diff --git a/c/makeotf/makeotf_lib/source/hotconv/cmap.c b/c/makeotf/makeotf_lib/source/hotconv/cmap.c index 2687c9104..0617ce705 100644 --- a/c/makeotf/makeotf_lib/source/hotconv/cmap.c +++ b/c/makeotf/makeotf_lib/source/hotconv/cmap.c @@ -291,7 +291,7 @@ static void CDECL cmapMsg(hotCtx g, int msgType, char *fmt, ...) { char msg[1024]; va_start(ap, fmt); - vsprintf(msgVar, fmt, ap); + VSPRINTF_S(msgVar, sizeof(msgVar), fmt, ap); va_end(ap); sprintf(msg, "cmap{plat=%u,script=%u,lang=%u}: %s", h->platformId, h->scriptId, h->language, msgVar); diff --git a/c/makeotf/makeotf_lib/source/hotconv/feat.c b/c/makeotf/makeotf_lib/source/hotconv/feat.c index d6bb61bbe..ba5ccacf9 100644 --- a/c/makeotf/makeotf_lib/source/hotconv/feat.c +++ b/c/makeotf/makeotf_lib/source/hotconv/feat.c @@ -445,7 +445,7 @@ static void CDECL zzerrVA(char *fmt, ...) { char msg[1024]; va_start(ap, fmt); - vsprintf(msg, fmt, ap); + VSPRINTF_S(msg, sizeof(msg), fmt, ap); va_end(ap); zzerr(msg); } @@ -458,7 +458,7 @@ static void CDECL featMsg(int msgType, char *fmt, ...) { char msg[1024]; va_start(ap, fmt); - vsprintf(msgVar, fmt, ap); + VSPRINTF_S(msgVar, sizeof(msgVar), fmt, ap); va_end(ap); sprintf(msg, "%s [%s %d]", msgVar, INCL.file, zzline); diff --git a/c/makeotf/makeotf_lib/source/hotconv/hot.c b/c/makeotf/makeotf_lib/source/hotconv/hot.c index 9380a579a..8b4e0239f 100644 --- a/c/makeotf/makeotf_lib/source/hotconv/hot.c +++ b/c/makeotf/makeotf_lib/source/hotconv/hot.c @@ -1851,9 +1851,13 @@ void CDECL hotMsg(hotCtx g, int level, char *fmt, ...) { #define MAX_NOTE_LEN 1024 char message[MAX_NOTE_LEN + 1024]; char *p; + size_t p_size; + + p_size = sizeof(message); if ((g->font.FontName.cnt != 0) && (lenName < MAX_NOTE_LEN)) { sprintf(message, "<%s> ", g->font.FontName.array); p = &message[lenName]; + p_size -= lenName; } else { p = message; } @@ -1867,7 +1871,7 @@ void CDECL hotMsg(hotCtx g, int level, char *fmt, ...) { } va_start(ap, fmt); - vsprintf(p, fmt, ap); + VSPRINTF_S(p, p_size, fmt, ap); va_end(ap); g->cb.message(g->cb.ctx, level, message); } diff --git a/c/makeotf/makeotf_lib/source/hotconv/map.c b/c/makeotf/makeotf_lib/source/hotconv/map.c index c739b63be..13335f936 100644 --- a/c/makeotf/makeotf_lib/source/hotconv/map.c +++ b/c/makeotf/makeotf_lib/source/hotconv/map.c @@ -674,7 +674,7 @@ static void CDECL CMapMsg(mapCtx h, int msgType, char *fmt, ...) { char msg[2048]; va_start(ap, fmt); - vsprintf(msgVar, fmt, ap); + VSPRINTF_S(msgVar, sizeof(msgVar), fmt, ap); va_end(ap); sprintf(msg, "%s [%s]", msgVar, h->ps.cb.psId ? h->ps.cb.psId(h->ps.cb.ctx) : ""); diff --git a/c/makeotf/makeotf_lib/source/pstoken/pstoken.c b/c/makeotf/makeotf_lib/source/pstoken/pstoken.c index e9b493ce9..2fefe6f14 100644 --- a/c/makeotf/makeotf_lib/source/pstoken/pstoken.c +++ b/c/makeotf/makeotf_lib/source/pstoken/pstoken.c @@ -794,7 +794,7 @@ void CDECL psWarning(psCtx h, char *fmt, ...) { /* Format message */ va_start(ap, fmt); - vsprintf(text, fmt, ap); + VSPRINTF_S(text, sizeof(text), fmt, ap); if (h->cb.psId != NULL) { /* Append source data id */ @@ -816,7 +816,7 @@ void CDECL psFatal(psCtx h, char *fmt, ...) { char text[513]; va_start(ap, fmt); - vsprintf(text, fmt, ap); + VSPRINTF_S(text, sizeof(text), fmt, ap); if (h->cb.psId != NULL) { /* Append source data id */ diff --git a/c/makeotf/makeotf_lib/source/typecomp/parse.c b/c/makeotf/makeotf_lib/source/typecomp/parse.c index d6e30c2f6..a61b10fee 100644 --- a/c/makeotf/makeotf_lib/source/typecomp/parse.c +++ b/c/makeotf/makeotf_lib/source/typecomp/parse.c @@ -388,7 +388,7 @@ void CDECL parseWarning(tcCtx g, char *fmt, ...) { /* Format and report message */ va_start(ap, fmt); - vsprintf(text, fmt, ap); + VSPRINTF_S(text, sizeof(text), fmt, ap); g->cb.message(g->cb.ctx, tcWARNING, text); va_end(ap); } @@ -404,7 +404,7 @@ void CDECL parseNewGlyphReport(tcCtx g, char *fmt, ...) { /* Format and report message */ va_start(ap, fmt); - vsprintf(text, fmt, ap); + VSPRINTF_S(text, sizeof(text), fmt, ap); g->cb.message(g->cb.ctx, tcNOTE, text); va_end(ap); } @@ -423,7 +423,7 @@ void CDECL parseFatal(tcCtx g, char *fmt, ...) { /* Format and report message */ va_start(ap, fmt); - vsprintf(text, fmt, ap); + VSPRINTF_S(text, sizeof(text), fmt, ap); g->cb.message(ctx, tcFATAL, text); va_end(ap); } diff --git a/c/makeotf/makeotf_lib/source/typecomp/tc.c b/c/makeotf/makeotf_lib/source/typecomp/tc.c index 2924116ea..adc305007 100644 --- a/c/makeotf/makeotf_lib/source/typecomp/tc.c +++ b/c/makeotf/makeotf_lib/source/typecomp/tc.c @@ -1060,7 +1060,7 @@ void CDECL tcFatal(tcCtx g, char *fmt, ...) { va_list ap; va_start(ap, fmt); - vsprintf(text, fmt, ap); + VSPRINTF_S(text, sizeof(text), fmt, ap); if (g->cb.psId != NULL) { /* Append source data id */ @@ -1081,7 +1081,7 @@ void CDECL tcWarning(tcCtx g, char *fmt, ...) { va_list ap; va_start(ap, fmt); - vsprintf(text, fmt, ap); + VSPRINTF_S(text, sizeof(text), fmt, ap); if (g->cb.psId != NULL) { /* Append source data id */ @@ -1101,7 +1101,7 @@ void CDECL tcNote(tcCtx g, char *fmt, ...) { va_list ap; va_start(ap, fmt); - vsprintf(text, fmt, ap); + VSPRINTF_S(text, sizeof(text), fmt, ap); if (g->cb.psId != NULL) { /* Append source data id */ diff --git a/c/makeotf/source/cbpriv.c b/c/makeotf/source/cbpriv.c index 0eacf601f..2940d3009 100644 --- a/c/makeotf/source/cbpriv.c +++ b/c/makeotf/source/cbpriv.c @@ -18,7 +18,7 @@ void cbFatal(cbCtx h, char *fmt, ...) { char text[512]; va_list ap; va_start(ap, fmt); - vsnprintf(text, sizeof(text), fmt, ap); + VSPRINTF_S(text, sizeof(text), fmt, ap); message(h, hotFATAL, text); va_end(ap); if (!KeepGoing) { @@ -31,7 +31,7 @@ void cbWarning(cbCtx h, char *fmt, ...) { char text[512]; va_list ap; va_start(ap, fmt); - vsnprintf(text, sizeof(text), fmt, ap); + VSPRINTF_S(text, sizeof(text), fmt, ap); message(h, hotWARNING, text); va_end(ap); } diff --git a/c/public/lib/api/ctlshare.h b/c/public/lib/api/ctlshare.h index c3e76d7d7..22dd6675b 100644 --- a/c/public/lib/api/ctlshare.h +++ b/c/public/lib/api/ctlshare.h @@ -537,7 +537,7 @@ enum { #define SPRINTF_S(b, l, f, ...) sprintf(b, f, ##__VA_ARGS__) #endif #ifndef VSPRINTF_S -#define VSPRINTF_S(b, l, f, ...) vsprintf(b, f, ##__VA_ARGS__) +#define VSPRINTF_S vsnprintf #endif #ifndef SSCANF_S #define SSCANF_S sscanf diff --git a/c/public/lib/source/cffwrite/cffwrite.c b/c/public/lib/source/cffwrite/cffwrite.c index 77c6ca87f..2dd4b4b80 100644 --- a/c/public/lib/source/cffwrite/cffwrite.c +++ b/c/public/lib/source/cffwrite/cffwrite.c @@ -2281,12 +2281,11 @@ void cfwFree(cfwCtx g) { /* Write message to debug stream from va_list. */ static void vmessage(cfwCtx g, char *fmt, va_list ap) { char text[500]; - const size_t textLen = sizeof(text); if (g->stm.dbg == NULL) { return; /* Debug stream not available */ } - VSPRINTF_S(text, textLen, fmt, ap); + VSPRINTF_S(text, sizeof(text), fmt, ap); (void)g->cb.stm.write(&g->cb.stm, g->stm.dbg, strlen(text), text); } diff --git a/c/public/lib/source/pdfwrite/pdfwrite.c b/c/public/lib/source/pdfwrite/pdfwrite.c index 22dcf9b70..c6d79e04e 100644 --- a/c/public/lib/source/pdfwrite/pdfwrite.c +++ b/c/public/lib/source/pdfwrite/pdfwrite.c @@ -504,7 +504,7 @@ static void CTL_CDECL dstPrint(pdwCtx h, char *fmt, ...) { char buf[500]; va_list ap; va_start(ap, fmt); - vsprintf(buf, fmt, ap); + VSPRINTF_S(buf, sizeof(buf), fmt, ap); dstWrite(h, strlen(buf), buf); va_end(ap); } @@ -541,7 +541,7 @@ static void CTL_CDECL stmPrint(pdwCtx h, long iStm, char *fmt, ...) { long length; va_list ap; va_start(ap, fmt); - vsprintf(buf, fmt, ap); + VSPRINTF_S(buf, sizeof(buf), fmt, ap); va_end(ap); length = (long)strlen(buf); memcpy(dnaEXTEND(h->stms[iStm], length), buf, length); @@ -617,7 +617,7 @@ static void CTL_CDECL textShow(pdwCtx h, char *fmt, ...) { /* Format text */ va_start(ap, fmt); - vsprintf(src, fmt, ap); + VSPRINTF_S(src, sizeof(src), fmt, ap); va_end(ap); /* Double backslashes */ diff --git a/c/public/lib/source/svgwrite/svgwrite.c b/c/public/lib/source/svgwrite/svgwrite.c index 2e67958a7..39e00b674 100644 --- a/c/public/lib/source/svgwrite/svgwrite.c +++ b/c/public/lib/source/svgwrite/svgwrite.c @@ -265,7 +265,7 @@ static void CTL_CDECL writeFmt(svwCtx h, char *fmt, ...) { char buf[200]; va_list ap; va_start(ap, fmt); - vsprintf(buf, fmt, ap); + VSPRINTF_S(buf, sizeof(buf), fmt, ap); writeStr(h, buf); va_end(ap); } diff --git a/c/public/lib/source/svread/svread.c b/c/public/lib/source/svread/svread.c index 217f5653b..b45b42a13 100644 --- a/c/public/lib/source/svread/svread.c +++ b/c/public/lib/source/svread/svread.c @@ -167,7 +167,7 @@ static void vmessage(svrCtx h, char *fmt, va_list ap) { if (h->stm.dbg == NULL) return; /* Debug stream not available */ - vsnprintf(text, BUFSIZ, fmt, ap); + VSPRINTF_S(text, BUFSIZ, fmt, ap); (void)h->cb.stm.write(&h->cb.stm, h->stm.dbg, strlen(text), text); } diff --git a/c/public/lib/source/t1read/t1read.c b/c/public/lib/source/t1read/t1read.c index 8e7d7b690..778803762 100644 --- a/c/public/lib/source/t1read/t1read.c +++ b/c/public/lib/source/t1read/t1read.c @@ -201,7 +201,7 @@ static void vmessage(t1rCtx h, char *fmt, va_list ap) { if (h->stm.dbg == NULL) return; /* Debug stream not available */ - vsnprintf(text, 500, fmt, ap); + VSPRINTF_S(text, 500, fmt, ap); (void)h->cb.stm.write(&h->cb.stm, h->stm.dbg, strlen(text), text); } diff --git a/c/public/lib/source/t1write/t1write.c b/c/public/lib/source/t1write/t1write.c index f81b2b1ae..e16387408 100644 --- a/c/public/lib/source/t1write/t1write.c +++ b/c/public/lib/source/t1write/t1write.c @@ -306,7 +306,7 @@ static void CTL_CDECL writeFmt(t1wCtx h, char *fmt, ...) { char buf[200]; va_list ap; va_start(ap, fmt); - vsprintf(buf, fmt, ap); + VSPRINTF_S(buf, sizeof(buf), fmt, ap); writeStr(h, buf); va_end(ap); } diff --git a/c/public/lib/source/ttread/ttread.c b/c/public/lib/source/ttread/ttread.c index 03c69b410..965e40d2d 100644 --- a/c/public/lib/source/ttread/ttread.c +++ b/c/public/lib/source/ttread/ttread.c @@ -457,7 +457,7 @@ static void vmessage(ttrCtx h, char *fmt, va_list ap) { if (h->stm.dbg == NULL) return; /* Debug stream not available */ - vsprintf(text, fmt, ap); + VSPRINTF_S(text, sizeof(text), fmt, ap); (void)h->cb.stm.write(&h->cb.stm, h->stm.dbg, strlen(text), text); } diff --git a/c/public/lib/source/uforead/uforead.c b/c/public/lib/source/uforead/uforead.c index 52b91b0d6..ed0c90335 100644 --- a/c/public/lib/source/uforead/uforead.c +++ b/c/public/lib/source/uforead/uforead.c @@ -300,7 +300,7 @@ static void vmessage(ufoCtx h, char* fmt, va_list ap) { if (h->stm.dbg == NULL) return; /* Debug stream not available */ - vsprintf(text, fmt, ap); + VSPRINTF_S(text, sizeof(text), fmt, ap); (void)h->cb.stm.write(&h->cb.stm, h->stm.dbg, strlen(text), text); }