gh-101703: use snprintf instead of sprintf

sobolevn · sobolevn · commit 38f8e7d5ee08 · 2023-02-09T10:26:28.000+03:00
diff --git a/Modules/_ctypes/_ctypes.c b/Modules/_ctypes/_ctypes.c
@@ -392,9 +392,9 @@ _ctypes_alloc_format_string_with_shape(int ndim, const Py_ssize_t *shape,
         strcat(new_prefix, "(");
         for (k = 0; k < ndim; ++k) {
             if (k < ndim-1) {
-                sprintf(buf, "%zd,", shape[k]);
+                snprintf(buf, sizeof(buf), "%zd,", shape[k]);
             } else {
-                sprintf(buf, "%zd)", shape[k]);
+                snprintf(buf, sizeof(buf), "%zd)", shape[k]);
             }
             strcat(new_prefix, buf);
         }
@@ -2639,7 +2639,8 @@ unique_key(CDataObject *target, Py_ssize_t index)
     size_t bytes_left;
 
     Py_BUILD_ASSERT(sizeof(string) - 1 > sizeof(Py_ssize_t) * 2);
-    cp += sprintf(cp, "%x", Py_SAFE_DOWNCAST(index, Py_ssize_t, int));
+    cp += snprintf(cp, sizeof(cp), "%x",
+                   Py_SAFE_DOWNCAST(index, Py_ssize_t, int));
     while (target->b_base) {
         bytes_left = sizeof(string) - (cp - string) - 1;
         /* Hex format needs 2 characters per byte */
@@ -2648,7 +2649,8 @@ unique_key(CDataObject *target, Py_ssize_t index)
                             "ctypes object structure too deep");
             return NULL;
         }
-        cp += sprintf(cp, ":%x", Py_SAFE_DOWNCAST(target->b_index, Py_ssize_t, int));
+        cp += snprintf(cp, sizeof(cp), ":%x",
+                       Py_SAFE_DOWNCAST(target->b_index, Py_ssize_t, int));
         target = target->b_base;
     }
     return PyUnicode_FromStringAndSize(string, cp-string);
@@ -3364,7 +3366,7 @@ static PPROC FindAddress(void *handle, const char *name, PyObject *type)
     if (!mangled_name)
         return NULL;
     for (i = 0; i < 32; ++i) {
-        sprintf(mangled_name, "_%s@%d", name, i*4);
+        snprintf(mangled_name, sizeof(mangled_name), "_%s@%d", name, i*4);
         Py_BEGIN_ALLOW_THREADS
         address = (PPROC)GetProcAddress(handle, mangled_name);
         Py_END_ALLOW_THREADS
@@ -4851,10 +4853,10 @@ PyCArrayType_from_ctype(PyObject *itemtype, Py_ssize_t length)
         return NULL;
     }
 #ifdef MS_WIN64
-    sprintf(name, "%.200s_Array_%Id",
+    snprintf(name, sizeof(name), "%.200s_Array_%Id",
         ((PyTypeObject *)itemtype)->tp_name, length);
 #else
-    sprintf(name, "%.200s_Array_%ld",
+    snprintf(name, sizeof(name), "%.200s_Array_%ld",
         ((PyTypeObject *)itemtype)->tp_name, (long)length);
 #endif
 
diff --git a/Modules/_ctypes/stgdict.c b/Modules/_ctypes/stgdict.c
@@ -612,7 +612,7 @@ PyCStructUnionType_update_stgdict(PyObject *type, PyObject *fields, int isStruct
                 PyErr_NoMemory();
                 return -1;
             }
-            sprintf(buf, "%s:%s:", fieldfmt, fieldname);
+            snprintf(buf, sizeof(buf), "%s:%s:", fieldfmt, fieldname);
 
             ptr = stgdict->format;
             if (dict->shape != NULL) {
diff --git a/Modules/_datetimemodule.c b/Modules/_datetimemodule.c
@@ -1559,11 +1559,13 @@ make_freplacement(PyObject *object)
 {
     char freplacement[64];
     if (PyTime_Check(object))
-        sprintf(freplacement, "%06d", TIME_GET_MICROSECOND(object));
+        snprintf(freplacement, sizeof(freplacement),
+                 "%06d", TIME_GET_MICROSECOND(object));
     else if (PyDateTime_Check(object))
-        sprintf(freplacement, "%06d", DATE_GET_MICROSECOND(object));
+        snprintf(freplacement, sizeof(freplacement),
+                 "%06d", DATE_GET_MICROSECOND(object));
     else
-        sprintf(freplacement, "%06d", 0);
+        snprintf(freplacement, sizeof(freplacement), "%06d", 0);
 
     return PyBytes_FromStringAndSize(freplacement, strlen(freplacement));
 }
diff --git a/Modules/_pickle.c b/Modules/_pickle.c
@@ -2098,7 +2098,7 @@ save_long(PicklerObject *self, PyObject *obj)
             }
         }
         else {
-            sprintf(pdata, "%c%ld\n", INT,  val);
+            snprintf(pdata, sizeof(pdata), "%c%ld\n", INT,  val);
             len = strlen(pdata);
         }
         if (_Pickler_Write(self, pdata, len) < 0)
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -1324,8 +1324,9 @@ _get_peer_alt_names (_sslmodulestate *state, X509 *certificate) {
                 } else if (name->d.ip->length == 16) {
                     /* PyUnicode_FromFormat() does not support %X */
                     unsigned char *p = name->d.ip->data;
-                    len = sprintf(
+                    len = snprintf(
                         buf,
+                        sizeof(buf),
                         "%X:%X:%X:%X:%X:%X:%X:%X",
                         p[0] << 8 | p[1],
                         p[2] << 8 | p[3],
diff --git a/Modules/_testcapimodule.c b/Modules/_testcapimodule.c
@@ -1097,7 +1097,8 @@ test_capsule(PyObject *self, PyObject *Py_UNUSED(ignored))
 #undef FAIL
 #define FAIL(x) \
         { \
-        sprintf(buffer, "%s module: \"%s\" attribute: \"%s\"", \
+        snprintf(buffer, sizeof(buffer), \
+            "%s module: \"%s\" attribute: \"%s\"", \
             x, known->module, known->attribute); \
         error = buffer; \
         goto exit; \
diff --git a/Modules/getnameinfo.c b/Modules/getnameinfo.c
@@ -139,7 +139,7 @@ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags)
     if (serv == NULL || servlen == 0) {
         /* what we should do? */
     } else if (flags & NI_NUMERICSERV) {
-        sprintf(numserv, "%d", ntohs(port));
+        snprintf(numserv, sizeof(numserv), "%d", ntohs(port));
         if (strlen(numserv) > servlen)
             return ENI_MEMORY;
         strcpy(serv, numserv);
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
@@ -1302,11 +1302,11 @@ makebdaddr(bdaddr_t *bdaddr)
         octets[i] = ((*bdaddr) >> (8 * i)) & 0xFF;
     }
 
-    sprintf(buf, "%02X:%02X:%02X:%02X:%02X:%02X",
+    snprintf(buf, sizeof(buf), "%02X:%02X:%02X:%02X:%02X:%02X",
         octets[5], octets[4], octets[3],
         octets[2], octets[1], octets[0]);
 #else
-    sprintf(buf, "%02X:%02X:%02X:%02X:%02X:%02X",
+    snprintf(buf, sizeof(buf), "%02X:%02X:%02X:%02X:%02X:%02X",
         bdaddr->b[5], bdaddr->b[4], bdaddr->b[3],
         bdaddr->b[2], bdaddr->b[1], bdaddr->b[0]);
 #endif
diff --git a/Modules/unicodedata.c b/Modules/unicodedata.c
@@ -1108,7 +1108,7 @@ _getucname(PyObject *self,
         if (buflen < 28)
             /* Worst case: CJK UNIFIED IDEOGRAPH-20000 */
             return 0;
-        sprintf(buffer, "CJK UNIFIED IDEOGRAPH-%X", code);
+        snprintf(buffer, sizeof(buffer), "CJK UNIFIED IDEOGRAPH-%X", code);
         return 1;
     }
 
diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
@@ -270,40 +270,43 @@ PyBytes_FromFormatV(const char *format, va_list vargs)
 
         case 'd':
             if (longflag) {
-                sprintf(buffer, "%ld", va_arg(vargs, long));
+                snprintf(buffer, sizeof(buffer), "%ld", va_arg(vargs, long));
             }
             else if (size_tflag) {
-                sprintf(buffer, "%zd", va_arg(vargs, Py_ssize_t));
+                snprintf(buffer, sizeof(buffer),
+                         "%zd", va_arg(vargs, Py_ssize_t));
             }
             else {
-                sprintf(buffer, "%d", va_arg(vargs, int));
+                snprintf(buffer, sizeof(buffer), "%d", va_arg(vargs, int));
             }
             assert(strlen(buffer) < sizeof(buffer));
             WRITE_BYTES(buffer);
             break;
 
         case 'u':
             if (longflag) {
-                sprintf(buffer, "%lu", va_arg(vargs, unsigned long));
+                snprintf(buffer, sizeof(buffer),
+                         "%lu", va_arg(vargs, unsigned long));
             }
             else if (size_tflag) {
-                sprintf(buffer, "%zu", va_arg(vargs, size_t));
+                snprintf(buffer, sizeof(buffer), "%zu", va_arg(vargs, size_t));
             }
             else {
-                sprintf(buffer, "%u", va_arg(vargs, unsigned int));
+                snprintf(buffer, sizeof(buffer),
+                         "%u", va_arg(vargs, unsigned int));
             }
             assert(strlen(buffer) < sizeof(buffer));
             WRITE_BYTES(buffer);
             break;
 
         case 'i':
-            sprintf(buffer, "%i", va_arg(vargs, int));
+            snprintf(buffer, sizeof(buffer), "%i", va_arg(vargs, int));
             assert(strlen(buffer) < sizeof(buffer));
             WRITE_BYTES(buffer);
             break;
 
         case 'x':
-            sprintf(buffer, "%x", va_arg(vargs, int));
+            snprintf(buffer, sizeof(buffer), "%x", va_arg(vargs, int));
             assert(strlen(buffer) < sizeof(buffer));
             WRITE_BYTES(buffer);
             break;
@@ -329,7 +332,7 @@ PyBytes_FromFormatV(const char *format, va_list vargs)
         }
 
         case 'p':
-            sprintf(buffer, "%p", va_arg(vargs, void*));
+            snprintf(buffer, sizeof(buffer), "%p", va_arg(vargs, void*));
             assert(strlen(buffer) < sizeof(buffer));
             /* %p is ill-defined:  ensure leading 0x. */
             if (buffer[1] == 'X')
diff --git a/Objects/typeobject.c b/Objects/typeobject.c
@@ -4730,7 +4730,8 @@ type_traverse(PyTypeObject *type, visitproc visit, void *arg)
        for heaptypes. */
     if (!(type->tp_flags & Py_TPFLAGS_HEAPTYPE)) {
         char msg[200];
-        sprintf(msg, "type_traverse() called on non-heap type '%.100s'",
+        snprintf(msg, sizeof(msg),
+                "type_traverse() called on non-heap type '%.100s'",
                 type->tp_name);
         _PyObject_ASSERT_FAILED_MSG((PyObject *)type, msg);
     }
diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
@@ -733,7 +733,8 @@ xmlcharrefreplace(_PyBytesWriter *writer, char *str,
 
     /* generate replacement */
     for (i = collstart; i < collend; ++i) {
-        size = sprintf(str, "&#%d;", PyUnicode_READ(kind, data, i));
+        size = snprintf(str, sizeof(str),
+                        "&#%d;", PyUnicode_READ(kind, data, i));
         if (size < 0) {
             return NULL;
         }
@@ -2449,39 +2450,47 @@ unicode_fromformat_arg(_PyUnicodeWriter *writer,
     case 'u':
     case 'x':
     {
-        /* used by sprintf */
+        /* used by snprintf */
         char buffer[MAX_LONG_LONG_CHARS];
         Py_ssize_t arglen;
 
         if (*f == 'u') {
             if (longflag) {
-                len = sprintf(buffer, "%lu", va_arg(*vargs, unsigned long));
+                len = snprintf(buffer, sizeof(buffer),
+                               "%lu", va_arg(*vargs, unsigned long));
             }
             else if (longlongflag) {
-                len = sprintf(buffer, "%llu", va_arg(*vargs, unsigned long long));
+                len = snprintf(buffer, sizeof(buffer),
+                               "%llu", va_arg(*vargs, unsigned long long));
             }
             else if (size_tflag) {
-                len = sprintf(buffer, "%zu", va_arg(*vargs, size_t));
+                len = snprintf(buffer, sizeof(buffer),
+                               "%zu", va_arg(*vargs, size_t));
             }
             else {
-                len = sprintf(buffer, "%u", va_arg(*vargs, unsigned int));
+                len = snprintf(buffer, sizeof(buffer),
+                               "%u", va_arg(*vargs, unsigned int));
             }
         }
         else if (*f == 'x') {
-            len = sprintf(buffer, "%x", va_arg(*vargs, int));
+            len = snprintf(buffer, sizeof(buffer), "%x", va_arg(*vargs, int));
         }
         else {
             if (longflag) {
-                len = sprintf(buffer, "%li", va_arg(*vargs, long));
+                len = snprintf(buffer, sizeof(buffer),
+                               "%li", va_arg(*vargs, long));
             }
             else if (longlongflag) {
-                len = sprintf(buffer, "%lli", va_arg(*vargs, long long));
+                len = snprintf(buffer, sizeof(buffer),
+                               "%lli", va_arg(*vargs, long long));
             }
             else if (size_tflag) {
-                len = sprintf(buffer, "%zi", va_arg(*vargs, Py_ssize_t));
+                len = snprintf(buffer, sizeof(buffer),
+                               "%zi", va_arg(*vargs, Py_ssize_t));
             }
             else {
-                len = sprintf(buffer, "%i", va_arg(*vargs, int));
+                len = snprintf(buffer, sizeof(buffer),
+                               "%i", va_arg(*vargs, int));
             }
         }
         assert(len >= 0);
@@ -2530,7 +2539,7 @@ unicode_fromformat_arg(_PyUnicodeWriter *writer,
     {
         char number[MAX_LONG_LONG_CHARS];
 
-        len = sprintf(number, "%p", va_arg(*vargs, void*));
+        len = snprintf(number, sizeof(number), "%p", va_arg(*vargs, void*));
         assert(len >= 0);
 
         /* %p is ill-defined:  ensure leading 0x. */
@@ -8104,7 +8113,8 @@ charmap_encoding_error(
         for (collpos = collstartpos; collpos < collendpos; ++collpos) {
             char buffer[2+29+1+1];
             char *cp;
-            sprintf(buffer, "&#%d;", (int)PyUnicode_READ_CHAR(unicode, collpos));
+            snprintf(buffer, sizeof(buffer),
+                     "&#%d;", (int)PyUnicode_READ_CHAR(unicode, collpos));
             for (cp = buffer; *cp; ++cp) {
                 x = charmapencode_output(*cp, mapping, res, respos);
                 if (x==enc_EXCEPTION)
diff --git a/Parser/string_parser.c b/Parser/string_parser.c
@@ -118,7 +118,7 @@ decode_unicode_with_escapes(Parser *parser, const char *s, size_t len, Token *t)
             w_len = PyUnicode_GET_LENGTH(w);
             for (i = 0; i < w_len; i++) {
                 Py_UCS4 chr = PyUnicode_READ(kind, data, i);
-                sprintf(p, "\\U%08x", chr);
+                snprintf(p, sizeof(p), "\\U%08x", chr);
                 p += 10;
             }
             /* Should be impossible to overflow */
diff --git a/Programs/_freeze_module.c b/Programs/_freeze_module.c
@@ -124,7 +124,7 @@ static PyObject *
 compile_and_marshal(const char *name, const char *text)
 {
     char *filename = (char *) malloc(strlen(name) + 10);
-    sprintf(filename, "<frozen %s>", name);
+    snprintf(filename, sizeof(filename), "<frozen %s>", name);
     PyObject *code = Py_CompileStringExFlags(text, filename,
                                              Py_file_input, NULL, 0);
     free(filename);
diff --git a/Python/pystrtod.c b/Python/pystrtod.c
@@ -1239,7 +1239,7 @@ format_float_short(double d, char format_code,
     /* Now that we've done zero padding, add an exponent if needed. */
     if (use_exp) {
         *p++ = float_strings[OFS_E][0];
-        exp_len = sprintf(p, "%+.02d", exp);
+        exp_len = snprintf(p, sizeof(p), "%+.02d", exp);
         p += exp_len;
     }
   exit:
diff --git a/Python/specialize.c b/Python/specialize.c
@@ -232,7 +232,7 @@ _Py_PrintSpecializationStats(int to_file)
         hex_name[40] = '\0';
         char buf[64];
         assert(strlen(dirname) + 40 + strlen(".txt") < 64);
-        sprintf(buf, "%s%s.txt", dirname, hex_name);
+        snprintf(buf, sizeof(buf), "%s%s.txt", dirname, hex_name);
         FILE *fout = fopen(buf, "w");
         if (fout) {
             out = fout;
@@ -1084,7 +1084,7 @@ PyObject *descr, DescriptorClassification kind)
             if (dict) {
                 SPECIALIZATION_FAIL(LOAD_ATTR, SPEC_FAIL_ATTR_NOT_MANAGED_DICT);
                 return 0;
-            }  
+            }
             assert(owner_cls->tp_dictoffset > 0);
             assert(owner_cls->tp_dictoffset <= INT16_MAX);
             _py_set_opcode(instr, LOAD_ATTR_METHOD_LAZY_DICT);

Original file line number	Diff line number	Diff line change
`@@ -612,7 +612,7 @@ PyCStructUnionType_update_stgdict(PyObject type, PyObject fields, int isStruct`
`612`	`612`	`PyErr_NoMemory();`
`613`	`613`	`return -1;`
`614`	`614`	`}`
`615`		`- sprintf(buf, "%s:%s:", fieldfmt, fieldname);`
	`615`	`+ snprintf(buf, sizeof(buf), "%s:%s:", fieldfmt, fieldname);`
`616`	`616`
`617`	`617`	`ptr = stgdict->format;`
`618`	`618`	`if (dict->shape != NULL) {`
Original file line number	Diff line number	Diff line change
`@@ -2098,7 +2098,7 @@ save_long(PicklerObject self, PyObject obj)`
`2098`	`2098`	`}`
`2099`	`2099`	`}`
`2100`	`2100`	`else {`
`2101`		`- sprintf(pdata, "%c%ld\n", INT, val);`
	`2101`	`+ snprintf(pdata, sizeof(pdata), "%c%ld\n", INT, val);`
`2102`	`2102`	`len = strlen(pdata);`
`2103`	`2103`	`}`
`2104`	`2104`	`if (_Pickler_Write(self, pdata, len) < 0)`
Original file line number	Diff line number	Diff line change
`@@ -1108,7 +1108,7 @@ _getucname(PyObject *self,`
`1108`	`1108`	`if (buflen < 28)`
`1109`	`1109`	`/* Worst case: CJK UNIFIED IDEOGRAPH-20000 */`
`1110`	`1110`	`return 0;`
`1111`		`- sprintf(buffer, "CJK UNIFIED IDEOGRAPH-%X", code);`
	`1111`	`+ snprintf(buffer, sizeof(buffer), "CJK UNIFIED IDEOGRAPH-%X", code);`
`1112`	`1112`	`return 1;`
`1113`	`1113`	`}`
`1114`	`1114`
Original file line number	Diff line number	Diff line change
`@@ -118,7 +118,7 @@ decode_unicode_with_escapes(Parser parser, const char s, size_t len, Token *t)`
`118`	`118`	`w_len = PyUnicode_GET_LENGTH(w);`
`119`	`119`	`for (i = 0; i < w_len; i++) {`
`120`	`120`	`Py_UCS4 chr = PyUnicode_READ(kind, data, i);`
`121`		`- sprintf(p, "\\U%08x", chr);`
	`121`	`+ snprintf(p, sizeof(p), "\\U%08x", chr);`
`122`	`122`	`p += 10;`
`123`	`123`	`}`
`124`	`124`	`/* Should be impossible to overflow */`
Original file line number	Diff line number	Diff line change
`@@ -124,7 +124,7 @@ static PyObject *`
`124`	`124`	`compile_and_marshal(const char name, const char text)`
`125`	`125`	`{`
`126`	`126`	`char filename = (char ) malloc(strlen(name) + 10);`
`127`		`- sprintf(filename, "<frozen %s>", name);`
	`127`	`+ snprintf(filename, sizeof(filename), "<frozen %s>", name);`
`128`	`128`	`PyObject *code = Py_CompileStringExFlags(text, filename,`
`129`	`129`	`Py_file_input, NULL, 0);`
`130`	`130`	`free(filename);`
Original file line number	Diff line number	Diff line change
`@@ -1239,7 +1239,7 @@ format_float_short(double d, char format_code,`
`1239`	`1239`	`/* Now that we've done zero padding, add an exponent if needed. */`
`1240`	`1240`	`if (use_exp) {`
`1241`	`1241`	`*p++ = float_strings[OFS_E][0];`
`1242`		`- exp_len = sprintf(p, "%+.02d", exp);`
	`1242`	`+ exp_len = snprintf(p, sizeof(p), "%+.02d", exp);`
`1243`	`1243`	`p += exp_len;`
`1244`	`1244`	`}`
`1245`	`1245`	`exit:`