https://github.com/unicode-org/icu/commit/ec2d4b346edab4b803a85464a4ff170bf28cb417 --- icu/source/common/putil.cpp.orig +++ icu/source/common/putil.cpp @@ -1463,7 +1463,7 @@ # endif # if defined(ICU_DATA_DIR_PREFIX_ENV_VAR) if (prefix != NULL) { - snprintf(datadir_path_buffer, PATH_MAX, "%s%s", prefix, path); + snprintf(datadir_path_buffer, sizeof(datadir_path_buffer), "%s%s", prefix, path); path=datadir_path_buffer; } # endif @@ -1553,7 +1553,7 @@ #if defined(ICU_TIMEZONE_FILES_DIR_PREFIX_ENV_VAR) if (prefix != NULL) { - snprintf(timezonefilesdir_path_buffer, PATH_MAX, "%s%s", prefix, dir); + snprintf(timezonefilesdir_path_buffer, sizeof(timezonefilesdir_path_buffer), "%s%s", prefix, dir); dir = timezonefilesdir_path_buffer; } #endif @@ -2124,7 +2124,7 @@ } /* else use the default */ } - sprintf(codepage,"ibm-%d", ccsid); + snprintf(codepage, sizeof(codepage), "ibm-%d", ccsid); return codepage; #elif U_PLATFORM == U_PF_OS390 @@ -2161,7 +2161,7 @@ // are between 3 and 19999 if (codepageNumber > 0 && codepageNumber < 20000) { - sprintf(codepage, "windows-%ld", codepageNumber); + snprintf(codepage, sizeof(codepage), "windows-%ld", codepageNumber); return codepage; } // If the codepage number call failed then return UTF-8 --- icu/source/common/wintz.cpp.orig +++ icu/source/common/wintz.cpp @@ -143,7 +143,7 @@ // // For example, a time zone that is 3 hours ahead of UTC (UTC+03:00) would have a Bias value of -180, and the // corresponding time zone ID would be "Etc/GMT-3". (So there is no need to negate utcOffsetMins below.) - int ret = snprintf(gmtOffsetTz, UPRV_LENGTHOF(gmtOffsetTz), "Etc/GMT%+ld", utcOffsetMins / 60); + int ret = snprintf(gmtOffsetTz, sizeof(gmtOffsetTz), "Etc/GMT%+ld", utcOffsetMins / 60); if (ret > 0 && ret < UPRV_LENGTHOF(gmtOffsetTz)) { return uprv_strdup(gmtOffsetTz); } --- icu/source/extra/uconv/uconv.cpp.orig +++ icu/source/extra/uconv/uconv.cpp @@ -807,7 +807,7 @@ // length of the just consumed bytes - // length of the error bytes length = - (int8_t)sprintf(pos, "%d", + (int8_t)snprintf(pos, sizeof(pos), "%d", (int)(infoffset + (cbufp - buf) - errorLength)); // output the bytes that caused the error @@ -988,7 +988,7 @@ errtag = "problemCvtFromUOut"; } - length = (int8_t)sprintf(pos, "%u", (int)ferroffset); + length = (int8_t)snprintf(pos, sizeof(pos), "%u", (int)ferroffset); // output the code points that caused the error UnicodeString str; --- icu/source/i18n/astro.cpp.orig +++ icu/source/i18n/astro.cpp @@ -1481,7 +1481,7 @@ { #ifdef U_DEBUG_ASTRO char tmp[800]; - sprintf(tmp, "[%.5f,%.5f]", longitude*RAD_DEG, latitude*RAD_DEG); + snprintf(tmp, sizeof(tmp), "[%.5f,%.5f]", longitude*RAD_DEG, latitude*RAD_DEG); return UnicodeString(tmp, ""); #else return UnicodeString(); @@ -1492,7 +1492,7 @@ { #ifdef U_DEBUG_ASTRO char tmp[400]; - sprintf(tmp, "%f,%f", + snprintf(tmp, sizeof(tmp), "%f,%f", (ascension*RAD_DEG), (declination*RAD_DEG)); return UnicodeString(tmp, ""); #else @@ -1504,7 +1504,7 @@ { #ifdef U_DEBUG_ASTRO char tmp[800]; - sprintf(tmp, "[%.5f,%.5f]", altitude*RAD_DEG, azimuth*RAD_DEG); + snprintf(tmp, sizeof(tmp), "[%.5f,%.5f]", altitude*RAD_DEG, azimuth*RAD_DEG); return UnicodeString(tmp, ""); #else return UnicodeString(); --- icu/source/i18n/choicfmt.cpp.orig +++ icu/source/i18n/choicfmt.cpp @@ -175,10 +175,10 @@ char *itrPtr = temp; char *expPtr; - sprintf(temp, "%.*g", DBL_DIG, value); + snprintf(temp, sizeof(temp), "%.*g", DBL_DIG, value); /* Find and convert the decimal point. - Using setlocale on some machines will cause sprintf to use a comma for certain locales. + Using setlocale on some machines will cause snprintf to use a comma for certain locales. */ while (*itrPtr && (*itrPtr == '-' || isdigit(*itrPtr))) { itrPtr++; --- icu/source/i18n/dtitvfmt.cpp.orig +++ icu/source/i18n/dtitvfmt.cpp @@ -104,7 +104,7 @@ UnicodeString pat; ((SimpleDateFormat*)dtfmt)->toPattern(pat); pat.extract(0, pat.length(), result_1, "UTF-8"); - sprintf(mesg, "skeleton: %s; pattern: %s\n", result, result_1); + snprintf(mesg, sizeof(mesg), "skeleton: %s; pattern: %s\n", result, result_1); PRINTMESG(mesg) #endif @@ -761,7 +761,7 @@ char result_1[1000]; char mesg[2000]; fSkeleton.extract(0, fSkeleton.length(), result, "UTF-8"); - sprintf(mesg, "in getBestSkeleton: fSkeleton: %s; \n", result); + snprintf(mesg, sizeof(mesg), "in getBestSkeleton: fSkeleton: %s; \n", result); PRINTMESG(mesg) #endif // fSkeleton is already set by createDateIntervalInstance() @@ -808,7 +808,7 @@ char result_1[1000]; char mesg[2000]; fSkeleton.extract(0, fSkeleton.length(), result, "UTF-8"); - sprintf(mesg, "in getBestSkeleton: fSkeleton: %s; \n", result); + snprintf(mesg, sizeof(mesg), "in getBestSkeleton: fSkeleton: %s; \n", result); PRINTMESG(mesg) #endif --- icu/source/i18n/dtitvinf.cpp.orig +++ icu/source/i18n/dtitvinf.cpp @@ -547,7 +547,7 @@ char result_1[1000]; char mesg[2000]; skeleton.extract(0, skeleton.length(), result, "UTF-8"); - sprintf(mesg, "in getBestSkeleton: skeleton: %s; \n", result); + snprintf(mesg, sizeof(mesg), "in getBestSkeleton: skeleton: %s; \n", result); PRINTMESG(mesg) #endif @@ -616,7 +616,7 @@ UnicodeString* newSkeleton = (UnicodeString*)keyTok.pointer; #ifdef DTITVINF_DEBUG skeleton->extract(0, skeleton->length(), result, "UTF-8"); - sprintf(mesg, "available skeletons: skeleton: %s; \n", result); + snprintf(mesg, sizeof(mesg), "available skeletons: skeleton: %s; \n", result); PRINTMESG(mesg) #endif --- icu/source/i18n/plurrule.cpp.orig +++ icu/source/i18n/plurrule.cpp @@ -1808,9 +1808,9 @@ } } - // Slow path, convert with sprintf, parse converted output. + // Slow path, convert with snprintf, parse converted output. char buf[30] = {0}; - sprintf(buf, "%1.15e", n); + snprintf(buf, sizeof(buf), "%1.15e", n); // formatted number looks like this: 1.234567890123457e-01 int exponent = atoi(buf+18); int numFractionDigits = 15; --- icu/source/test/cintltst/capitst.c.orig +++ icu/source/test/cintltst/capitst.c @@ -48,16 +48,16 @@ uint8_t b; if (position + 1 < len) - position += sprintf(buffer + position, "["); + position += snprintf(buffer + position, len-position, "["); while ((b = *sortkey++) != 0) { if (b == 1 && position + 5 < len) { - position += sprintf(buffer + position, "%02X . ", b); + position += snprintf(buffer + position, len-position, "%02X . ", b); } else if (b != 1 && position + 3 < len) { - position += sprintf(buffer + position, "%02X ", b); + position += snprintf(buffer + position, len-position, "%02X ", b); } } if (position + 3 < len) - position += sprintf(buffer + position, "%02X]", b); + position += snprintf(buffer + position, len-position, "%02X]", b); return buffer; } @@ -1282,8 +1282,8 @@ for(i=0;i -/* the following include is needed for sprintf */ +/* the following include is needed for snprintf */ #include #define MAXLEN MAX_STRING_LENGTH @@ -4489,7 +4489,7 @@ mismatch |= (UBool)(j >= nPortions || processedLen != testData[i].portionLens[levelIndex][j]); - sprintf(processedLenStr + j * 4, "%4d", processedLen); + snprintf(processedLenStr + j * 4, sizeof(processedLenStr) - j * 4, "%4d", processedLen); srcLen -= processedLen, pSrc += processedLen; } --- icu/source/test/cintltst/ccolltst.c.orig +++ icu/source/test/cintltst/ccolltst.c @@ -56,14 +56,14 @@ /*Internal functions used*/ -static char* dumpSk(uint8_t *sourceKey, char *sk) { +static char* dumpSk(uint8_t *sourceKey, char *sk, size_t n) { uint32_t kLen = (uint32_t)strlen((const char *)sourceKey); uint32_t i = 0; *sk = 0; for(i = 0; i #include -#include // for sprintf() +#include // for snprintf() #define RESTEST_HEAP_CHECK 0 @@ -1093,13 +1093,13 @@ UResourceBundle* regularRB = ures_open(NULL, testLocale, &err); char errorMessage[200]; - sprintf(errorMessage, "Error %s opening resource bundle for locale %s and URES_OPEN_LOCALE_DEFAULT_ROOT", u_errorName(err), testLocale); + snprintf(errorMessage, sizeof(errorMessage), "Error %s opening resource bundle for locale %s and URES_OPEN_LOCALE_DEFAULT_ROOT", u_errorName(err), testLocale); if (assertSuccess(errorMessage, &err)) { const char* resourceLocale = ures_getLocaleByType(regularRB, ULOC_ACTUAL_LOCALE, &err); - sprintf(errorMessage, "Error %s getting resource locale for locale %s and URES_OPEN_LOCALE_DEFAULT_ROOT", u_errorName(err), testLocale); + snprintf(errorMessage, sizeof(errorMessage), "Error %s getting resource locale for locale %s and URES_OPEN_LOCALE_DEFAULT_ROOT", u_errorName(err), testLocale); if (assertSuccess(errorMessage, &err)) { - sprintf(errorMessage, "Mismatch for locale %s and URES_OPEN_LOCALE_DEFAULT_ROOT", testLocale); + snprintf(errorMessage, sizeof(errorMessage), "Mismatch for locale %s and URES_OPEN_LOCALE_DEFAULT_ROOT", testLocale); if (uprv_strcmp(regularExpected, "root") == 0) { assertEquals(errorMessage, defaultLocaleID, resourceLocale); } else { @@ -1112,13 +1112,13 @@ err = U_ZERO_ERROR; UResourceBundle* noDefaultRB = ures_openNoDefault(NULL, testLocale, &err); - sprintf(errorMessage, "Error %s opening resource bundle for locale %s and URES_OPEN_LOCALE_ROOT", u_errorName(err), testLocale); + snprintf(errorMessage, sizeof(errorMessage), "Error %s opening resource bundle for locale %s and URES_OPEN_LOCALE_ROOT", u_errorName(err), testLocale); if (assertSuccess(errorMessage, &err)) { const char* resourceLocale = ures_getLocaleByType(noDefaultRB, ULOC_ACTUAL_LOCALE, &err); - sprintf(errorMessage, "Error %s getting resource locale for locale %s and URES_OPEN_LOCALE_ROOT", u_errorName(err), testLocale); + snprintf(errorMessage, sizeof(errorMessage), "Error %s getting resource locale for locale %s and URES_OPEN_LOCALE_ROOT", u_errorName(err), testLocale); if (assertSuccess(errorMessage, &err)) { - sprintf(errorMessage, "Mismatch for locale %s and URES_OPEN_LOCALE_ROOT", testLocale); + snprintf(errorMessage, sizeof(errorMessage), "Mismatch for locale %s and URES_OPEN_LOCALE_ROOT", testLocale); assertEquals(errorMessage, noDefaultExpected, resourceLocale); } } --- icu/source/test/cintltst/creststn.c.orig +++ icu/source/test/cintltst/creststn.c @@ -2843,7 +2843,7 @@ resource[0]='a'; resource[1]='0'+i; resource[2]=0; - /* instead of sprintf(resource, "a%i", i); */ + /* instead of snprintf(resource, "a%i", i); */ a = ures_getByKeyWithFallback(alias, resource, a, &status); result = tres_getString(a, -1, NULL, &len, &status); u_charsToUChars(expects[i], expected, (int32_t)strlen(expects[i])+1); --- icu/source/test/cintltst/nccbtst.c.orig +++ icu/source/test/cintltst/nccbtst.c @@ -77,7 +77,7 @@ static void setNuConvTestName(const char *codepage, const char *direction) { - sprintf(gNuConvTestName, "[testing %s %s Unicode, InputBufSiz=%d, OutputBufSiz=%d]", + snprintf(gNuConvTestName, sizeof(gNuConvTestName), "[testing %s %s Unicode, InputBufSiz=%d, OutputBufSiz=%d]", codepage, direction, (int)gInBufferSize, @@ -2755,8 +2755,8 @@ offset_str[0] = 0; for(p = junkout;p // for sprintf +#include // for snprintf #include "intltest.h" #include "alphaindextst.h" @@ -647,11 +647,11 @@ UnicodeString name = UnicodeString(testCase.name).unescape(); UnicodeString label = UnicodeString(testCase.bucketLabel).unescape(); char msg[100]; - sprintf(msg, "getBucketIndex(%s)", testCase.name); + snprintf(msg, sizeof(msg), "getBucketIndex(%s)", testCase.name); assertEquals(msg, testCase.bucketIndex, index.getBucketIndex(name, status)); - sprintf(msg, "immutable getBucketIndex(%s)", testCase.name); + snprintf(msg, sizeof(msg), "immutable getBucketIndex(%s)", testCase.name); assertEquals(msg, testCase.bucketIndex, immIndex->getBucketIndex(name, status)); - sprintf(msg, "immutable bucket label (%s)", testCase.name); + snprintf(msg, sizeof(msg), "immutable bucket label (%s)", testCase.name); assertEquals(msg, label, immIndex->getBucket(testCase.bucketIndex)->getLabel()); } } @@ -698,7 +698,7 @@ int32_t overflowIndex = immIndex->getBucketCount() - 1; for(int32_t i = 0; i < UPRV_LENGTHOF(kanji); ++i) { char msg[40]; - sprintf(msg, "kanji[%d]=U+%04lX in overflow bucket", (int)i, (long)kanji[i]); + snprintf(msg, sizeof(msg), "kanji[%d]=U+%04lX in overflow bucket", (int)i, (long)kanji[i]); assertEquals(msg, overflowIndex, immIndex->getBucketIndex(UnicodeString(kanji[i]), status)); TEST_CHECK_STATUS; } --- icu/source/test/intltest/bidiconf.cpp.orig +++ icu/source/test/intltest/bidiconf.cpp @@ -497,7 +497,7 @@ } else if(paraDirection<0 && -paraDirection<=(UBIDI_MAX_EXPLICIT_LEVEL+1)) { paraLevel=(UBiDiLevel)(-paraDirection); - sprintf(levelNameString, "%d", (int)paraLevel); + snprintf(levelNameString, sizeof(levelNameString), "%d", (int)paraLevel); paraLevelName=levelNameString; } if(end<=start || (!U_IS_INV_WHITESPACE(*end) && *end!=';' && *end!=0) || --- icu/source/test/intltest/caltest.cpp.orig +++ icu/source/test/intltest/caltest.cpp @@ -2513,7 +2513,7 @@ char* CalFields::toString(char* buf, int32_t len) const { char local[32]; - sprintf(local, "%04d-%02d-%02d %02d:%02d:%02d.%03d", year, month, day, hour, min, sec, ms); + snprintf(local, sizeof(local), "%04d-%02d-%02d %02d:%02d:%02d.%03d", year, month, day, hour, min, sec, ms); uprv_strncpy(buf, local, len - 1); buf[len - 1] = 0; return buf; --- icu/source/test/intltest/compactdecimalformattest.cpp.orig +++ icu/source/test/intltest/compactdecimalformattest.cpp @@ -513,7 +513,7 @@ return; } char description[256]; - sprintf(description,"%s - %s", locale.getName(), StyleStr(style)); + snprintf(description, sizeof(description), "%s - %s", locale.getName(), StyleStr(style)); for (int32_t i = 0; i < expectedResultLength; i++) { CheckExpectedResult(cdf.getAlias(), &expectedResults[i], description); } @@ -532,7 +532,7 @@ cdf->setCurrency(currency, status); assertSuccess("Failed to set currency", status); char description[256]; - sprintf(description,"%s - %s", locale.getName(), StyleStr(style)); + snprintf(description, sizeof(description), "%s - %s", locale.getName(), StyleStr(style)); for (int32_t i = 0; i < expectedResultLength; i++) { CheckExpectedResult(cdf.getAlias(), &expectedResults[i], description); } --- icu/source/test/intltest/dadrcal.cpp.orig +++ icu/source/test/intltest/dadrcal.cpp @@ -103,7 +103,7 @@ // load parameters char theCase[200]; - sprintf(theCase, "[case %d]", n); + snprintf(theCase, sizeof(theCase), "[case %d]", n); UnicodeString caseString(theCase, ""); // build to calendar // Headers { "locale","from","operation","params","to" } --- icu/source/test/intltest/dadrfmt.cpp.orig +++ icu/source/test/intltest/dadrfmt.cpp @@ -126,7 +126,7 @@ ++n; char theCase[200]; - sprintf(theCase, "case %d:", n); + snprintf(theCase, sizeof(theCase), "case %d:", n); UnicodeString caseString(theCase, ""); // load params --- icu/source/test/intltest/dcfmapts.cpp.orig +++ icu/source/test/intltest/dcfmapts.cpp @@ -653,7 +653,7 @@ auto lhs = (expect); \ auto rhs = (actual); \ char tmp[200]; \ - sprintf(tmp, "(%g==%g)", (double)lhs, (double)rhs); \ + snprintf(tmp, sizeof(tmp), "(%g==%g)", (double)lhs, (double)rhs); \ assertTrue(tmp, (lhs==rhs), false, true, __FILE__, __LINE__); \ } UPRV_BLOCK_MACRO_END --- icu/source/test/intltest/dtfmtrtts.cpp.orig +++ icu/source/test/intltest/dtfmtrtts.cpp @@ -557,7 +557,7 @@ } else { dst += UnicodeString("["); char buf [12]; - sprintf(buf, "%#04x", c); + snprintf(buf, sizeof(buf), "%#04x", c); dst += UnicodeString(buf); dst += UnicodeString("]"); } --- icu/source/test/intltest/dtfmttst.cpp.orig +++ icu/source/test/intltest/dtfmttst.cpp @@ -23,7 +23,7 @@ #include "cmemory.h" #include "cstring.h" #include "caltest.h" // for fieldName -#include // for sprintf +#include // for snprintf #if U_PLATFORM_USES_ONLY_WIN32_API #include "windttst.h" @@ -2401,7 +2401,7 @@ const Locale& loc, const char *expectChars) { char banner[25]; - sprintf(banner, "%d", daysdelta); + snprintf(banner, sizeof(banner), "%d", daysdelta); UnicodeString bannerStr(banner, ""); UErrorCode status = U_ZERO_ERROR; --- icu/source/test/intltest/dtifmtts.cpp.orig +++ icu/source/test/intltest/dtifmtts.cpp @@ -1539,7 +1539,7 @@ char mesg[1000]; PRINTMESG("interval format using user defined DateIntervalInfo\n"); str.extract(0, str.length(), result, "UTF-8"); - sprintf(mesg, "interval date: %s\n", result); + snprintf(mesg, sizeof(mesg), "interval date: %s\n", result); PRINTMESG(mesg); #endif delete dtitvfmt; @@ -1662,7 +1662,7 @@ #ifdef DTIFMTTS_DEBUG char result[1000]; char mesg[1000]; - sprintf(mesg, "locale: %s\n", locName); + snprintf(mesg, sizeof(mesg), "locale: %s\n", locName); PRINTMESG(mesg); #endif @@ -1672,7 +1672,7 @@ const char* datestr = data[i++]; const char* datestr_2 = data[i++]; #ifdef DTIFMTTS_DEBUG - sprintf(mesg, "original date: %s - %s\n", datestr, datestr_2); + snprintf(mesg, sizeof(mesg), "original date: %s - %s\n", datestr, datestr_2); PRINTMESG(mesg) #endif UDate date = ref.parse(ctou(datestr), ec); @@ -1706,10 +1706,10 @@ if (!assertSuccess("format", ec)) return; #ifdef DTIFMTTS_DEBUG oneSkeleton.extract(0, oneSkeleton.length(), result, "UTF-8"); - sprintf(mesg, "interval by skeleton: %s\n", result); + snprintf(mesg, sizeof(mesg), "interval by skeleton: %s\n", result); PRINTMESG(mesg) str.extract(0, str.length(), result, "UTF-8"); - sprintf(mesg, "interval date: %s\n", result); + snprintf(mesg, sizeof(mesg), "interval date: %s\n", result); PRINTMESG(mesg) #endif delete dtitvfmt; @@ -1733,7 +1733,7 @@ #ifdef DTIFMTTS_DEBUG PRINTMESG("interval format using user defined DateIntervalInfo\n"); str.extract(0, str.length(), result, "UTF-8"); - sprintf(mesg, "interval date: %s\n", result); + snprintf(mesg, sizeof(mesg), "interval date: %s\n", result); PRINTMESG(mesg) #endif } else { --- icu/source/test/intltest/icusvtst.cpp.orig +++ icu/source/test/intltest/icusvtst.cpp @@ -168,10 +168,10 @@ } else if ((loc = dynamic_cast(obj)) != NULL) { result.append(loc->getName()); } else if ((i = dynamic_cast(obj)) != NULL) { - sprintf(buffer, "%d", (int)i->_val); + snprintf(buffer, sizeof(buffer), "%d", (int)i->_val); result.append(buffer); } else { - sprintf(buffer, "%p", (const void*)obj); + snprintf(buffer, sizeof(buffer), "%p", (const void*)obj); result.append(buffer); } } --- icu/source/test/intltest/incaltst.cpp.orig +++ icu/source/test/intltest/incaltst.cpp @@ -42,7 +42,7 @@ else { dst += UnicodeString("["); char buf [8]; - sprintf(buf, "%#x", c); + snprintf(buf, sizeof(buf), "%#x", c); dst += UnicodeString(buf); dst += UnicodeString("]"); } --- icu/source/test/intltest/intltest.cpp.orig +++ icu/source/test/intltest/intltest.cpp @@ -78,7 +78,7 @@ char buffer[64]; // nos changed from 10 to 64 char danger = 'p'; // guard against overrunning the buffer (rtg) - sprintf(buffer, "%ld", num); + snprintf(buffer, sizeof(buffer), "%ld", num); assert(danger == 'p'); return left + buffer; @@ -91,7 +91,7 @@ char buffer[64]; // nos changed from 10 to 64 char danger = 'p'; // guard against overrunning the buffer (rtg) - sprintf(buffer, "%lu", num); + snprintf(buffer, sizeof(buffer), "%lu", num); assert(danger == 'p'); return left + buffer; @@ -104,9 +104,9 @@ char danger = 'p'; // guard against overrunning the buffer (rtg) #if defined(_MSC_VER) - sprintf(buffer, "%I64d", num); + snprintf(buffer, sizeof(buffer), "%I64d", num); #else - sprintf(buffer, "%lld", (long long)num); + snprintf(buffer, sizeof(buffer), "%lld", (long long)num); #endif assert(danger == 'p'); @@ -119,7 +119,7 @@ char buffer[64]; // nos changed from 10 to 64 char danger = 'p'; // guard against overrunning the buffer (rtg) - sprintf(buffer, "%1.14e", num); + snprintf(buffer, sizeof(buffer), "%1.14e", num); assert(danger == 'p'); return buffer; @@ -137,7 +137,7 @@ // 53*log(2)/log(10) = 15.95 // so there is no need to show more than 16 digits. [alan] - sprintf(buffer, "%.17g", num); + snprintf(buffer, sizeof(buffer), "%.17g", num); assert(danger == 'p'); return left + buffer; @@ -781,7 +781,7 @@ lastErrorCount = errorCount; execCount++; char msg[256]; - sprintf(msg, "%s {", name); + snprintf(msg, sizeof(msg), "%s {", name); LL_message(msg, true); UDate timeStart = uprv_getRawUTCtime(); strcpy(saveBaseLoc,name); @@ -795,7 +795,7 @@ rval = true; // at least one test has been called char secs[256]; if(!no_time) { - sprintf(secs, "%f", (timeStop-timeStart)/1000.0); + snprintf(secs, sizeof(secs), "%f", (timeStop-timeStart)/1000.0); } else { secs[0]=0; } @@ -810,11 +810,11 @@ saveBaseLoc[0]=0; /* reset path */ if (lastErrorCount == errorCount) { - sprintf( msg, " } OK: %s ", name ); + snprintf( msg, sizeof(msg), " } OK: %s ", name ); if(!no_time) str_timeDelta(msg+strlen(msg),timeStop-timeStart); lastTestFailed = false; }else{ - sprintf(msg, " } ERRORS (%li) in %s", (long)(errorCount-lastErrorCount), name); + snprintf(msg, sizeof(msg), " } ERRORS (%li) in %s", (long)(errorCount-lastErrorCount), name); if(!no_time) str_timeDelta(msg+strlen(msg),timeStop-timeStart); for(int i=0;iparse(formatResult, parseResult, status); if (U_FAILURE(status)) { - sprintf(buf, "Round-trip status failure: %.12g, status: %d", i, status); + snprintf(buf, sizeof(buf), "Round-trip status failure: %.12g, status: %d", i, status); errln(buf); return; } else { @@ -309,7 +309,7 @@ (double)parseResult.getLong(); if (rt != i) { - sprintf(buf, "Round-trip failed: %.12g -> %.12g", i, rt); + snprintf(buf, sizeof(buf), "Round-trip failed: %.12g -> %.12g", i, rt); errln(buf); return; } @@ -327,7 +327,7 @@ Formattable parseResult; formatter->parse(formatResult, parseResult, status); if (U_FAILURE(status)) { - sprintf(buf, "Round-trip status failure: %.12g, status: %d", d, status); + snprintf(buf, sizeof(buf), "Round-trip status failure: %.12g, status: %d", d, status); errln(buf); return; } else { @@ -337,10 +337,10 @@ if (rt != d) { UnicodeString msg; - sprintf(buf, "Round-trip failed: %.12g -> ", d); + snprintf(buf, sizeof(buf), "Round-trip failed: %.12g -> ", d); msg.append(buf); msg.append(formatResult); - sprintf(buf, " -> %.12g", rt); + snprintf(buf, sizeof(buf), " -> %.12g", rt); msg.append(buf); errln(msg); return; --- icu/source/test/intltest/itspoof.cpp.orig +++ icu/source/test/intltest/itspoof.cpp @@ -603,7 +603,7 @@ if (expectedLevel > levelSetInSpoofChecker) { expectedValue |= USPOOF_RESTRICTION_LEVEL; } - sprintf(msgBuffer, "testNum = %d, levelIndex = %d, expected = %#x, actual = %#x", + snprintf(msgBuffer, sizeof(msgBuffer), "testNum = %d, levelIndex = %d, expected = %#x, actual = %#x", testNum, levelIndex, expectedValue, actualValue); TEST_ASSERT_MSG(expectedValue == actualValue, msgBuffer); TEST_ASSERT_SUCCESS(status); @@ -647,7 +647,7 @@ UErrorCode status = U_ZERO_ERROR; for (int32_t testNum=0; testNum < UPRV_LENGTHOF(tests); testNum++) { char msgBuf[100]; - sprintf(msgBuf, "testNum = %d ", testNum); + snprintf(msgBuf, sizeof(msgBuf), "testNum = %d ", testNum); Test &test = tests[testNum]; status = U_ZERO_ERROR; --- icu/source/test/intltest/listformattertest.cpp.orig +++ icu/source/test/intltest/listformattertest.cpp @@ -84,7 +84,7 @@ int32_t start = cfp.getStart(); int32_t limit = cfp.getLimit(); char buf[128]; - sprintf(buf, "%24s %3d %3d %3d", attrString(id), id, start, limit); + snprintf(buf, sizeof(buf), "%24s %3d %3d %3d", attrString(id), id, start, limit); logln(buf); for (int i = 0; i < tupleCount; ++i) { if (found[i]) { --- icu/source/test/intltest/loctest.cpp.orig +++ icu/source/test/intltest/loctest.cpp @@ -490,7 +490,7 @@ errln(" ISO-3 country code mismatch: " + temp + " versus " + dataTable[CTRY3][i]); - sprintf(temp2, "%x", (int)testLocale.getLCID()); + snprintf(temp2, sizeof(temp2), "%x", (int)testLocale.getLCID()); if (UnicodeString(temp2) != dataTable[LCID][i]) errln((UnicodeString)" LCID mismatch: " + temp2 + " versus " + dataTable[LCID][i]); --- icu/source/test/intltest/nmfmtrt.cpp.orig +++ icu/source/test/intltest/nmfmtrt.cpp @@ -19,7 +19,7 @@ #include "cstring.h" #include -#include // for sprintf +#include // for snprintf #include // ***************************************************************************** @@ -358,7 +358,7 @@ } else { s += "+U"; char temp[16]; - sprintf(temp, "%4X", c); // might not work + snprintf(temp, sizeof(temp), "%4X", c); // might not work s += temp; } } --- icu/source/test/intltest/normconf.cpp.orig +++ icu/source/test/intltest/normconf.cpp @@ -256,7 +256,7 @@ } fields[0]=fields[1]=fields[2]=fields[3]=fields[4].setTo(c); - sprintf(lineBuf, "not mentioned code point U+%04lx", (long)c); + snprintf(lineBuf, sizeof(lineBuf), "not mentioned code point U+%04lx", (long)c); if (checkConformance(fields, lineBuf, options, status)) { ++passCount; --- icu/source/test/intltest/numberformattesttuple.cpp.orig +++ icu/source/test/intltest/numberformattesttuple.cpp @@ -192,7 +192,7 @@ const void *doublePtr, UnicodeString &appendTo) { char buffer[256]; double x = *static_cast(doublePtr); - sprintf(buffer, "%f", x); + snprintf(buffer, sizeof(buffer), "%f", x); appendTo.append(buffer); } --- icu/source/test/intltest/numfmtst.cpp.orig +++ icu/source/test/intltest/numfmtst.cpp @@ -68,7 +68,7 @@ using namespace icu::number; //#define NUMFMTST_CACHE_DEBUG 1 -#include "stdio.h" /* for sprintf */ +#include "stdio.h" /* for snprintf */ // #include "iostream" // for cout //#define NUMFMTST_DEBUG 1 @@ -3123,7 +3123,7 @@ UErrorCode status = U_ZERO_ERROR; char theInfo[100]; - sprintf(theInfo, "For locale %s, string \"%s\", currency ", + snprintf(theInfo, sizeof(theInfo), "For locale %s, string \"%s\", currency ", fmt.getLocale(ULOC_ACTUAL_LOCALE, status).getBaseName(), text); u_austrcpy(theInfo+uprv_strlen(theInfo), currency); @@ -6662,7 +6662,7 @@ // is there a logln using printf? char buf[128]; - sprintf(buf, "%24s %3d %3d %3d", attrString(id), id, start, limit); + snprintf(buf, sizeof(buf), "%24s %3d %3d %3d", attrString(id), id, start, limit); logln(buf); for (int i = 0; i < tupleCount; ++i) { @@ -8291,7 +8291,7 @@ void NumberFormatTest::TestDoubleLimit11439() { char buf[50]; for (int64_t num = MAX_INT64_IN_DOUBLE-10; num<=MAX_INT64_IN_DOUBLE; num++) { - sprintf(buf, "%lld", (long long)num); + snprintf(buf, sizeof(buf), "%lld", (long long)num); double fNum = 0.0; sscanf(buf, "%lf", &fNum); int64_t rtNum = static_cast(fNum); @@ -8301,7 +8301,7 @@ } } for (int64_t num = -MAX_INT64_IN_DOUBLE+10; num>=-MAX_INT64_IN_DOUBLE; num--) { - sprintf(buf, "%lld", (long long)num); + snprintf(buf, sizeof(buf), "%lld", (long long)num); double fNum = 0.0; sscanf(buf, "%lf", &fNum); int64_t rtNum = static_cast(fNum); --- icu/source/test/intltest/numrgts.cpp.orig +++ icu/source/test/intltest/numrgts.cpp @@ -684,7 +684,7 @@ */ void NumberFormatRegressionTest::Test4090489 (void) { -// {sfb} sprintf doesn't correctly handle the double, so there is nothing +// {sfb} snprintf doesn't correctly handle the double, so there is nothing // that NumberFormat can do. For some reason, it does not format the last 1. /* UErrorCode status = U_ZERO_ERROR; @@ -778,7 +778,7 @@ } failure(status, "new DecimalFormat"); - // {sfb} going to cheat here and use sprintf ?? + // {sfb} going to cheat here and use snprintf ?? /*UnicodeString str = Long.toString(Long.MIN_VALUE); logln("Long.MIN_VALUE : " + df.parse(str, new ParsePosition(0)).toString()); @@ -1575,7 +1575,7 @@ df->format(n, temp, pos)); char buf [128]; - sprintf(buf, "%g", bigN); + snprintf(buf, sizeof(buf), "%g", bigN); //logln("expected: " + bigN.toString()); logln(UnicodeString("expected: ") + buf); @@ -2095,7 +2095,7 @@ void NumberFormatRegressionTest::Test4162198(void) { - // for some reason, DBL_MAX will not round trip. (bug in sprintf/atof) + // for some reason, DBL_MAX will not round trip. (bug in snprintf/atof) double dbl = INT32_MAX * 1000.0; UErrorCode status = U_ZERO_ERROR; NumberFormat *f = NumberFormat::createInstance(status); @@ -2747,7 +2747,7 @@ } UPRV_BLOCK_MACRO_END #define TEST_ASSERT_EQUALS(x,y) UPRV_BLOCK_MACRO_BEGIN { \ char _msg[1000]; \ - int32_t len = sprintf (_msg,"File %s, line %d: " #x "==" #y, __FILE__, __LINE__); \ + int32_t len = snprintf (_msg, sizeof(_msg), "File %s, line %d: " #x "==" #y, __FILE__, __LINE__); \ (void)len; \ U_ASSERT(len < (int32_t) sizeof(_msg)); \ assertEquals((const char*) _msg, x,y); \ --- icu/source/test/intltest/rbbiapts.cpp.orig +++ icu/source/test/intltest/rbbiapts.cpp @@ -27,7 +27,7 @@ #include "cmemory.h" #if !UCONFIG_NO_BREAK_ITERATION #include "unicode/filteredbrk.h" -#include // for sprintf +#include // for snprintf #endif /** * API Test the RuleBasedBreakIterator class @@ -1199,7 +1199,7 @@ out.remove(); for(int32_t i=0;i= 0x10000) { format = "\\U%08x"; } - sprintf(hexCodePoint, format.c_str(), c); + snprintf(hexCodePoint, sizeof(hexCodePoint), format.c_str(), c); // Get the class name and character name for the character. char cName[200]; @@ -4209,7 +4209,7 @@ u_charName(c, U_EXTENDED_CHAR_NAME, cName, sizeof(cName), &status); char buffer[200]; - auto ret = snprintf(buffer, UPRV_LENGTHOF(buffer), + auto ret = snprintf(buffer, sizeof(buffer), "%4s %3i : %1s %1s %10s %-*s %-40s %-40s", currentLineFlag.c_str(), ci, --- icu/source/test/intltest/regextst.cpp.orig +++ icu/source/test/intltest/regextst.cpp @@ -134,7 +134,7 @@ *bufPtr = c; } else { #if 0 - sprintf(bufPtr,"U+%04X", c); + snprintf(bufPtr, bufLen - (bufPtr-buf), "U+%04X", c); bufPtr+= strlen(bufPtr)-1; #else *bufPtr = '%'; @@ -170,7 +170,7 @@ ASSERT_BUF[0]=0; for(int32_t i=0;i)", nn); + snprintf(nnbuf, sizeof(nnbuf), "(?)", nn); pattern.append(UnicodeString(nnbuf, -1, US_INV)); } UErrorCode status = U_ZERO_ERROR; RegexPattern *pat = RegexPattern::compile(pattern, 0, status); REGEX_CHECK_STATUS; for (nn=1; nngroupNumberFromName(nnbuf, -1, status); REGEX_ASSERT(nn == groupNum); if (nn != groupNum) { @@ -5364,7 +5364,7 @@ pattern.remove(); for (nn=1; nn)", nn); + snprintf(nnbuf, sizeof(nnbuf), "(?)", nn); pattern.append(UnicodeString(nnbuf, -1, US_INV)); } status = U_ZERO_ERROR; --- icu/source/test/intltest/reldatefmttest.cpp.orig +++ icu/source/test/intltest/reldatefmttest.cpp @@ -1258,8 +1258,8 @@ UnicodeString expected(expectedResult.expected, -1, US_INV); expected = expected.unescape(); char buffer[256]; - sprintf( - buffer, + snprintf( + buffer, sizeof(buffer), "%s, %f, %s, %s", description, expectedResult.value, @@ -1287,8 +1287,8 @@ UnicodeString expected(expectedResult.expected, -1, US_INV); expected = expected.unescape(); char buffer[256]; - sprintf( - buffer, + snprintf( + buffer, sizeof(buffer), "%s, %f, %s", description, expectedResult.value, @@ -1310,8 +1310,8 @@ UnicodeString expected(expectedResult.expected, -1, US_INV); expected = expected.unescape(); char buffer[256]; - sprintf( - buffer, + snprintf( + buffer, sizeof(buffer), "%s, %s, %s", description, DirectionStr(expectedResult.direction), --- icu/source/test/intltest/srchtest.cpp.orig +++ icu/source/test/intltest/srchtest.cpp @@ -229,7 +229,7 @@ result[index ++] = (char)ch; } else { - sprintf(result+index, "\\u%04x", ch); + snprintf(result+index, sizeof(result)-index, "\\u%04x", ch); index += 6; /* \uxxxx */ } } --- icu/source/test/intltest/ssearch.cpp.orig +++ icu/source/test/intltest/ssearch.cpp @@ -28,7 +28,7 @@ #include "ssearch.h" #include "xmlparser.h" -#include // for sprintf +#include // for snprintf char testId[100]; @@ -524,7 +524,7 @@ return true; } -static char *printOffsets(char *buffer, OrderList &list) +static char *printOffsets(char *buffer, size_t n, OrderList &list) { int32_t size = list.size(); char *s = buffer; @@ -533,16 +533,16 @@ const Order *order = list.get(i); if (i != 0) { - s += sprintf(s, ", "); + s += snprintf(s, n, ", "); } - s += sprintf(s, "(%d, %d)", order->lowOffset, order->highOffset); + s += snprintf(s, n, "(%d, %d)", order->lowOffset, order->highOffset); } return buffer; } -static char *printOrders(char *buffer, OrderList &list) +static char *printOrders(char *buffer, size_t n, OrderList &list) { int32_t size = list.size(); char *s = buffer; @@ -551,10 +551,10 @@ const Order *order = list.get(i); if (i != 0) { - s += sprintf(s, ", "); + s += snprintf(s, n, ", "); } - s += sprintf(s, "%8.8X", order->order); + s += snprintf(s, n, "%8.8X", order->order); } return buffer; @@ -673,20 +673,20 @@ if (forwardList.compare(backwardList)) { logln("Works with \"%s\"", test[i]); - logln("Forward offsets: [%s]", printOffsets(buffer, forwardList)); -// logln("Backward offsets: [%s]", printOffsets(buffer, backwardList)); + logln("Forward offsets: [%s]", printOffsets(buffer, sizeof(buffer), forwardList)); +// logln("Backward offsets: [%s]", printOffsets(buffer, sizeof(buffer), backwardList)); - logln("Forward CEs: [%s]", printOrders(buffer, forwardList)); -// logln("Backward CEs: [%s]", printOrders(buffer, backwardList)); + logln("Forward CEs: [%s]", printOrders(buffer, sizeof(buffer), forwardList)); +// logln("Backward CEs: [%s]", printOrders(buffer, sizeof(buffer), backwardList)); logln(); } else { errln("Fails with \"%s\"", test[i]); - infoln("Forward offsets: [%s]", printOffsets(buffer, forwardList)); - infoln("Backward offsets: [%s]", printOffsets(buffer, backwardList)); + infoln("Forward offsets: [%s]", printOffsets(buffer, sizeof(buffer), forwardList)); + infoln("Backward offsets: [%s]", printOffsets(buffer, sizeof(buffer), backwardList)); - infoln("Forward CEs: [%s]", printOrders(buffer, forwardList)); - infoln("Backward CEs: [%s]", printOrders(buffer, backwardList)); + infoln("Forward CEs: [%s]", printOrders(buffer, sizeof(buffer), forwardList)); + infoln("Backward CEs: [%s]", printOrders(buffer, sizeof(buffer), backwardList)); infoln(); } @@ -711,9 +711,9 @@ char cbuffer[12]; if (ch <= 0xFFFFL) { - sprintf(cbuffer, "\\u%4.4X", ch); + snprintf(cbuffer, sizeof(cbuffer), "\\u%4.4X", ch); } else { - sprintf(cbuffer, "\\U%8.8X", ch); + snprintf(cbuffer, sizeof(cbuffer), "\\U%8.8X", ch); } buffer.append(cbuffer); --- icu/source/test/intltest/tmsgfmt.cpp.orig +++ icu/source/test/intltest/tmsgfmt.cpp @@ -226,7 +226,7 @@ break; case Formattable::kDouble : char convert[20]; - sprintf( convert, "%lf", obj.getDouble() ); + snprintf( convert, sizeof(convert), "%lf", obj.getDouble() ); stream << convert << "D"; break; case Formattable::kLong : @@ -1724,7 +1724,7 @@ if (len >= BUF2_LEN) { buf2[BUF2_LEN-1] = 0; } - sprintf(buf, "[%2d] test \"%s\": target (\"%s\") != result (\"%s\")\n", i/2, patterns[i], patterns[i+1], buf2); + snprintf(buf, sizeof(buf), "[%2d] test \"%s\": target (\"%s\") != result (\"%s\")\n", i/2, patterns[i], patterns[i+1], buf2); errln(buf); } } --- icu/source/test/intltest/transtst.cpp.orig +++ icu/source/test/intltest/transtst.cpp @@ -3523,11 +3523,11 @@ } } -char* Char32ToEscapedChars(UChar32 ch, char* buffer) { +char* Char32ToEscapedChars(UChar32 ch, char* buffer, size_t n) { if (ch <= 0xFFFF) { - sprintf(buffer, "\\u%04x", (int)ch); + snprintf(buffer, n, "\\u%04x", (int)ch); } else { - sprintf(buffer, "\\U%08x", (int)ch); + snprintf(buffer, n, "\\U%08x", (int)ch); } return buffer; } @@ -3542,9 +3542,9 @@ UnicodeString DEE(u_totitle(dee)); if (DEE != DESERET_DEE) { err("Fails titlecase of surrogates"); - err(Char32ToEscapedChars(dee, buffer)); + err(Char32ToEscapedChars(dee, buffer, sizeof(buffer))); err(", "); - errln(Char32ToEscapedChars(DEE.char32At(0), buffer)); + errln(Char32ToEscapedChars(DEE.char32At(0), buffer, sizeof(buffer))); } UnicodeString deeDEETest=DESERET_dee + DESERET_DEE; --- icu/source/test/intltest/uobjtest.cpp.orig +++ icu/source/test/intltest/uobjtest.cpp @@ -113,7 +113,7 @@ if(ids_count >= MAX_CLASS_ID) { char count[100]; - sprintf(count, " (currently %d) ", MAX_CLASS_ID); + snprintf(count, sizeof(count), " (currently %d) ", MAX_CLASS_ID); errln("FAIL: Fatal: Ran out of IDs! Increase MAX_CLASS_ID." + UnicodeString(count) + what); return obj; } @@ -124,7 +124,7 @@ { char tmp[500]; - sprintf(tmp, " [static=%p, dynamic=%p] ", staticID, dynamicID); + snprintf(tmp, sizeof(tmp), " [static=%p, dynamic=%p] ", staticID, dynamicID); logln(what + tmp); } @@ -182,7 +182,7 @@ { char tmp[500]; - sprintf(tmp, " [dynamic=%p] ", dynamicID); + snprintf(tmp, sizeof(tmp), " [dynamic=%p] ", dynamicID); logln(what + tmp); } @@ -497,7 +497,7 @@ int i; for(i=0;i1) { - sprintf(testNameLimit+10 /* strlen("bad_string") */, + snprintf(testNameLimit+10 /* strlen("bad_string") */, + sizeof(testName) - (testNameLimit+10-testName), "%%0x%3x", whichSpans[j]); } @@ -3803,7 +3804,8 @@ strcpy(testNameLimit, "contents"); for(j=0; j1) { - sprintf(testNameLimit+8 /* strlen("contents") */, + snprintf(testNameLimit+8 /* strlen("contents") */, + sizeof(testName) - (testNameLimit+8-testName), "%%0x%3x", whichSpans[j]); } @@ -3814,7 +3816,8 @@ strcpy(testNameLimit, "test_string"); for(j=0; j1) { - sprintf(testNameLimit+11 /* strlen("test_string") */, + snprintf(testNameLimit+11 /* strlen("test_string") */, + sizeof(testName) - (testNameLimit+11-testName), "%%0x%3x", whichSpans[j]); } --- icu/source/test/letest/gendata.cpp.orig +++ icu/source/test/letest/gendata.cpp @@ -109,7 +109,7 @@ bufp = 0; } - bufp += sprintf(&lineBuffer[bufp], "0x%8.8X, ", longs[i]); + bufp += snprintf(&lineBuffer[bufp], sizeof(lineBuffer) - bufp, "0x%8.8X, ", longs[i]); } if (bufp != 0) { @@ -132,7 +132,7 @@ bufp = 0; } - bufp += sprintf(&lineBuffer[bufp], "%f, ", floats[i]); + bufp += snprintf(&lineBuffer[bufp], sizeof(lineBuffer) - bufp, "%f, ", floats[i]); } if (bufp != 0) { --- icu/source/tools/ctestfw/tstdtmod.cpp.orig +++ icu/source/tools/ctestfw/tstdtmod.cpp @@ -41,7 +41,7 @@ char buffer[4000]; va_list ap; va_start(ap, fmt); - vsprintf(buffer, fmt, ap); + vsnprintf(buffer, sizeof(buffer), fmt, ap); va_end(ap); errlog(false, u"expected success", buffer); reset(); @@ -68,7 +68,7 @@ char buffer[4000]; va_list ap; va_start(ap, fmt); - vsprintf(buffer, fmt, ap); + vsnprintf(buffer, sizeof(buffer), fmt, ap); va_end(ap); errlog(true, u"data: expected success", buffer); reset(); @@ -93,7 +93,7 @@ char buffer[4000]; va_list ap; va_start(ap, fmt); - vsprintf(buffer, fmt, ap); + vsnprintf(buffer, sizeof(buffer), fmt, ap); va_end(ap); errlog(false, UnicodeString(u"expected: ") + u_errorName(expectedError), buffer); } --- icu/source/tools/escapesrc/escapesrc.cpp.orig +++ icu/source/tools/escapesrc/escapesrc.cpp @@ -113,7 +113,7 @@ void appendByte(std::string &outstr, uint8_t byte) { char tmp2[5]; - sprintf(tmp2, "\\x%02X", 0xFF & (int)(byte)); + snprintf(tmp2, sizeof(tmp2), "\\x%02X", 0xFF & (int)(byte)); outstr += tmp2; } @@ -296,9 +296,9 @@ char newSeq[20]; if( c <= 0xFFFF) { - sprintf(newSeq, "\\u%04X", c); + snprintf(newSeq, sizeof(newSeq), "\\u%04X", c); } else { - sprintf(newSeq, "\\U%08X", c); + snprintf(newSeq, sizeof(newSeq), "\\U%08X", c); } linestr.replace(pos, seqLen, newSeq); pos += strlen(newSeq) - 1; --- icu/source/tools/genbrk/genbrk.cpp.orig +++ icu/source/tools/genbrk/genbrk.cpp @@ -179,7 +179,7 @@ char msg[1024]; /* write message with just the name */ - sprintf(msg, "genbrk writes dummy %s because of UCONFIG_NO_BREAK_ITERATION and/or UCONFIG_NO_FILE_IO, see uconfig.h", outFileName); + snprintf(msg, sizeof(msg), "genbrk writes dummy %s because of UCONFIG_NO_BREAK_ITERATION and/or UCONFIG_NO_FILE_IO, see uconfig.h", outFileName); fprintf(stderr, "%s\n", msg); /* write the dummy data file */ --- icu/source/tools/gencfu/gencfu.cpp.orig +++ icu/source/tools/gencfu/gencfu.cpp @@ -193,7 +193,7 @@ char msg[1024]; /* write message with just the name */ - sprintf(msg, "gencfu writes dummy %s because of UCONFIG_NO_REGULAR_EXPRESSIONS and/or UCONFIG_NO_NORMALIZATION and/or UCONFIG_NO_FILE_IO, see uconfig.h", outFileName); + snprintf(msg, sizeof(msg), "gencfu writes dummy %s because of UCONFIG_NO_REGULAR_EXPRESSIONS and/or UCONFIG_NO_NORMALIZATION and/or UCONFIG_NO_FILE_IO, see uconfig.h", outFileName); fprintf(stderr, "%s\n", msg); /* write the dummy data file */ --- icu/source/tools/gendict/gendict.cpp.orig +++ icu/source/tools/gendict/gendict.cpp @@ -301,7 +301,7 @@ UErrorCode tempstatus = U_ZERO_ERROR; /* write message with just the name */ // potential for a buffer overflow here... - sprintf(msg, "gendict writes dummy %s because of UCONFIG_NO_BREAK_ITERATION and/or UCONFIG_NO_FILE_IO, see uconfig.h", outFileName); + snprintf(msg, sizeof(msg), "gendict writes dummy %s because of UCONFIG_NO_BREAK_ITERATION and/or UCONFIG_NO_FILE_IO, see uconfig.h", outFileName); fprintf(stderr, "%s\n", msg); /* write the dummy data file */ --- icu/source/tools/gennorm2/n2builder.cpp.orig +++ icu/source/tools/gennorm2/n2builder.cpp @@ -828,18 +828,18 @@ fputs("#ifdef INCLUDED_FROM_NORMALIZER2_CPP\n\n", f); char line[100]; - sprintf(line, "static const UVersionInfo %s_formatVersion={", name); + snprintf(line, sizeof(line), "static const UVersionInfo %s_formatVersion={", name); usrc_writeArray(f, line, dataInfo.formatVersion, 8, 4, "", "};\n"); - sprintf(line, "static const UVersionInfo %s_dataVersion={", name); + snprintf(line, sizeof(line), "static const UVersionInfo %s_dataVersion={", name); usrc_writeArray(f, line, dataInfo.dataVersion, 8, 4, "", "};\n\n"); - sprintf(line, "static const int32_t %s_indexes[Normalizer2Impl::IX_COUNT]={\n", name); + snprintf(line, sizeof(line), "static const int32_t %s_indexes[Normalizer2Impl::IX_COUNT]={\n", name); usrc_writeArray(f, line, indexes, 32, Normalizer2Impl::IX_COUNT, "", "\n};\n\n"); usrc_writeUCPTrie(f, name, norm16Trie.getAlias(), UPRV_TARGET_SYNTAX_CCODE); - sprintf(line, "static const uint16_t %s_extraData[%%ld]={\n", name); + snprintf(line, sizeof(line), "static const uint16_t %s_extraData[%%ld]={\n", name); usrc_writeArray(f, line, extraData.getBuffer(), 16, extraData.length(), "", "\n};\n\n"); - sprintf(line, "static const uint8_t %s_smallFCD[%%ld]={\n", name); + snprintf(line, sizeof(line), "static const uint8_t %s_smallFCD[%%ld]={\n", name); usrc_writeArray(f, line, smallFCD, 8, sizeof(smallFCD), "", "\n};\n\n"); fputs("#endif // INCLUDED_FROM_NORMALIZER2_CPP\n", f); --- icu/source/tools/genrb/derb.cpp.orig +++ icu/source/tools/genrb/derb.cpp @@ -391,7 +391,7 @@ if(opt_truncate && len > truncsize) { char msg[128]; printIndent(out, indent); - sprintf(msg, "// WARNING: this resource, size %li is truncated to %li\n", + snprintf(msg, sizeof(msg), "// WARNING: this resource, size %li is truncated to %li\n", (long)len, (long)truncsize/2); printCString(out, msg, -1); len = truncsize; @@ -435,7 +435,7 @@ if(opt_truncate && len > truncsize) { char msg[128]; printIndent(out, indent); - sprintf(msg, "// WARNING: this resource, size %li is truncated to %li\n", + snprintf(msg, sizeof(msg), "// WARNING: this resource, size %li is truncated to %li\n", (long)len, (long)(truncsize/2)); printCString(out, msg, -1); len = truncsize/2; @@ -494,7 +494,7 @@ if(opt_truncate && len > truncsize) { char msg[128]; printIndent(out, indent); - sprintf(msg, "// WARNING: this resource, size %li is truncated to %li\n", + snprintf(msg, sizeof(msg), "// WARNING: this resource, size %li is truncated to %li\n", (long)len, (long)(truncsize/2)); printCString(out, msg, -1); len = truncsize; --- icu/source/tools/genrb/parse.cpp.orig +++ icu/source/tools/genrb/parse.cpp @@ -795,7 +795,7 @@ // Quick-and-dirty escaping function. // Assumes that we are on an ASCII-based platform. static void -escape(const UChar *s, char *buffer) { +escape(const UChar *s, char *buffer, size_t n) { int32_t length = u_strlen(s); int32_t i = 0; for (;;) { @@ -808,7 +808,7 @@ // printable ASCII *buffer++ = (char)c; // assumes ASCII-based platform } else { - buffer += sprintf(buffer, "\\u%04X", (int)c); + buffer += snprintf(buffer, n, "\\u%04X", (int)c); } } } @@ -1302,8 +1302,8 @@ if(parseError.preContext[0] != 0 || parseError.postContext[0] != 0) { // Print pre- and post-context. char preBuffer[100], postBuffer[100]; - escape(parseError.preContext, preBuffer); - escape(parseError.postContext, postBuffer); + escape(parseError.preContext, preBuffer, sizeof(preBuffer)); + escape(parseError.postContext, postBuffer, sizeof(postBuffer)); error(line, " error context: \"...%s\" ! \"%s...\"", preBuffer, postBuffer); } if(isStrict() || t.isNull()) { --- icu/source/tools/genrb/wrtjava.cpp.orig +++ icu/source/tools/genrb/wrtjava.cpp @@ -470,11 +470,11 @@ if (byteArray[byteIterator] < 128) { - sprintf(byteBuffer, byteDecl, byteArray[byteIterator]); + snprintf(byteBuffer, sizeof(byteBuffer), byteDecl, byteArray[byteIterator]); } else { - sprintf(byteBuffer, byteDecl, (byteArray[byteIterator]-256)); + snprintf(byteBuffer, sizeof(byteBuffer), byteDecl, (byteArray[byteIterator]-256)); } T_FileStream_write(out, byteBuffer, (int32_t)uprv_strlen(byteBuffer)); --- icu/source/tools/pkgdata/pkgdata.cpp.orig +++ icu/source/tools/pkgdata/pkgdata.cpp @@ -528,16 +528,19 @@ if (!specialHandling) { #if defined(USING_CYGWIN) || U_PLATFORM == U_PF_MINGW || U_PLATFORM == U_PF_OS400 + int32_t buff_len; if ((len + BUFFER_PADDING_SIZE) >= SMALL_BUFFER_MAX_SIZE) { cmd = (char *)uprv_malloc(len + BUFFER_PADDING_SIZE); + buff_len = len + BUFFER_PADDING_SIZE; } else { cmd = cmdBuffer; + buff_len = SMALL_BUFFER_MAX_SIZE; } #if defined(USING_CYGWIN) || U_PLATFORM == U_PF_MINGW - sprintf(cmd, "bash -c \"%s\"", command); + snprintf(cmd, buff_len, "bash -c \"%s\"", command); #elif U_PLATFORM == U_PF_OS400 - sprintf(cmd, "QSH CMD('%s')", command); + snprintf(cmd, buff_len "QSH CMD('%s')", command); #endif #else goto normal_command_mode; @@ -689,7 +692,7 @@ if ((o->version!=NULL || IN_STATIC_MODE(mode)) && o->rebuild == false && o->pdsbuild == false) { /* Check to see if a previous built data library file exists and check if it is the latest. */ - sprintf(checkLibFile, "%s%s", targetDir, libFileNames[LIB_FILE_VERSION]); + snprintf(checkLibFile, sizeof(checkLibFile), "%s%s", targetDir, libFileNames[LIB_FILE_VERSION]); if (T_FileStream_file_exists(checkLibFile)) { if (isFileModTimeLater(checkLibFile, o->srcDir, true) && isFileModTimeLater(checkLibFile, o->options)) { if (o->install != NULL) { @@ -926,15 +929,15 @@ #if U_PLATFORM == U_PF_MINGW /* MinGW does not need the library prefix when building in dll mode. */ if (IN_DLL_MODE(mode)) { - sprintf(libFileNames[LIB_FILE], "%s", libName); + snprintf(libFileNames[LIB_FILE], sizeof(libFileNames[LIB_FILE]), "%s", libName); } else { - sprintf(libFileNames[LIB_FILE], "%s%s%s", + snprintf(libFileNames[LIB_FILE], sizeof(libFileNames[LIB_FILE]), "%s%s%s", (strstr(libName, "icudt") ? "lib" : ""), pkgDataFlags[LIBPREFIX], libName); } #else - sprintf(libFileNames[LIB_FILE], "%s%s", + snprintf(libFileNames[LIB_FILE], sizeof(libFileNames[LIB_FILE]), "%s%s", pkgDataFlags[LIBPREFIX], libName); #endif @@ -945,13 +948,13 @@ #if U_PLATFORM == U_PF_MINGW // Name the import library lib*.dll.a - sprintf(libFileNames[LIB_FILE_MINGW], "lib%s.dll.a", libName); + snprintf(libFileNames[LIB_FILE_MINGW], sizeof(libFileNames[LIB_FILE_MINGW]), "lib%s.dll.a", libName); #elif U_PLATFORM == U_PF_CYGWIN - sprintf(libFileNames[LIB_FILE_CYGWIN], "cyg%s%s%s", + snprintf(libFileNames[LIB_FILE_CYGWIN], sizeof(libFileNames[LIB_FILE_CYGWIN]), "cyg%s%s%s", libName, FILE_EXTENSION_SEP, pkgDataFlags[SO_EXT]); - sprintf(libFileNames[LIB_FILE_CYGWIN_VERSION], "cyg%s%s%s%s", + snprintf(libFileNames[LIB_FILE_CYGWIN_VERSION], sizeof(libFileNames[LIB_FILE_CYGWIN_VERSION]), "cyg%s%s%s%s", libName, version_major, FILE_EXTENSION_SEP, @@ -960,32 +963,32 @@ uprv_strcat(pkgDataFlags[SO_EXT], "."); uprv_strcat(pkgDataFlags[SO_EXT], pkgDataFlags[A_EXT]); #elif U_PLATFORM == U_PF_OS400 || defined(_AIX) - sprintf(libFileNames[LIB_FILE_VERSION_TMP], "%s%s%s", + snprintf(libFileNames[LIB_FILE_VERSION_TMP], sizeof(libFileNames[LIB_FILE_VERSION_TMP]), "%s%s%s", libFileNames[LIB_FILE], FILE_EXTENSION_SEP, pkgDataFlags[SOBJ_EXT]); #elif U_PLATFORM == U_PF_OS390 - sprintf(libFileNames[LIB_FILE_VERSION_TMP], "%s%s%s%s%s", + snprintf(libFileNames[LIB_FILE_VERSION_TMP], sizeof(libFileNames[LIB_FILE_VERSION_TMP]), "%s%s%s%s%s", libFileNames[LIB_FILE], pkgDataFlags[LIB_EXT_ORDER][0] == '.' ? "." : "", reverseExt ? version : pkgDataFlags[SOBJ_EXT], FILE_EXTENSION_SEP, reverseExt ? pkgDataFlags[SOBJ_EXT] : version); - sprintf(libFileNames[LIB_FILE_OS390BATCH_VERSION], "%s%s.x", + snprintf(libFileNames[LIB_FILE_OS390BATCH_VERSION], sizeof(libFileNames[LIB_FILE_OS390BATCH_VERSION]), "%s%s.x", libFileNames[LIB_FILE], version); - sprintf(libFileNames[LIB_FILE_OS390BATCH_MAJOR], "%s%s.x", + snprintf(libFileNames[LIB_FILE_OS390BATCH_MAJOR], sizeof(libFileNames[LIB_FILE_OS390BATCH_MAJOR]), "%s%s.x", libFileNames[LIB_FILE], version_major); #else if (noVersion && !reverseExt) { - sprintf(libFileNames[LIB_FILE_VERSION_TMP], "%s%s%s", + snprintf(libFileNames[LIB_FILE_VERSION_TMP], sizeof(libFileNames[LIB_FILE_VERSION_TMP]), "%s%s%s", libFileNames[LIB_FILE], FILE_SUFFIX, pkgDataFlags[SOBJ_EXT]); } else { - sprintf(libFileNames[LIB_FILE_VERSION_TMP], "%s%s%s%s%s", + snprintf(libFileNames[LIB_FILE_VERSION_TMP], sizeof(libFileNames[LIB_FILE_VERSION_TMP]), "%s%s%s%s%s", libFileNames[LIB_FILE], FILE_SUFFIX, reverseExt ? version : pkgDataFlags[SOBJ_EXT], @@ -994,24 +997,24 @@ } #endif if (noVersion && !reverseExt) { - sprintf(libFileNames[LIB_FILE_VERSION_MAJOR], "%s%s%s", + snprintf(libFileNames[LIB_FILE_VERSION_MAJOR], sizeof(libFileNames[LIB_FILE_VERSION_TMP]), "%s%s%s", libFileNames[LIB_FILE], FILE_SUFFIX, pkgDataFlags[SO_EXT]); - sprintf(libFileNames[LIB_FILE_VERSION], "%s%s%s", + snprintf(libFileNames[LIB_FILE_VERSION], sizeof(libFileNames[LIB_FILE_VERSION]), "%s%s%s", libFileNames[LIB_FILE], FILE_SUFFIX, pkgDataFlags[SO_EXT]); } else { - sprintf(libFileNames[LIB_FILE_VERSION_MAJOR], "%s%s%s%s%s", + snprintf(libFileNames[LIB_FILE_VERSION_MAJOR], sizeof(libFileNames[LIB_FILE_VERSION_MAJOR]), "%s%s%s%s%s", libFileNames[LIB_FILE], FILE_SUFFIX, reverseExt ? version_major : pkgDataFlags[SO_EXT], FILE_EXTENSION_SEP, reverseExt ? pkgDataFlags[SO_EXT] : version_major); - sprintf(libFileNames[LIB_FILE_VERSION], "%s%s%s%s%s", + snprintf(libFileNames[LIB_FILE_VERSION], sizeof(libFileNames[LIB_FILE_VERSION]), "%s%s%s%s%s", libFileNames[LIB_FILE], FILE_SUFFIX, reverseExt ? version : pkgDataFlags[SO_EXT], @@ -1029,7 +1032,7 @@ #endif if(IN_STATIC_MODE(mode)) { - sprintf(libFileNames[LIB_FILE_VERSION], "%s.%s", libFileNames[LIB_FILE], pkgDataFlags[A_EXT]); + snprintf(libFileNames[LIB_FILE_VERSION], sizeof(libFileNames[LIB_FILE_VERSION]), "%s.%s", libFileNames[LIB_FILE], pkgDataFlags[A_EXT]); libFileNames[LIB_FILE_VERSION_MAJOR][0]=0; if(o->verbose) { fprintf(stdout, "# libFileName[LIB_FILE_VERSION] = %s (static)\n", libFileNames[LIB_FILE_VERSION]); @@ -1052,7 +1055,7 @@ return result; } - sprintf(cmd, "cd %s && %s %s && %s %s %s", + snprintf(cmd, sizeof(cmd), "cd %s && %s %s && %s %s %s", targetDir, RM_CMD, libFileNames[LIB_FILE_VERSION_MAJOR], @@ -1068,14 +1071,14 @@ if (specialHandling) { #if U_PLATFORM == U_PF_CYGWIN - sprintf(name1, "%s", libFileNames[LIB_FILE_CYGWIN]); - sprintf(name2, "%s", libFileNames[LIB_FILE_CYGWIN_VERSION]); + snprintf(name1, sizeof(name1), "%s", libFileNames[LIB_FILE_CYGWIN]); + snprintf(name2, sizeof(name2), "%s", libFileNames[LIB_FILE_CYGWIN_VERSION]); #elif U_PLATFORM == U_PF_OS390 /* Create the symbolic links for the import data */ /* Use the cmd buffer to store path to import data file to check its existence */ - sprintf(cmd, "%s/%s", targetDir, libFileNames[LIB_FILE_OS390BATCH_VERSION]); + snprintf(cmd, sizeof(cmd), "%s/%s", targetDir, libFileNames[LIB_FILE_OS390BATCH_VERSION]); if (T_FileStream_file_exists(cmd)) { - sprintf(cmd, "cd %s && %s %s && %s %s %s", + snprintf(cmd, sizeof(cmd), "cd %s && %s %s && %s %s %s", targetDir, RM_CMD, libFileNames[LIB_FILE_OS390BATCH_MAJOR], @@ -1088,7 +1091,7 @@ return result; } - sprintf(cmd, "cd %s && %s %s.x && %s %s %s.x", + snprintf(cmd, sizeof(cmd), "cd %s && %s %s.x && %s %s %s.x", targetDir, RM_CMD, libFileNames[LIB_FILE], @@ -1103,8 +1106,8 @@ } /* Needs to be set here because special handling skips it */ - sprintf(name1, "%s%s%s", libFileNames[LIB_FILE], FILE_EXTENSION_SEP, pkgDataFlags[SO_EXT]); - sprintf(name2, "%s", libFileNames[LIB_FILE_VERSION]); + snprintf(name1, sizeof(name1), "%s%s%s", libFileNames[LIB_FILE], FILE_EXTENSION_SEP, pkgDataFlags[SO_EXT]); + snprintf(name2, sizeof(name2), "%s", libFileNames[LIB_FILE_VERSION]); #else goto normal_symlink_mode; #endif @@ -1112,11 +1115,11 @@ #if U_PLATFORM != U_PF_CYGWIN normal_symlink_mode: #endif - sprintf(name1, "%s%s%s", libFileNames[LIB_FILE], FILE_EXTENSION_SEP, pkgDataFlags[SO_EXT]); - sprintf(name2, "%s", libFileNames[LIB_FILE_VERSION]); + snprintf(name1, sizeof(name1), "%s%s%s", libFileNames[LIB_FILE], FILE_EXTENSION_SEP, pkgDataFlags[SO_EXT]); + snprintf(name2, sizeof(name2), "%s", libFileNames[LIB_FILE_VERSION]); } - sprintf(cmd, "cd %s && %s %s && %s %s %s", + snprintf(cmd, sizeof(cmd), "cd %s && %s %s && %s %s %s", targetDir, RM_CMD, name1, @@ -1134,7 +1137,7 @@ char cmd[SMALL_BUFFER_MAX_SIZE]; auto ret = snprintf(cmd, - SMALL_BUFFER_MAX_SIZE, + sizeof(cmd), "cd %s && %s %s %s%s%s", targetDir, pkgDataFlags[INSTALL_CMD], @@ -1151,7 +1154,7 @@ } #ifdef CYGWINMSVC - sprintf(cmd, "cd %s && %s %s.lib %s", + snprintf(cmd, sizeof(cmd), "cd %s && %s %s.lib %s", targetDir, pkgDataFlags[INSTALL_CMD], libFileNames[LIB_FILE], @@ -1164,7 +1167,7 @@ return result; } #elif U_PLATFORM == U_PF_CYGWIN - sprintf(cmd, "cd %s && %s %s %s", + snprintf(cmd, sizeof(cmd), "cd %s && %s %s %s", targetDir, pkgDataFlags[INSTALL_CMD], libFileNames[LIB_FILE_CYGWIN_VERSION], @@ -1179,7 +1182,7 @@ #elif U_PLATFORM == U_PF_OS390 if (T_FileStream_file_exists(libFileNames[LIB_FILE_OS390BATCH_VERSION])) { - sprintf(cmd, "%s %s %s", + snprintf(cmd, sizeof(cmd), "%s %s %s", pkgDataFlags[INSTALL_CMD], libFileNames[LIB_FILE_OS390BATCH_VERSION], installDir @@ -1214,9 +1217,9 @@ } } #ifndef U_WINDOWS_WITH_MSVC - sprintf(cmd, "%s %s %s", pkgDataFlags[INSTALL_CMD], fileName, installDir); + snprintf(cmd, sizeof(cmd), "%s %s %s", pkgDataFlags[INSTALL_CMD], fileName, installDir); #else - sprintf(cmd, "%s %s %s %s", WIN_INSTALL_CMD, fileName, installDir, WIN_INSTALL_CMD_FLAGS); + snprintf(cmd, sizeof(cmd), "%s %s %s %s", WIN_INSTALL_CMD, fileName, installDir, WIN_INSTALL_CMD_FLAGS); #endif result = runCommand(cmd); @@ -1260,7 +1263,7 @@ } auto ret = snprintf(cmd, - SMALL_BUFFER_MAX_SIZE, + sizeof(cmd), "%s %s%s%s %s%s%s", pkgDataFlags[INSTALL_CMD], srcDir, PKGDATA_FILE_SEP_STRING, buffer, @@ -1287,7 +1290,7 @@ fprintf(stderr, "Unable to open list file: %s\n", fileListName); } #else - sprintf(cmd, "%s %s %s %s", WIN_INSTALL_CMD, srcDir, installDir, WIN_INSTALL_CMD_FLAGS); + snprintf(cmd, sizeof(cmd), "%s %s %s %s", WIN_INSTALL_CMD, srcDir, installDir, WIN_INSTALL_CMD_FLAGS); result = runCommand(cmd); if (result != 0) { fprintf(stderr, "Failed to install data file with command: %s\n", cmd); @@ -1308,13 +1311,13 @@ * archive file suffix is the same, then the final library needs to be archived. */ if (uprv_strcmp(pkgDataFlags[SOBJ_EXT], pkgDataFlags[SO_EXT]) != 0 && uprv_strcmp(pkgDataFlags[A_EXT], pkgDataFlags[SO_EXT]) == 0) { - sprintf(libFileNames[LIB_FILE_VERSION], "%s%s%s.%s", + snprintf(libFileNames[LIB_FILE_VERSION], sizeof(libFileNames[LIB_FILE_VERSION]), "%s%s%s.%s", libFileNames[LIB_FILE], pkgDataFlags[LIB_EXT_ORDER][0] == '.' ? "." : "", reverseExt ? version : pkgDataFlags[SO_EXT], reverseExt ? pkgDataFlags[SO_EXT] : version); - sprintf(cmd, "%s %s %s%s %s%s", + snprintf(cmd, sizeof(cmd), "%s %s %s%s %s%s", pkgDataFlags[AR], pkgDataFlags[ARFLAGS], targetDir, @@ -1328,7 +1331,7 @@ return result; } - sprintf(cmd, "%s %s%s", + snprintf(cmd, sizeof(cmd), "%s %s%s", pkgDataFlags[RANLIB], targetDir, libFileNames[LIB_FILE_VERSION]); @@ -1340,7 +1343,7 @@ } /* Remove unneeded library file. */ - sprintf(cmd, "%s %s%s", + snprintf(cmd, sizeof(cmd), "%s %s%s", RM_CMD, targetDir, libFileNames[LIB_FILE_VERSION_TMP]); @@ -1554,7 +1557,7 @@ } /* Generate the object file. */ - sprintf(cmd.getAlias(), "%s %s -o %s %s", + snprintf(cmd.getAlias(), length, "%s %s -o %s %s", pkgDataFlags[COMPILER], pkgDataFlags[LIBFLAGS], tempObjectFile, @@ -1614,7 +1617,7 @@ char icudtAll[SMALL_BUFFER_MAX_SIZE] = ""; FileStream *icudtAllFile = NULL; - sprintf(icudtAll, "%s%s%sall.c", + snprintf(icudtAll, sizeof(icudtAll), "%s%s%sall.c", o->tmpDir, PKGDATA_FILE_SEP_STRING, libFileNames[LIB_FILE]); @@ -1699,14 +1702,14 @@ } } auto ret = snprintf(newName, - SMALL_BUFFER_MAX_SIZE, + sizeof(newName), "%s_%s", DATA_PREFIX[n], newNameTmp); (void)ret; U_ASSERT(0 <= ret && ret < SMALL_BUFFER_MAX_SIZE); ret = snprintf(dataName, - SMALL_BUFFER_MAX_SIZE, + sizeof(dataName), "%s_%s", o->shortName, DATA_PREFIX[n]); @@ -1819,14 +1822,14 @@ char staticLibFilePath[SMALL_BUFFER_MAX_SIZE] = ""; #ifdef CYGWINMSVC - sprintf(staticLibFilePath, "%s%s%s%s%s", + snprintf(staticLibFilePath, sizeof(staticLibFilePath), "%s%s%s%s%s", o->targetDir, PKGDATA_FILE_SEP_STRING, pkgDataFlags[LIBPREFIX], o->libName, LIB_EXT); #else - sprintf(staticLibFilePath, "%s%s%s%s%s", + snprintf(staticLibFilePath, sizeof(staticLibFilePath), "%s%s%s%s%s", o->targetDir, PKGDATA_FILE_SEP_STRING, (strstr(o->libName, "icudt") ? "s" : ""), @@ -1834,7 +1837,7 @@ LIB_EXT); #endif - sprintf(cmd, "%s\"%s\" \"%s\"", + snprintf(cmd, sizeof(cmd), "%s\"%s\" \"%s\"", LIB_CMD, staticLibFilePath, gencFilePath); @@ -1874,7 +1877,7 @@ uprv_strcat(tmpResFilePath, ICUDATA_RES_FILE); if (T_FileStream_file_exists(tmpResFilePath)) { - sprintf(resFilePath, "\"%s\"", tmpResFilePath); + snprintf(resFilePath, sizeof(resFilePath), "\"%s\"", tmpResFilePath); } /* Check if dll file and lib file exists and that it is not newer than genc file. */ @@ -1904,7 +1907,7 @@ } #endif - sprintf(cmd, "%s\"%s\" %s %s\"%s\" \"%s\" %s", + snprintf(cmd, sizeof(cmd), "%s\"%s\" %s %s\"%s\" \"%s\" %s", LINK_CMD, dllFilePath, extraFlags, @@ -2016,7 +2019,7 @@ fprintf(stderr,"Unable to create map file: %s.\n", mapFile); return NULL; } else { - sprintf(tmpbuffer, "%s%s ", o->entryName, UDATA_CMN_INTERMEDIATE_SUFFIX); + snprintf(tmpbuffer, sizeof(tmpbuffer), "%s%s ", o->entryName, UDATA_CMN_INTERMEDIATE_SUFFIX); T_FileStream_writeLine(f, tmpbuffer); @@ -2261,7 +2264,7 @@ T_FileStream_close(stream); char cmd[LARGE_BUFFER_MAX_SIZE]; - sprintf(cmd, "%s %s -o %s", + snprintf(cmd, sizeof(cmd), "%s %s -o %s", pkgDataFlags[COMPILER], source, obj); --- icu/source/tools/toolutil/pkg_genc.cpp.orig +++ icu/source/tools/toolutil/pkg_genc.cpp @@ -641,9 +641,9 @@ char s[8]; if (byte > 7) - sprintf(s, "\\x%X", byte); + snprintf(s, sizeof(s), "\\x%X", byte); else - sprintf(s, "\\%X", byte); + snprintf(s, sizeof(s), "\\%X", byte); /* write the value, possibly with comma and newline */ if(column==MAX_COLUMN) { --- icu/source/tools/toolutil/pkg_gencmn.cpp.orig +++ icu/source/tools/toolutil/pkg_gencmn.cpp @@ -338,7 +338,7 @@ } /* write the source file */ - sprintf(buffer, + snprintf(buffer, sizeof(buffer), "/*\n" " * ICU common data table of contents for %s.%s\n" " * Automatically generated by icu/source/tools/gencmn/gencmn .\n" @@ -350,16 +350,16 @@ name, type, fileCount); T_FileStream_writeLine(out, buffer); - sprintf(buffer, "extern const char\n %s%s[]", symPrefix?symPrefix:"", files[0].pathname); + snprintf(buffer, sizeof(buffer), "extern const char\n %s%s[]", symPrefix?symPrefix:"", files[0].pathname); T_FileStream_writeLine(out, buffer); for(i=1; i