[cfe-dev] sprintf -> snprintf conversion

Mon Oct 25 10:34:51 PDT 2010

On 10:27 Mon 25 Oct, Eli Friedman wrote:
> On Mon, Oct 25, 2010 at 1:00 AM, Vladimir Kirillov <proger at uaoug.org.ua> wrote:
> > Hello, cfe-dev!
> >
> > I'm using LLVM/Clang on OpenBSD. This project proactively advocates
> > usage of 'secure' C apis, especially related to memory bounds
> > checking. Thus using functions like sprintf/strcpy/etc usually spits
> > out a linker warning in base toolchain:
> >
> > /home/proger/dev/llvm/Debug+Asserts/lib/libclangFrontend.a(DocumentXML.o)(.text+0xc65): In function `clang::DocumentXML::escapeString(char const*, unsigned long)':
> > /home/proger/dev/llvm/tools/clang/lib/Frontend/DocumentXML.cpp:107: warning: sprintf() is often misused, please use snprintf()
> >
> > I've done some conversions from sprintf to snprintf, please commit those.
> >
> > Thanks!
> 
> Please send that patch to llvmdev, since it doesn't appear to touch
> any clang-specific code.
> 
> -Eli

Actually, it does. I'm reattaching the diff without the llvm bits.
However, thanks for your hint, I'll do it in a moment.
-------------- next part --------------
Index: tools/clang/lib/Lex/PPMacroExpansion.cpp
===================================================================

--- tools/clang/lib/Lex/PPMacroExpansion.cpp	(revision 117247)
+++ tools/clang/lib/Lex/PPMacroExpansion.cpp	(working copy)
@@ -482,8 +482,8 @@
     "Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"
   };
 
-  char TmpBuffer[100];
-  sprintf(TmpBuffer, "\"%s %2d %4d\"", Months[TM->tm_mon], TM->tm_mday,
+  char TmpBuffer[32];
+  snprintf(TmpBuffer, sizeof(TmpBuffer), "\"%s %2d %4d\"", Months[TM->tm_mon], TM->tm_mday,
           TM->tm_year+1900);
 
   Token TmpTok;
@@ -491,7 +491,7 @@
   PP.CreateString(TmpBuffer, strlen(TmpBuffer), TmpTok);
   DATELoc = TmpTok.getLocation();
 
-  sprintf(TmpBuffer, "\"%02d:%02d:%02d\"", TM->tm_hour, TM->tm_min, TM->tm_sec);
+  snprintf(TmpBuffer, sizeof(TmpBuffer), "\"%02d:%02d:%02d\"", TM->tm_hour, TM->tm_min, TM->tm_sec);
   PP.CreateString(TmpBuffer, strlen(TmpBuffer), TmpTok);
   TIMELoc = TmpTok.getLocation();
 }
Index: tools/clang/lib/Frontend/DocumentXML.cpp
===================================================================
--- tools/clang/lib/Frontend/DocumentXML.cpp    (revision 117247)
+++ tools/clang/lib/Frontend/DocumentXML.cpp    (working copy)
@@ -104,7 +104,7 @@
       if (isprint(C))
         value += C;
       else {
-        sprintf(buffer, "\\%03o", C);
+        snprintf(buffer, sizeof(buffer), "\\%03o", C);
         value += buffer;
       }
       break;

