Merge pull request #3421 from seanm/snprintf

Replaced most uses of sprintf with the safer snprintf
OSGeo · Nov 1, 2022 · 9d440ec · 9d440ec
2 parents d7392db + 6d40efa
commit 9d440ec
Show file tree

Hide file tree

Showing 10 changed files with 35 additions and 30 deletions.
diff --git a/src/4D_api.cpp b/src/4D_api.cpp
@@ -681,10 +681,11 @@ Returns 1 on success, 0 on failure
 
     /* Don't axisswap if data are already in "enu" order */
     if (p && (0!=strcmp ("enu", p->param))) {
-        char *def = static_cast<char*>(malloc (100+strlen(P->axis)));
+        size_t def_size = 100+strlen(P->axis);
+        char *def = static_cast<char*>(malloc (def_size));
         if (nullptr==def)
             return 0;
-        sprintf (def, "break_cs2cs_recursion     proj=axisswap  axis=%s", P->axis);
+        snprintf (def, def_size, "break_cs2cs_recursion     proj=axisswap  axis=%s", P->axis);
         Q = pj_create_internal (P->ctx, def);
         free (def);
         if (nullptr==Q)
@@ -696,11 +697,12 @@ Returns 1 on success, 0 on failure
     p = pj_param_exists (P->params, "geoidgrids");
     if (!disable_grid_presence_check && p  &&  strlen (p->param) > strlen ("geoidgrids=")) {
         char *gridnames = p->param + strlen ("geoidgrids=");
-        char *def = static_cast<char*>(malloc (100+2*strlen(gridnames)));
+        size_t def_size = 100+2*strlen(gridnames);
+        char *def = static_cast<char*>(malloc (def_size));
         if (nullptr==def)
             return 0;
-        sprintf (def, "break_cs2cs_recursion     proj=vgridshift  grids=%s",
-                 pj_double_quote_string_param_if_needed(gridnames).c_str());
+        snprintf (def, def_size, "break_cs2cs_recursion     proj=vgridshift  grids=%s",
+                  pj_double_quote_string_param_if_needed(gridnames).c_str());
         Q = pj_create_internal (P->ctx, def);
         free (def);
         if (nullptr==Q)
@@ -712,11 +714,12 @@ Returns 1 on success, 0 on failure
     p = pj_param_exists (P->params, "nadgrids");
     if (!disable_grid_presence_check && p  &&  strlen (p->param) > strlen ("nadgrids=")) {
         char *gridnames = p->param + strlen ("nadgrids=");
-        char *def = static_cast<char*>(malloc (100+2*strlen(gridnames)));
+        size_t def_size = 100+2*strlen(gridnames);
+        char *def = static_cast<char*>(malloc (def_size));
         if (nullptr==def)
             return 0;
-        sprintf (def, "break_cs2cs_recursion     proj=hgridshift  grids=%s",
-                 pj_double_quote_string_param_if_needed(gridnames).c_str());
+        snprintf (def, def_size, "break_cs2cs_recursion     proj=hgridshift  grids=%s",
+                  pj_double_quote_string_param_if_needed(gridnames).c_str());
         Q = pj_create_internal (P->ctx, def);
         free (def);
         if (nullptr==Q)
@@ -745,10 +748,11 @@ Returns 1 on success, 0 on failure
         if (n <= 8) /* 8==strlen ("towgs84=") */
             return 0;
 
-        def = static_cast<char*>(malloc (100+n));
+        size_t def_size = 100+n;
+        def = static_cast<char*>(malloc (def_size));
         if (nullptr==def)
             return 0;
-        sprintf (def, "break_cs2cs_recursion     proj=helmert exact %s convention=position_vector", s);
+        snprintf (def, def_size, "break_cs2cs_recursion     proj=helmert exact %s convention=position_vector", s);
         Q = pj_create_internal (P->ctx, def);
         free(def);
         if (nullptr==Q)
@@ -763,7 +767,7 @@ Returns 1 on success, 0 on failure
     /* geocentric/cartesian space or we need to do a Helmert transform.         */
     if (P->is_geocent || P->helmert || do_cart) {
         char def[150];
-        sprintf (def, "break_cs2cs_recursion     proj=cart   a=%40.20g  es=%40.20g", P->a_orig, P->es_orig);
+        snprintf (def, sizeof(def), "break_cs2cs_recursion     proj=cart   a=%40.20g  es=%40.20g", P->a_orig, P->es_orig);
         {
             /* In case the current locale does not use dot but comma as decimal */
             /* separator, replace it with dot, so that proj_atof() behaves */
@@ -781,7 +785,7 @@ Returns 1 on success, 0 on failure
         P->cart = skip_prep_fin (Q);
 
         if (!P->is_geocent) {
-            sprintf (def, "break_cs2cs_recursion     proj=cart  ellps=WGS84");
+            snprintf (def, sizeof(def), "break_cs2cs_recursion     proj=cart  ellps=WGS84");
             Q = pj_create_internal (P->ctx, def);
             if (nullptr==Q)
                 return 0;
@@ -2185,10 +2189,9 @@ PJ_INFO proj_info (void) {
     info.minor = PROJ_VERSION_MINOR;
     info.patch = PROJ_VERSION_PATCH;
 
-    /* This is a controlled environment, so no risk of sprintf buffer
-    overflow. A normal version string is xx.yy.zz which is 8 characters
+    /* A normal version string is xx.yy.zz which is 8 characters
     long and there is room for 64 bytes in the version string. */
-    sprintf (version, "%d.%d.%d", info.major, info.minor, info.patch);
+    snprintf (version, sizeof(version), "%d.%d.%d", info.major, info.minor, info.patch);
 
     info.version    = version;
     info.release    = pj_get_release ();

diff --git a/src/apps/cct.cpp b/src/apps/cct.cpp
@@ -183,13 +183,14 @@ static void print(PJ_LOG_LEVEL log_level, const char *fmt, ...) {
 
     va_start( args, fmt );
 
-    msg_buf = (char *) malloc(100000);
+    const size_t msg_buf_size = 100000;
+    msg_buf = (char *) malloc(msg_buf_size);
     if( msg_buf == nullptr ) {
         va_end( args );
         return;
     }
 
-    vsprintf( msg_buf, fmt, args );
+    vsnprintf( msg_buf, msg_buf_size, fmt, args );
 
     logger((void *) fout, log_level, msg_buf);
 

diff --git a/src/apps/cs2cs.cpp b/src/apps/cs2cs.cpp
@@ -613,7 +613,7 @@ int main(int argc, char **argv) {
                 case 'd':
                     if (--argc <= 0)
                         goto noargument;
-                    sprintf(oform_buffer, "%%.%df", atoi(*++argv));
+                    snprintf(oform_buffer, sizeof(oform_buffer), "%%.%df", atoi(*++argv));
                     oform = oform_buffer;
                     break;
                 default:

diff --git a/src/apps/proj.cpp b/src/apps/proj.cpp
@@ -445,7 +445,7 @@ int main(int argc, char **argv) {
                 continue;
               case 'd':
                 if (--argc <= 0) goto noargument;
-                sprintf(oform_buffer, "%%.%df", atoi(*++argv));
+                snprintf(oform_buffer, sizeof(oform_buffer), "%%.%df", atoi(*++argv));
                 oform = oform_buffer;
                 break;
               case 'r': /* reverse input */

diff --git a/src/iso19111/crs.cpp b/src/iso19111/crs.cpp
@@ -2291,7 +2291,7 @@ void GeodeticCRS::addAngularUnitConvertAndAxisSwap(
     if (order[0] && order[1] && (order[0] != one || order[1] != two)) {
         formatter->addStep("axisswap");
         char orderStr[10];
-        sprintf(orderStr, "%.2s,%.2s", order[0], order[1]);
+        snprintf(orderStr, sizeof(orderStr), "%.2s,%.2s", order[0], order[1]);
         formatter->addParam("order", orderStr);
     }
 }
@@ -4607,7 +4607,7 @@ void ProjectedCRS::addUnitConvertAndAxisSwap(
             if (order[0] && order[1]) {
                 formatter->addStep("axisswap");
                 char orderStr[10];
-                sprintf(orderStr, "%.2s,%.2s", order[0], order[1]);
+                snprintf(orderStr, sizeof(orderStr), "%.2s,%.2s", order[0], order[1]);
                 formatter->addParam("order", orderStr);
             }
         } else {

diff --git a/src/projections/chamb.cpp b/src/projections/chamb.cpp
@@ -109,9 +109,9 @@ PJ *PROJECTION(chamb) {
 
 
     for (i = 0; i < 3; ++i) { /* get control point locations */
-        (void)sprintf(line, "rlat_%d", i+1);
+        (void)snprintf(line, sizeof(line), "rlat_%d", i+1);
         Q->c[i].phi = pj_param(P->ctx, P->params, line).f;
-        (void)sprintf(line, "rlon_%d", i+1);
+        (void)snprintf(line, sizeof(line), "rlon_%d", i+1);
         Q->c[i].lam = pj_param(P->ctx, P->params, line).f;
         Q->c[i].lam = adjlon(Q->c[i].lam - P->lam0);
         Q->c[i].cosphi = cos(Q->c[i].phi);

diff --git a/src/rtodms.cpp b/src/rtodms.cpp
@@ -33,9 +33,9 @@ set_rtodms(int fract, int con_w) {
 		RES60 = RES * 60.;
 		CONV = 180. * 3600. * RES / M_PI;
 		if (! con_w)
-			(void)sprintf(format,"%%dd%%d'%%.%df\"%%c", fract);
+			(void)snprintf(format,sizeof(format),"%%dd%%d'%%.%df\"%%c", fract);
 		else
-			(void)sprintf(format,"%%dd%%02d'%%0%d.%df\"%%c",
+			(void)snprintf(format,sizeof(format),"%%dd%%02d'%%0%d.%df\"%%c",
 				fract+2+(fract?1:0), fract);
 		dolong = con_w;
 	}

diff --git a/src/strtod.cpp b/src/strtod.cpp
@@ -84,7 +84,7 @@ static char* replace_point_by_locale_point(const char* pszNumber, char point,
     if (byPoint == 0)
     {
         char szBuf[16];
-        sprintf(szBuf, "%.1f", 1.0);
+        snprintf(szBuf, sizeof(szBuf), "%.1f", 1.0);
         byPoint = szBuf[1];
     }
     if (point != byPoint)

diff --git a/src/transformations/horner.cpp b/src/transformations/horner.cpp
@@ -515,18 +515,19 @@ static int parse_coefs (PJ *P, double *coefs, const char *param, int ncoefs) {
     char *buf, *init, *next = nullptr;
     int i;
 
-    buf = static_cast<char*>(calloc (strlen (param) + 2, sizeof(char)));
+    size_t buf_size = strlen (param) + 2;
+    buf = static_cast<char*>(calloc (buf_size, sizeof(char)));
     if (nullptr==buf) {
         proj_log_error (P, "No memory left");
         return 0;
     }
 
-    sprintf (buf, "t%s", param);
+    snprintf (buf, buf_size, "t%s", param);
     if (0==pj_param (P->ctx, P->params, buf).i) {
         free (buf);
         return 0;
     }
-    sprintf (buf, "s%s", param);
+    snprintf (buf, buf_size, "s%s", param);
     init = pj_param(P->ctx, P->params, buf).s;
     free (buf);
 

diff --git a/test/unit/gie_self_tests.cpp b/test/unit/gie_self_tests.cpp
@@ -377,7 +377,7 @@ TEST(gie, info_functions) {
 
     if (info.version[0] != '\0') {
         char tmpstr[64];
-        sprintf(tmpstr, "%d.%d.%d", info.major, info.minor, info.patch);
+        snprintf(tmpstr, sizeof(tmpstr), "%d.%d.%d", info.major, info.minor, info.patch);
         ASSERT_EQ(std::string(info.version), std::string(tmpstr));
     }
     ASSERT_NE(std::string(info.release), "");