpp | 6 ++----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c19a7d59..8f64ca9a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -17212,3 +17212,5 @@
 	* Cleaned up CDDA calls to ensure UTF-8 compatibility.
 2018-07-23 Fred Gleason <fredg@paravelsystems.com>
 	* Cleaned up RDConf calls to ensure UTF-8 compatibility.
+2018-07-23 Fred Gleason <fredg@paravelsystems.com>
+	* Fixed a buffer overflow vulnerability in the 'RDWaveFile' class.
diff --git a/lib/rdwavefile.cpp b/lib/rdwavefile.cpp
index 0df50dcd..ee6fa87f 100644
--- a/lib/rdwavefile.cpp
+++ b/lib/rdwavefile.cpp
@@ -4220,10 +4220,8 @@ bool RDWaveFile::MakeCart(unsigned ptr_offset)
 	  cart_end_time.hour(),
 	  cart_end_time.minute(),
 	  cart_end_time.second());
-  sprintf((char *)cart_chunk_data+488,"%s",
-	  (const char *)PACKAGE);
-  sprintf((char *)cart_chunk_data+552,"%s",
-	  (const char *)VERSION);
+  snprintf((char *)cart_chunk_data+488,64,"%s",PACKAGE);
+  snprintf((char *)cart_chunk_data+552,64,"%s",VERSION);
   if(!cart_user_def.isEmpty()) {
     sprintf((char *)cart_chunk_data+616,"%s",
 	    (const char *)cart_user_def.left(64));