Switched away from sprintf, which is prone to buffer overflows.

jacobsa · jacobsa · commit 42d918b7aa35 · 2013-08-06T23:12:56.000Z
Most reasonable platforms have this function. If you're here because
this broke the build for you, consider adding an ifdef for your platform
and using sprintf there (but not on other platforms).
diff --git a/src/lib_json/json_reader.cpp b/src/lib_json/json_reader.cpp
@@ -868,7 +868,7 @@ Reader::getLocationLineAndColumn( Location location ) const
    int line, column;
    getLocationLineAndColumn( location, line, column );
    char buffer[18+16+16+1];
-   sprintf( buffer, "Line %d, Column %d", line, column );
+   snprintf(buffer, sizeof(buffer), "Line %d, Column %d", line, column);
    return buffer;
 }
 
diff --git a/src/lib_json/json_writer.cpp b/src/lib_json/json_writer.cpp
@@ -77,7 +77,7 @@ std::string valueToString( double value )
 #if defined(_MSC_VER) && defined(__STDC_SECURE_LIB__) // Use secure version with visual studio 2005 to avoid warning. 
    sprintf_s(buffer, sizeof(buffer), "%#.16g", value); 
 #else	
-   sprintf(buffer, "%#.16g", value); 
+   snprintf(buffer, sizeof(buffer), "%#.16g", value);
 #endif
    char* ch = buffer + strlen(buffer) - 1;
    if (*ch != '0') return buffer; // nothing to truncate, so save time

Original file line number	Diff line number	Diff line change
`@@ -868,7 +868,7 @@ Reader::getLocationLineAndColumn( Location location ) const`
`868`	`868`	`int line, column;`
`869`	`869`	`getLocationLineAndColumn( location, line, column );`
`870`	`870`	`char buffer[18+16+16+1];`
`871`		`- sprintf( buffer, "Line %d, Column %d", line, column );`
	`871`	`+ snprintf(buffer, sizeof(buffer), "Line %d, Column %d", line, column);`
`872`	`872`	`return buffer;`
`873`	`873`	`}`
`874`	`874`