Switched away from sprintf, which is prone to buffer overflows.

Most reasonable platforms have this function. If you're here because this broke the build for you, consider adding an ifdef for your platform and using sprintf there (but not on other platforms).
charpty · Aug 6, 2013 · 42d918b · 42d918b
1 parent 700b380
commit 42d918b
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/lib_json/json_reader.cpp b/src/lib_json/json_reader.cpp
@@ -868,7 +868,7 @@ Reader::getLocationLineAndColumn( Location location ) const
    int line, column;
    getLocationLineAndColumn( location, line, column );
    char buffer[18+16+16+1];
-   sprintf( buffer, "Line %d, Column %d", line, column );
+   snprintf(buffer, sizeof(buffer), "Line %d, Column %d", line, column);
    return buffer;
 }
 

diff --git a/src/lib_json/json_writer.cpp b/src/lib_json/json_writer.cpp
@@ -77,7 +77,7 @@ std::string valueToString( double value )
 #if defined(_MSC_VER) && defined(__STDC_SECURE_LIB__) // Use secure version with visual studio 2005 to avoid warning. 
    sprintf_s(buffer, sizeof(buffer), "%#.16g", value); 
 #else	
-   sprintf(buffer, "%#.16g", value); 
+   snprintf(buffer, sizeof(buffer), "%#.16g", value);
 #endif
    char* ch = buffer + strlen(buffer) - 1;
    if (*ch != '0') return buffer; // nothing to truncate, so save time