File fix4bug1240327.patch of Package gnuplot.38691

commit b78cc829a18e9436daaa859c96f3970157f3171e
Author: Ethan A Merritt <merritt@u.washington.edu>
Date:   Tue Jan 14 21:23:19 2025 -0800

    use snprintf to protect against garbage user-supplied mouse format
    
    Bug 2754

---
 src/mouse.c |   21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

--- src/mouse.c
+++ src/mouse.c	2025-05-14 07:50:08.553080484 +0000
@@ -185,7 +185,7 @@ static void alert __PROTO((void));
 static void MousePosToGraphPosReal __PROTO((int xx, int yy, double *x, double *y, double *x2, double *y2));
 static char *xy_format __PROTO((void));
 static char *zoombox_format __PROTO((void));
-static char *GetAnnotateString __PROTO((char *s, double x, double y, int mode, char *fmt));
+static char *GetAnnotateString __PROTO((char *s, size_t len, double x, double y, int mode, char *fmt));
 static char *xDateTimeFormat __PROTO((double x, char *b, int mode));
 static void GetRulerString __PROTO((char *p, double x, double y));
 static void apply_zoom __PROTO((struct t_zoom * z));
@@ -394,7 +394,7 @@ zoombox_format()
 /* formats the information for an annotation (middle mouse button clicked)
  */
 static char *
-GetAnnotateString(char *s, double x, double y, int mode, char *fmt)
+GetAnnotateString(char *s, size_t len, double x, double y, int mode, char *fmt)
 {
     if (mode == MOUSE_COORDINATES_XDATE || mode == MOUSE_COORDINATES_XTIME || mode == MOUSE_COORDINATES_XDATETIME || mode == MOUSE_COORDINATES_TIMEFMT) {	/* time is on the x axis */
 	char buf[0xff];
@@ -435,17 +435,18 @@ GetAnnotateString(char *s, double x, dou
 	    else
 		r = x/cos(phi) + rmin;
 	    if (fmt)
-		sprintf(s, fmt, phi/ang2rad, r);
+		snprintf(s, len, fmt, phi/ang2rad, r);
 	    else {
 		sprintf(s, "polar: ");
 		s += strlen(s);
-		sprintf(s, xy_format(), phi/ang2rad, r);
+                len -= strlen(s);
+		snprintf(s, len, xy_format(), phi/ang2rad, r);
 	    }
 	} else {
-	    sprintf(s, fmt, x, y);	/* user defined format */
+	    snprintf(s, len, fmt, x, y);	/* user defined format */
 	}
     } else {
-	sprintf(s, xy_format(), x, y);	/* usual x,y values */
+	snprintf(s, len, xy_format(), x, y);	/* usual x,y values */
     }
     return s + strlen(s);
 }
@@ -830,10 +831,10 @@ UpdateStatuslineWithMouseSetting(mouse_s
 	strcat(format, ms->fmt);
 	strcat(format, ", ");
 	strcat(format, ms->fmt);
-	sprintf(s0, format, surface_rot_x, surface_rot_z, surface_scale, surface_zscale);
+	snprintf(s0, 255, format, surface_rot_x, surface_rot_z, surface_scale, surface_zscale);
     } else if (!TICS_ON(axis_array[SECOND_X_AXIS].ticmode) && !TICS_ON(axis_array[SECOND_Y_AXIS].ticmode)) {
 	/* only first X and Y axis are in use */
-	sp = GetAnnotateString(s0, real_x, real_y, mouse_mode, mouse_alt_string);
+	sp = GetAnnotateString(s0, 255, real_x, real_y, mouse_mode, mouse_alt_string);
 	if (ruler.on) {
 	    GetRulerString(sp, real_x, real_y);
 	}
@@ -1775,7 +1776,7 @@ event_buttonrelease(struct gp_event_t *g
 	     * only place, if the user didn't drag (rotate) the plot */
 
 	    if (!is_3d_plot || !motion) {
-		GetAnnotateString(s0, real_x, real_y, clipboard_mode, clipboard_alt_string);
+		GetAnnotateString(s0, 255, real_x, real_y, clipboard_mode, clipboard_alt_string);
 		term->set_clipboard(s0);
 		if (display_ipc_commands()) {
 		    fprintf(stderr, "put `%s' to clipboard.\n", s0);
@@ -1789,7 +1790,7 @@ event_buttonrelease(struct gp_event_t *g
 
 	    if (!is_3d_plot || !motion) {
 
-		GetAnnotateString(s0, real_x, real_y, mouse_mode, mouse_alt_string);
+		GetAnnotateString(s0, 255, real_x, real_y, mouse_mode, mouse_alt_string);
 		if (mouse_setting.label) {
 		    if (modifier_mask & Mod_Ctrl) {
 			remove_label(mouse_x, mouse_y);