Source: Replace uses of sprintf with safer snprintf

Source/CursesDialog/cmCursesLongMessageForm.cxx

@@ -84,7 +84,7 @@ void cmCursesLongMessageForm::UpdateStatusBar()
   for (size_t i = 0; i < sideSpace; i++) {
     version[i] = ' ';
   }
-  sprintf(version + sideSpace, "%s", vertmp);
+  snprintf(version + sideSpace, sizeof(version) - sideSpace, "%s", vertmp);
   version[width] = '\0';
 
   char fmt_s[] = "%s";

Source/CursesDialog/form/fty_int.c

@@ -117,7 +117,7 @@ static bool Check_Integer_Field(FIELD * field, const void * argp)
 	    {
 	      if (val<low || val>high) return FALSE;
 	    }
-	  sprintf(buf,"%.*ld",(prec>0?prec:0),val);
+	  snprintf(buf,sizeof(buf),"%.*ld",(prec>0?prec:0),val);
 	  set_field_buffer(field,0,buf);
 	  return TRUE;
 	}

Source/CursesDialog/form/fty_num.c

@@ -140,7 +140,7 @@ static bool Check_Numeric_Field(FIELD * field, const void * argp)
 	    {
 	      if (val<low || val>high) return FALSE;
 	    }
-	  sprintf(buf,"%.*f",(prec>0?prec:0),val);
+	  snprintf(buf,sizeof(buf),"%.*f",(prec>0?prec:0),val);
 	  set_field_buffer(field,0,buf);
 	  return TRUE;
 	}

Source/cmFindPackageCommand.cxx

@@ -822,13 +822,13 @@ void cmFindPackageCommand::SetVersionVariables(
   char buf[64];
   snprintf(buf, sizeof(buf), "%u", major);
   addDefinition(prefix + "_MAJOR", buf);
-  sprintf(buf, "%u", minor);
+  snprintf(buf, sizeof(buf), "%u", minor);
   addDefinition(prefix + "_MINOR", buf);
-  sprintf(buf, "%u", patch);
+  snprintf(buf, sizeof(buf), "%u", patch);
   addDefinition(prefix + "_PATCH", buf);
-  sprintf(buf, "%u", tweak);
+  snprintf(buf, sizeof(buf), "%u", tweak);
   addDefinition(prefix + "_TWEAK", buf);
-  sprintf(buf, "%u", count);
+  snprintf(buf, sizeof(buf), "%u", count);
   addDefinition(prefix + "_COUNT", buf);
 }
 

Source/cmStringCommand.cxx

@@ -143,7 +143,8 @@ bool HandleHexCommand(std::vector<std::string> const& args,
 
   std::string::size_type hexIndex = 0;
   for (auto const& c : instr) {
-    sprintf(&output[hexIndex], "%.2x", static_cast<unsigned char>(c) & 0xFF);
+    snprintf(&output[hexIndex], 3, "%.2x",
+             static_cast<unsigned char>(c) & 0xFF);
     hexIndex += 2;
   }
 

Source/cmSystemTools.cxx

@@ -1218,7 +1218,7 @@ std::string cmSystemTools::ComputeCertificateThumbprint(
                       certContext, CERT_HASH_PROP_ID, hashData, &hashLength)) {
                   for (DWORD i = 0; i < hashLength; i++) {
                     // Convert each byte to hexadecimal
-                    sprintf(pHashPrint, "%02X", hashData[i]);
+                    snprintf(pHashPrint, 3, "%02X", hashData[i]);
                     pHashPrint += 2;
                   }
                   *pHashPrint = '\0';

Tests/LoadCommand/CMakeCommands/cmTestCommand.c

@@ -75,10 +75,10 @@ static int CCONV InitialPass(void* inf, void* mf, int argc, char* argv[])
   info->CAPI->DisplaySatus(mf, info->CAPI->GetStartOutputDirectory(mf));
   info->CAPI->DisplaySatus(mf, info->CAPI->GetCurrentDirectory(mf));
   info->CAPI->DisplaySatus(mf, info->CAPI->GetCurrentOutputDirectory(mf));
-  sprintf(buffer, "Cache version: %d.%d, CMake version: %d.%d",
-          info->CAPI->GetCacheMajorVersion(mf),
-          info->CAPI->GetCacheMinorVersion(mf),
-          info->CAPI->GetMajorVersion(mf), info->CAPI->GetMinorVersion(mf));
+  snprintf(
+    buffer, sizeof(buffer), "Cache version: %d.%d, CMake version: %d.%d",
+    info->CAPI->GetCacheMajorVersion(mf), info->CAPI->GetCacheMinorVersion(mf),
+    info->CAPI->GetMajorVersion(mf), info->CAPI->GetMinorVersion(mf));
   info->CAPI->DisplaySatus(mf, buffer);
   if (info->CAPI->CommandExists(mf, "SET")) {
     info->CAPI->DisplaySatus(mf, "Command SET exists");
@@ -91,10 +91,12 @@ static int CCONV InitialPass(void* inf, void* mf, int argc, char* argv[])
 
   source_file = info->CAPI->CreateNewSourceFile(mf);
   cstr = info->CAPI->SourceFileGetSourceName(source_file);
-  sprintf(buffer, "Should be empty (source file name): [%s]", cstr);
+  snprintf(buffer, sizeof(buffer), "Should be empty (source file name): [%s]",
+           cstr);
   info->CAPI->DisplaySatus(mf, buffer);
   cstr = info->CAPI->SourceFileGetFullPath(source_file);
-  sprintf(buffer, "Should be empty (source file full path): [%s]", cstr);
+  snprintf(buffer, sizeof(buffer),
+           "Should be empty (source file full path): [%s]", cstr);
   info->CAPI->DisplaySatus(mf, buffer);
   info->CAPI->DefineSourceFileProperty(mf, "SOME_PROPERTY", "unused old prop",
                                        "This property is no longer used", 0);
@@ -106,7 +108,8 @@ static int CCONV InitialPass(void* inf, void* mf, int argc, char* argv[])
                                        "This property is for testing.", 0);
   info->CAPI->SourceFileSetProperty(source_file, "SOME_PROPERTY2", "HERE");
   cstr = info->CAPI->SourceFileGetProperty(source_file, "ABSTRACT");
-  sprintf(buffer, "Should be 0 (source file abstract property): [%p]", cstr);
+  snprintf(buffer, sizeof(buffer),
+           "Should be 0 (source file abstract property): [%p]", cstr);
   info->CAPI->DisplaySatus(mf, buffer);
 
   info->CAPI->DestroySourceFile(source_file);

Tests/LoadCommandOneConfig/CMakeCommands/cmTestCommand.c

@@ -75,10 +75,10 @@ static int CCONV InitialPass(void* inf, void* mf, int argc, char* argv[])
   info->CAPI->DisplaySatus(mf, info->CAPI->GetStartOutputDirectory(mf));
   info->CAPI->DisplaySatus(mf, info->CAPI->GetCurrentDirectory(mf));
   info->CAPI->DisplaySatus(mf, info->CAPI->GetCurrentOutputDirectory(mf));
-  sprintf(buffer, "Cache version: %d.%d, CMake version: %d.%d",
-          info->CAPI->GetCacheMajorVersion(mf),
-          info->CAPI->GetCacheMinorVersion(mf),
-          info->CAPI->GetMajorVersion(mf), info->CAPI->GetMinorVersion(mf));
+  snprintf(
+    buffer, sizeof(buffer), "Cache version: %d.%d, CMake version: %d.%d",
+    info->CAPI->GetCacheMajorVersion(mf), info->CAPI->GetCacheMinorVersion(mf),
+    info->CAPI->GetMajorVersion(mf), info->CAPI->GetMinorVersion(mf));
   info->CAPI->DisplaySatus(mf, buffer);
   if (info->CAPI->CommandExists(mf, "SET")) {
     info->CAPI->DisplaySatus(mf, "Command SET exists");
@@ -91,10 +91,12 @@ static int CCONV InitialPass(void* inf, void* mf, int argc, char* argv[])
 
   source_file = info->CAPI->CreateNewSourceFile(mf);
   cstr = info->CAPI->SourceFileGetSourceName(source_file);
-  sprintf(buffer, "Should be empty (source file name): [%s]", cstr);
+  snprintf(buffer, sizeof(buffer), "Should be empty (source file name): [%s]",
+           cstr);
   info->CAPI->DisplaySatus(mf, buffer);
   cstr = info->CAPI->SourceFileGetFullPath(source_file);
-  sprintf(buffer, "Should be empty (source file full path): [%s]", cstr);
+  snprintf(buffer, sizeof(buffer),
+           "Should be empty (source file full path): [%s]", cstr);
   info->CAPI->DisplaySatus(mf, buffer);
   info->CAPI->DefineSourceFileProperty(mf, "SOME_PROPERTY", "unused old prop",
                                        "This property is no longer used", 0);
@@ -106,7 +108,8 @@ static int CCONV InitialPass(void* inf, void* mf, int argc, char* argv[])
                                        "This property is for testing.", 0);
   info->CAPI->SourceFileSetProperty(source_file, "SOME_PROPERTY2", "HERE");
   cstr = info->CAPI->SourceFileGetProperty(source_file, "ABSTRACT");
-  sprintf(buffer, "Should be 0 (source file abstract property): [%p]", cstr);
+  snprintf(buffer, sizeof(buffer),
+           "Should be 0 (source file abstract property): [%p]", cstr);
   info->CAPI->DisplaySatus(mf, buffer);
 
   info->CAPI->DestroySourceFile(source_file);