ppd-ipp.c: Use correct number of items to prevent buffer overflow

The array members are strings, so we can get correct number of times by
dividing the array size by char* size.

debug.c: Protect against possible format string attack

ppd-collection.cxx: Use intmax_t for printing time_t var

Author: zdohnal

ppd/debug.c

@@ -257,7 +257,7 @@ _ppd_debug_set(const char *logfile,	// I - Log file or NULL
     {
       char	buffer[1024];		// Filename buffer
 
-      snprintf(buffer, sizeof(buffer), logfile, getpid());
+      snprintf(buffer, sizeof(buffer), "%s-%d", logfile, (int)getpid());
 
       if (buffer[0] == '+')
 	_ppd_debug_fd = open(buffer + 1, O_WRONLY | O_APPEND | O_CREAT, 0644);

ppd/ppd-collection.cxx

@@ -848,9 +848,9 @@ ppdCollectionDumpCache(const char *filename,	// I - Filename
   for (ppd = (ppd_info_t *)cupsArrayGetFirst(ppdlist.PPDsByName);
        ppd;
        ppd = (ppd_info_t *)cupsArrayGetNext(ppdlist.PPDsByName))
-    printf("%d,%ld,%d,%d,\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\","
+    printf("%jd,%ld,%d,%d,\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\",\"%s\","
            "\"%s\",\"%s\"\n",
-           (int)ppd->record.mtime, (long)ppd->record.size,
+           (intmax_t)ppd->record.mtime, (long)ppd->record.size,
 	   ppd->record.model_number, ppd->record.type, ppd->record.filename,
 	   ppd->record.name, ppd->record.languages[0], ppd->record.products[0],
 	   ppd->record.psversions[0], ppd->record.make,

ppd/ppd-ipp.c

@@ -1321,7 +1321,8 @@ ppdLoadAttributes(
        (ppd_option = ppdFindOption(ppd, "print-rendering-intent")) != NULL) &&
       ppd_option->num_choices > 0)
   {
-    for (i = 0; i < ppd_option->num_choices && i < sizeof(items); i ++)
+    num_items = sizeof(items)/sizeof(char*);
+    for (i = 0; i < ppd_option->num_choices && i < num_items; i ++)
       items[i] = ppd_option->choices[i].choice;
     ippAddStrings(attrs, IPP_TAG_PRINTER, IPP_TAG_KEYWORD,
 		  "print-rendering-intent-supported", i, NULL, items);