CCBC-1596: replace unsafe sprintf with snprintf

avsej · avsej · commit d2e3e76e2abf · 2023-04-27T11:47:17.000Z
Change-Id: I26ecf01764cb8870456bef8c7666dfe262a9951d Reviewed-on: https://review.couchbase.org/c/libcouchbase/+/190187 Tested-by: Build Bot <build@couchbase.com> Reviewed-by: Trond Norbye <trond.norbye@couchbase.com>
diff --git a/contrib/cJSON/cJSON.c b/contrib/cJSON/cJSON.c
@@ -270,15 +270,15 @@ static char *print_number(cJSON *item)
     double d = item->valuedouble;
     if (fabs(((double)item->valueint) - d) <= DBL_EPSILON && d <= INT_MAX && d >= INT_MIN) {
         str = (char *)cJSON_malloc(21); /* 2^64+1 can be represented in 21 chars. */
-        sprintf(str, "%" PRId64, item->valueint);
+        snprintf(str, 21, "%" PRId64, item->valueint);
     } else {
         str = (char *)cJSON_malloc(64); /* This is a nice tradeoff. */
         if (fabs(floor(d) - d) <= DBL_EPSILON)
-            sprintf(str, "%.0f", d);
+            snprintf(str, 64, "%.0f", d);
         else if (fabs(d) < 1.0e-6 || fabs(d) > 1.0e9)
-            sprintf(str, "%e", d);
+            snprintf(str, 64, "%e", d);
         else
-            sprintf(str, "%f", d);
+            snprintf(str, 64, "%f", d);
     }
     return str;
 }
diff --git a/contrib/cliopts/cliopts.c b/contrib/cliopts/cliopts.c
@@ -539,22 +539,31 @@ parse_option(struct cliopts_priv *ctx,
     return WANT_VALUE;
 }
 
+static size_t bytes_left(const char *buf, size_t capacity)
+{
+    size_t len = strlen(buf);
+    if (len >= capacity - 1) {
+        return 0;
+    }
+    return capacity - len;
+}
+
 static char *
-get_option_name(cliopts_entry *entry, char *buf)
+get_option_name(cliopts_entry *entry, char *buf, size_t capacity)
 {
     /* [-s,--option] */
     char *bufp = buf;
-    bufp += sprintf(buf, "[");
+    bufp += snprintf(buf, bytes_left(buf, capacity), "[");
     if (entry->kshort) {
-        bufp += sprintf(bufp, "-%c", entry->kshort);
+        bufp += snprintf(bufp, bytes_left(buf, capacity), "-%c", entry->kshort);
     }
     if (entry->klong) {
         if (entry->kshort) {
-            bufp += sprintf(bufp, ",");
+            bufp += snprintf(bufp, bytes_left(buf, capacity), ",");
         }
-        bufp += sprintf(bufp, "--%s", entry->klong);
+        bufp += snprintf(bufp, bytes_left(buf, capacity), "--%s", entry->klong);
     }
-    sprintf(bufp, "]");
+    snprintf(bufp, bytes_left(buf, capacity), "]");
     return buf;
 }
 
@@ -576,12 +585,12 @@ static int get_terminal_width(void)
 
 static char*
 format_option_help(cliopts_entry *entry,
-                   char *buf,
+                   char *buf, size_t capacity,
                    struct cliopts_extra_settings *settings)
 {
     char *bufp = buf;
     if (entry->kshort) {
-        bufp += sprintf(bufp, " -%c ", entry->kshort);
+        bufp += snprintf(bufp, bytes_left(buf, capacity), " -%c ", entry->kshort);
     }
 
 #define _advance_margin(offset) \
@@ -595,11 +604,11 @@ format_option_help(cliopts_entry *entry,
     _advance_margin(4)
 
     if (entry->klong) {
-        bufp += sprintf(bufp, " --%s ", entry->klong);
+        bufp += snprintf(bufp, bytes_left(buf, capacity), " --%s ", entry->klong);
     }
 
     if (entry->vdesc) {
-        bufp += sprintf(bufp, " <%s> ", entry->vdesc);
+        bufp += snprintf(bufp, bytes_left(buf, capacity), " <%s> ", entry->vdesc);
     }
 
     _advance_margin(35)
@@ -664,7 +673,7 @@ print_help(struct cliopts_priv *ctx, struct cliopts_extra_settings *settings)
         }
 
         memset(helpbuf, 0, sizeof(helpbuf));
-        format_option_help(cur, helpbuf, settings);
+        format_option_help(cur, helpbuf, sizeof(helpbuf), settings);
         fprintf(stderr, INDENT "%s", helpbuf);
 
 
@@ -728,7 +737,7 @@ print_help(struct cliopts_priv *ctx, struct cliopts_extra_settings *settings)
     }
     memset(helpbuf, 0, sizeof(helpbuf));
     fprintf(stderr, INDENT "%s\n",
-            format_option_help(&helpent, helpbuf, settings));
+            format_option_help(&helpent, helpbuf, sizeof(helpbuf), settings));
 
 }
 
@@ -747,7 +756,7 @@ dump_error(struct cliopts_priv *ctx)
     } else if (ctx->errnum == CLIOPTS_ERR_ISSWITCH) {
         char optbuf[64] = { 0 };
         fprintf(stderr, "Option %s takes no arguments",
-                get_option_name(ctx->prev, optbuf));
+                get_option_name(ctx->prev, optbuf, sizeof(optbuf)));
     }
     fprintf(stderr, "\n");
 
@@ -865,7 +874,7 @@ cliopts_parse_options(cliopts_entry *entries,
             }
 
             fprintf(stderr, "Required option %s missing\n",
-                    get_option_name(cur_ent, entbuf));
+                    get_option_name(cur_ent, entbuf, sizeof(entbuf)));
         }
     }
 
diff --git a/example/db/vb.c b/example/db/vb.c
@@ -223,8 +223,8 @@ int main(int argc, char *argv[])
         char design_path[64] = {0};
         char doc[256] = {0};
         lcb_CMDHTTP *cmd;
-        sprintf(design_path, "_design/%s", design);
-        sprintf(doc, "{\"views\":{\"all\":{\"map\":\"function(doc,meta){if(meta.id=='%s'){emit(meta.id)}}\"}}}", key);
+        snprintf(design_path, sizeof(design_path), "_design/%s", design);
+        snprintf(doc, sizeof(doc), "{\"views\":{\"all\":{\"map\":\"function(doc,meta){if(meta.id=='%s'){emit(meta.id)}}\"}}}", key);
 
         lcb_cmdhttp_create(&cmd, LCB_HTTP_TYPE_VIEW);
         lcb_cmdhttp_path(cmd, design_path, strlen(design_path));
diff --git a/example/subdoc/subdoc-multi.cc b/example/subdoc/subdoc-multi.cc
@@ -144,8 +144,8 @@ int main(int argc, char **argv)
         std::string &val = bufs[(ii * 2) + 1];
         char pbuf[24], vbuf[24];
 
-        sprintf(pbuf, "pth%d", ii);
-        sprintf(vbuf, "\"Value_%d\"", ii);
+        snprintf(pbuf, sizeof(pbuf), "pth%d", ii);
+        snprintf(vbuf, sizeof(vbuf), "\"Value_%d\"", ii);
         path = pbuf;
         val = vbuf;
 
@@ -166,7 +166,7 @@ int main(int argc, char **argv)
     for (int ii = 0; ii < 5; ii++) {
         char pbuf[24];
         std::string &path = bufs[ii];
-        sprintf(pbuf, "pth%d", ii);
+        snprintf(pbuf, sizeof(pbuf), "pth%d", ii);
         path = pbuf;
 
         lcb_subdocspecs_get(specs, ii, 0, path.c_str(), path.size());
diff --git a/src/analytics/analytics_handle.cc b/src/analytics/analytics_handle.cc
@@ -194,7 +194,7 @@ lcb_ANALYTICS_HANDLE_::lcb_ANALYTICS_HANDLE_(lcb_INSTANCE *obj, void *user_cooki
         // Set the default timeout as the server-side query timeout if no
         // other timeout is used.
         char buf[64] = {0};
-        sprintf(buf, "%uus", LCBT_SETTING(obj, analytics_timeout));
+        snprintf(buf, sizeof(buf), "%uus", LCBT_SETTING(obj, analytics_timeout));
         tmoval = buf;
         timeout_ = LCBT_SETTING(obj, analytics_timeout);
     } else if (tmoval.isString()) {
diff --git a/src/config_static.h b/src/config_static.h
@@ -115,6 +115,7 @@
 
 #if defined(_MSC_VER) && _MSC_VER < 1900
 #define snprintf _snprintf
+#define vsnprintf _vsnprintf
 #endif
 
 #define strcasecmp(a, b) _stricmp(a, b)
diff --git a/src/hostlist.cc b/src/hostlist.cc
@@ -142,7 +142,7 @@ lcb_STATUS lcb_host_parse(lcb_host_t *host, const char *spec, int speclen, int d
     if (*port_s) {
         strcpy(host->port, port_s);
     } else {
-        sprintf(host->port, "%d", deflport);
+        snprintf(host->port, sizeof(host->port), "%d", deflport);
     }
     host->ipv6 = ipv6;
 
diff --git a/src/http/http.cc b/src/http/http.cc
@@ -712,7 +712,7 @@ lcb_STATUS Request::setup_inputs(const lcb_CMDHTTP *cmd)
 
     if (!body.empty()) {
         char lenbuf[64];
-        sprintf(lenbuf, "%lu", (unsigned long int)body.size());
+        snprintf(lenbuf, sizeof(lenbuf), "%lu", (unsigned long int)body.size());
         add_header("Content-Length", lenbuf);
         if (cmd->content_type) {
             add_header("Content-Type", cmd->content_type);
diff --git a/src/n1ql/query_handle.cc b/src/n1ql/query_handle.cc
@@ -534,7 +534,7 @@ lcb_QUERY_HANDLE_::lcb_QUERY_HANDLE_(lcb_INSTANCE *obj, void *user_cookie, const
     Json::Value &tmoval = json["timeout"];
     if (tmoval.isNull()) {
         char buf[64] = {0};
-        sprintf(buf, "%uus", timeout);
+        snprintf(buf, sizeof(buf), "%uus", timeout);
         tmoval = buf;
         json["timeout"] = buf;
     } else if (tmoval.isString()) {
diff --git a/src/operations/stats.cc b/src/operations/stats.cc
@@ -187,7 +187,7 @@ lcb_STATUS lcb_stats(lcb_INSTANCE *instance, void *cookie, const lcb_CMDSTATS *c
                 return LCB_ERR_INVALID_ARGUMENT;
             }
         }
-        sprintf(ksbuf, "key %.*s %d", (int)kbuf_in->nbytes, (const char *)kbuf_in->bytes, vbid);
+        snprintf(ksbuf, sizeof(ksbuf), "key %.*s %d", (int)kbuf_in->nbytes, (const char *)kbuf_in->bytes, vbid);
         kbuf_out.contig.nbytes = strlen(ksbuf);
         kbuf_out.contig.bytes = ksbuf;
     } else {
diff --git a/src/strcodecs/strcodecs.h b/src/strcodecs/strcodecs.h
@@ -206,7 +206,7 @@ bool urlencode(Ti first, Ti last, To &o, bool check_encoded = true)
 
             do {
                 char buf[4];
-                sprintf(buf, "%%%02X", static_cast<unsigned char>(*first));
+                snprintf(buf, sizeof(buf), "%%%02X", static_cast<unsigned char>(*first));
                 o.insert(o.end(), &buf[0], &buf[0] + 3);
             } while (--numbytes && ++first != last);
         }
diff --git a/src/vbucket/vbucket.c b/src/vbucket/vbucket.c
@@ -365,7 +365,7 @@ static int build_server_strings(lcbvb_CONFIG *cfg, lcbvb_SERVER *server)
     server->svc.hoststrs[LCBVB_SVCTYPE_DATA] = lcb_strdup(server->authority);
     if (server->viewpath == NULL && server->svc.views && cfg->bname) {
         server->viewpath = malloc(strlen(cfg->bname) + 2);
-        sprintf(server->viewpath, "/%s", cfg->bname);
+        snprintf(server->viewpath, strlen(cfg->bname) + 2, "/%s", cfg->bname);
     }
     if (server->querypath == NULL && server->svc.n1ql) {
         server->querypath = lcb_strdup("/query/service");
@@ -1254,8 +1254,8 @@ static void compute_vb_list_diff(lcbvb_CONFIG *from, lcbvb_CONFIG *to, char **ou
         if (!found) {
             char *infostr = malloc(strlen(newsrv->authority) + 128);
             lcb_assert(infostr);
-            sprintf(infostr, "%s(Data=%d, Index=%d, Query=%d)", newsrv->authority, newsrv->svc.data,
-                    newsrv->svc.ixquery, newsrv->svc.n1ql);
+            snprintf(infostr, strlen(newsrv->authority) + 128, "%s(Data=%d, Index=%d, Query=%d)", newsrv->authority,
+                     newsrv->svc.data, newsrv->svc.ixquery, newsrv->svc.n1ql);
             out[offset] = infostr;
             ++offset;
         }
diff --git a/tests/basic/t_logger.cc b/tests/basic/t_logger.cc
@@ -39,7 +39,7 @@ static void fallback_logger(const lcb_LOGGER *logger, uint64_t, const char *, lc
                             const char *fmt, va_list ap)
 {
     char buf[2048];
-    vsprintf(buf, fmt, ap);
+    vsnprintf(buf, sizeof(buf), fmt, ap);
     EXPECT_FALSE(logger == NULL);
     MyLogprocs *myprocs;
     lcb_logger_cookie(logger, reinterpret_cast< void ** >(&myprocs));
diff --git a/tests/check-all.cc b/tests/check-all.cc
@@ -583,7 +583,7 @@ static bool runSingleCycle(const TestConfiguration &config)
 #ifdef __linux__
         {
             char buf[1024] = {0};
-            sprintf(buf, "ldd %s/libcouchbase_%s.so", config.libDir.c_str(), plugin.c_str());
+            snprintf(buf, sizeof(buf), "ldd %s/libcouchbase_%s.so", config.libDir.c_str(), plugin.c_str());
             fprintf(stderr, "%s\n", buf);
             int rc = system(buf);
             if (rc != 0) {
diff --git a/tests/ioserver/ioserver.cc b/tests/ioserver/ioserver.cc
@@ -101,7 +101,7 @@ TestServer::~TestServer()
 std::string TestServer::getPortString()
 {
     char buf[4096];
-    sprintf(buf, "%d", lsn->getLocalPort());
+    snprintf(buf, sizeof(buf), "%d", lsn->getLocalPort());
     return std::string(buf);
 }
 
diff --git a/tests/iotests/t_durability.cc b/tests/iotests/t_durability.cc
@@ -556,7 +556,7 @@ TEST_F(DurabilityUnitTest, testMulti)
 
     for (ii = 0; ii < limit; ii++) {
         char buf[64];
-        sprintf(buf, "key-stored-%u", ii);
+        snprintf(buf, sizeof(buf), "key-stored-%u", ii);
         string key_stored = buf;
 
         removeKey(instance, key_stored);
diff --git a/tests/iotests/t_get.cc b/tests/iotests/t_get.cc
@@ -710,7 +710,7 @@ TEST_F(GetUnitTest, DISABLED_testFailoverAndMultiGet)
         lcb_CMDSTORE *scmd;
         lcb_cmdstore_create(&scmd, LCB_STORE_UPSERT);
         char key[6];
-        sprintf(key, "key%zu", ii);
+        snprintf(key, sizeof(key), "key%zu", ii);
         keys[ii] = std::string(key);
         lcb_cmdstore_key(scmd, key, strlen(key));
         lcb_cmdstore_value(scmd, "val", 3);
@@ -1162,7 +1162,7 @@ TEST_F(GetUnitTest, DISABLED_testChangePassword)
         lcb_CMDSTORE *scmd;
         lcb_cmdstore_create(&scmd, LCB_STORE_UPSERT);
         char akey[6];
-        sprintf(akey, "key%lu", ii);
+        snprintf(akey, sizeof(akey), "key%lu", ii);
         keys[ii] = std::string(akey);
         lcb_cmdstore_key(scmd, akey, strlen(akey));
         lcb_cmdstore_value(scmd, "val", 3);
@@ -1193,7 +1193,7 @@ TEST_F(GetUnitTest, DISABLED_testChangePassword)
         lcb_CMDSTORE *scmd;
         lcb_cmdstore_create(&scmd, LCB_STORE_UPSERT);
         char akey[6];
-        sprintf(akey, "key%lu", ii);
+        snprintf(akey, sizeof(akey), "key%lu", ii);
         keys[ii] = std::string(akey);
         lcb_cmdstore_key(scmd, akey, strlen(akey));
         lcb_cmdstore_value(scmd, "val", 3);
@@ -1219,7 +1219,7 @@ TEST_F(GetUnitTest, DISABLED_testChangePassword)
         lcb_CMDSTORE *scmd;
         lcb_cmdstore_create(&scmd, LCB_STORE_UPSERT);
         char akey[6];
-        sprintf(akey, "key%lu", ii);
+        snprintf(akey, sizeof(akey), "key%lu", ii);
         keys[ii] = std::string(akey);
         lcb_cmdstore_key(scmd, akey, strlen(akey));
         lcb_cmdstore_value(scmd, "val", 3);
diff --git a/tests/iotests/t_misc.cc b/tests/iotests/t_misc.cc
@@ -447,7 +447,7 @@ TEST_F(MockUnitTest, testKeyTooLong)
     size_t counter = 0;
     for (size_t ii = 0; ii < nbCallbacks; ++ii) {
         char key[6];
-        sprintf(key, "key%lu", ii);
+        snprintf(key, sizeof(key), "key%lu", ii);
         keys[ii] = std::string(key);
         lcb_CMDSTORE *scmd;
         lcb_cmdstore_create(&scmd, LCB_STORE_UPSERT);
diff --git a/tests/iotests/testutil.cc b/tests/iotests/testutil.cc
@@ -183,7 +183,7 @@ void genDistKeys(lcbvb_CONFIG *vbc, std::vector<std::string> &out)
     EXPECT_TRUE(servers_max > 0);
 
     for (int cur_num = 0; found_servers.size() != servers_max; cur_num++) {
-        int ksize = sprintf(buf, "VBKEY_%d", cur_num);
+        int ksize = snprintf(buf, sizeof(buf), "VBKEY_%d", cur_num);
         int vbid;
         int srvix;
         lcbvb_map_key(vbc, buf, ksize, &vbid, &srvix);
@@ -802,4 +802,4 @@ void create_search_index(lcb_INSTANCE *instance, const std::string &index_name,
     lcb_cmdhttp_destroy(cmd);
     ASSERT_STATUS_EQ(LCB_SUCCESS, lcb_wait(instance, LCB_WAIT_DEFAULT));
     ASSERT_STATUS_EQ(LCB_SUCCESS, result.rc);
-}
+}
diff --git a/tests/mc/t_context.cc b/tests/mc/t_context.cc
@@ -47,7 +47,7 @@ TEST_F(McContext, testBasicContext)
     for (int ii = 0; ii < 20; ii++) {
         PacketWrap pw;
         char kbuf[128];
-        sprintf(kbuf, "key_%d", ii);
+        snprintf(kbuf, sizeof(kbuf), "key_%d", ii);
         pw.setCopyKey(kbuf);
 
         ASSERT_TRUE(pw.reservePacket(&cq));
@@ -91,7 +91,7 @@ TEST_F(McContext, testFailedContext)
     for (int ii = 0; ii < 20; ii++) {
         PacketWrap pw;
         char kbuf[128];
-        sprintf(kbuf, "Key_%d", ii);
+        snprintf(kbuf, sizeof(kbuf), "Key_%d", ii);
         pw.setCopyKey(kbuf);
 
         ASSERT_TRUE(pw.reservePacket(&cq));
diff --git a/tests/mc/t_flush.cc b/tests/mc/t_flush.cc
@@ -136,7 +136,7 @@ TEST_F(McFlush, testMultiFlush)
         auto *pw = new PacketWrap;
         pws[ii] = pw;
         char curkey[128];
-        sprintf(curkey, "Key_%d", ii);
+        snprintf(curkey, sizeof(curkey), "Key_%d", ii);
         pw->setContigKey(curkey);
 
         cookies[ii] = new MyCookie;
diff --git a/tests/mc/t_ioflush.cc b/tests/mc/t_ioflush.cc
@@ -80,7 +80,7 @@ TEST_F(McIOFlush, testIOCPFlush)
 
     for (int ii = 0; ii < count; ii++) {
         char buf[128];
-        sprintf(buf, "Key_%d", ii);
+        snprintf(buf, sizeof(buf), "Key_%d", ii);
         PacketWrap pw;
         pw.setCopyKey(buf);
         ASSERT_TRUE(pw.reservePacket(&cq));
diff --git a/tests/mocksupport/server.c b/tests/mocksupport/server.c
@@ -282,7 +282,7 @@ static int start_mock_server(struct test_server_info *info, char **cmdline)
     {
         int arg = 0;
         argv[arg++] = (char *)wrapper;
-        sprintf(monitor, "--harakiri-monitor=localhost:%d", info->port);
+        snprintf(monitor, sizeof(monitor), "--harakiri-monitor=localhost:%d", info->port);
         argv[arg++] = monitor;
 
         if (cmdline != NULL) {
diff --git a/tests/socktests/socktest.h b/tests/socktests/socktest.h
@@ -39,7 +39,7 @@ using namespace LCBTest;
 static inline void hostFromSockFD(SockFD *sfd, lcb_host_t *tgt)
 {
     strcpy(tgt->host, sfd->getLocalHost().c_str());
-    sprintf(tgt->port, "%d", sfd->getLocalPort());
+    snprintf(tgt->port, sizeof(tgt->port), "%d", sfd->getLocalPort());
 }
 
 class Loop;
diff --git a/tools/cbc-pillowfight.cc b/tools/cbc-pillowfight.cc
@@ -448,7 +448,7 @@ void log(const char *format, ...)
     va_list args;
 
     va_start(args, format);
-    vsprintf(buffer, format, args);
+    vsnprintf(buffer, sizeof(buffer), format, args);
     if (config.numTimings() > 0) {
         std::cerr << "[" << std::fixed << lcb_nstime() / 1000000000.0 << "] ";
     }
diff --git a/tools/cbc.cc b/tools/cbc.cc
diff --git a/tools/docgen/docgen.h b/tools/docgen/docgen.h
diff --git a/tools/docgen/placeholders.h b/tools/docgen/placeholders.h

Original file line number	Diff line number	Diff line change
`@@ -539,22 +539,31 @@ parse_option(struct cliopts_priv *ctx,`
`539`	`539`	`return WANT_VALUE;`
`540`	`540`	`}`
`541`	`541`
	`542`	`+static size_t bytes_left(const char *buf, size_t capacity)`
	`543`	`+{`
	`544`	`+ size_t len = strlen(buf);`
	`545`	`+ if (len >= capacity - 1) {`
	`546`	`+ return 0;`
	`547`	`+ }`
	`548`	`+ return capacity - len;`
	`549`	`+}`
	`550`	`+`
`542`	`551`	`static char *`
`543`		`-get_option_name(cliopts_entry entry, char buf)`
	`552`	`+get_option_name(cliopts_entry entry, char buf, size_t capacity)`
`544`	`553`	`{`
`545`	`554`	`/* [-s,--option] */`
`546`	`555`	`char *bufp = buf;`
`547`		`- bufp += sprintf(buf, "[");`
	`556`	`+ bufp += snprintf(buf, bytes_left(buf, capacity), "[");`
`548`	`557`	`if (entry->kshort) {`
`549`		`- bufp += sprintf(bufp, "-%c", entry->kshort);`
	`558`	`+ bufp += snprintf(bufp, bytes_left(buf, capacity), "-%c", entry->kshort);`
`550`	`559`	`}`
`551`	`560`	`if (entry->klong) {`
`552`	`561`	`if (entry->kshort) {`
`553`		`- bufp += sprintf(bufp, ",");`
	`562`	`+ bufp += snprintf(bufp, bytes_left(buf, capacity), ",");`
`554`	`563`	`}`
`555`		`- bufp += sprintf(bufp, "--%s", entry->klong);`
	`564`	`+ bufp += snprintf(bufp, bytes_left(buf, capacity), "--%s", entry->klong);`
`556`	`565`	`}`
`557`		`- sprintf(bufp, "]");`
	`566`	`+ snprintf(bufp, bytes_left(buf, capacity), "]");`
`558`	`567`	`return buf;`
`559`	`568`	`}`
`560`	`569`
`@@ -576,12 +585,12 @@ static int get_terminal_width(void)`
`576`	`585`
`577`	`586`	`static char*`
`578`	`587`	`format_option_help(cliopts_entry *entry,`
`579`		`- char *buf,`
	`588`	`+ char *buf, size_t capacity,`
`580`	`589`	`struct cliopts_extra_settings *settings)`
`581`	`590`	`{`
`582`	`591`	`char *bufp = buf;`
`583`	`592`	`if (entry->kshort) {`
`584`		`- bufp += sprintf(bufp, " -%c ", entry->kshort);`
	`593`	`+ bufp += snprintf(bufp, bytes_left(buf, capacity), " -%c ", entry->kshort);`
`585`	`594`	`}`
`586`	`595`
`587`	`596`	`#define _advance_margin(offset) \`
`@@ -595,11 +604,11 @@ format_option_help(cliopts_entry *entry,`
`595`	`604`	`_advance_margin(4)`
`596`	`605`
`597`	`606`	`if (entry->klong) {`
`598`		`- bufp += sprintf(bufp, " --%s ", entry->klong);`
	`607`	`+ bufp += snprintf(bufp, bytes_left(buf, capacity), " --%s ", entry->klong);`
`599`	`608`	`}`
`600`	`609`
`601`	`610`	`if (entry->vdesc) {`
`602`		`- bufp += sprintf(bufp, " <%s> ", entry->vdesc);`
	`611`	`+ bufp += snprintf(bufp, bytes_left(buf, capacity), " <%s> ", entry->vdesc);`
`603`	`612`	`}`
`604`	`613`
`605`	`614`	`_advance_margin(35)`
`@@ -664,7 +673,7 @@ print_help(struct cliopts_priv ctx, struct cliopts_extra_settings settings)`
`664`	`673`	`}`
`665`	`674`
`666`	`675`	`memset(helpbuf, 0, sizeof(helpbuf));`
`667`		`- format_option_help(cur, helpbuf, settings);`
	`676`	`+ format_option_help(cur, helpbuf, sizeof(helpbuf), settings);`
`668`	`677`	`fprintf(stderr, INDENT "%s", helpbuf);`
`669`	`678`
`670`	`679`
`@@ -728,7 +737,7 @@ print_help(struct cliopts_priv ctx, struct cliopts_extra_settings settings)`
`728`	`737`	`}`
`729`	`738`	`memset(helpbuf, 0, sizeof(helpbuf));`
`730`	`739`	`fprintf(stderr, INDENT "%s\n",`
`731`		`- format_option_help(&helpent, helpbuf, settings));`
	`740`	`+ format_option_help(&helpent, helpbuf, sizeof(helpbuf), settings));`
`732`	`741`
`733`	`742`	`}`
`734`	`743`
`@@ -747,7 +756,7 @@ dump_error(struct cliopts_priv *ctx)`
`747`	`756`	`} else if (ctx->errnum == CLIOPTS_ERR_ISSWITCH) {`
`748`	`757`	`char optbuf[64] = { 0 };`
`749`	`758`	`fprintf(stderr, "Option %s takes no arguments",`
`750`		`- get_option_name(ctx->prev, optbuf));`
	`759`	`+ get_option_name(ctx->prev, optbuf, sizeof(optbuf)));`
`751`	`760`	`}`
`752`	`761`	`fprintf(stderr, "\n");`
`753`	`762`
`@@ -865,7 +874,7 @@ cliopts_parse_options(cliopts_entry *entries,`
`865`	`874`	`}`
`866`	`875`
`867`	`876`	`fprintf(stderr, "Required option %s missing\n",`
`868`		`- get_option_name(cur_ent, entbuf));`
	`877`	`+ get_option_name(cur_ent, entbuf, sizeof(entbuf)));`
`869`	`878`	`}`
`870`	`879`	`}`
`871`	`880`
Original file line number	Diff line number	Diff line change
`@@ -142,7 +142,7 @@ lcb_STATUS lcb_host_parse(lcb_host_t host, const char spec, int speclen, int d`
`142`	`142`	`if (*port_s) {`
`143`	`143`	`strcpy(host->port, port_s);`
`144`	`144`	`} else {`
`145`		`- sprintf(host->port, "%d", deflport);`
	`145`	`+ snprintf(host->port, sizeof(host->port), "%d", deflport);`
`146`	`146`	`}`
`147`	`147`	`host->ipv6 = ipv6;`
`148`	`148`
Original file line number	Diff line number	Diff line change
`@@ -187,7 +187,7 @@ lcb_STATUS lcb_stats(lcb_INSTANCE instance, void cookie, const lcb_CMDSTATS *c`
`187`	`187`	`return LCB_ERR_INVALID_ARGUMENT;`
`188`	`188`	`}`
`189`	`189`	`}`
`190`		`- sprintf(ksbuf, "key %.s %d", (int)kbuf_in->nbytes, (const char )kbuf_in->bytes, vbid);`
	`190`	`+ snprintf(ksbuf, sizeof(ksbuf), "key %.s %d", (int)kbuf_in->nbytes, (const char )kbuf_in->bytes, vbid);`
`191`	`191`	`kbuf_out.contig.nbytes = strlen(ksbuf);`
`192`	`192`	`kbuf_out.contig.bytes = ksbuf;`
`193`	`193`	`} else {`