gh-101703: use snprintf instead of sprintf

sobolevn · sobolevn · commit b33fb2d61a14 · 2023-02-09T10:56:07.000+03:00
diff --git a/Modules/_datetimemodule.c b/Modules/_datetimemodule.c
@@ -1559,11 +1559,13 @@ make_freplacement(PyObject *object)
 {
     char freplacement[64];
     if (PyTime_Check(object))
-        sprintf(freplacement, "%06d", TIME_GET_MICROSECOND(object));
+        snprintf(freplacement, sizeof(freplacement),
+                 "%06d", TIME_GET_MICROSECOND(object));
     else if (PyDateTime_Check(object))
-        sprintf(freplacement, "%06d", DATE_GET_MICROSECOND(object));
+        snprintf(freplacement, sizeof(freplacement),
+                 "%06d", DATE_GET_MICROSECOND(object));
     else
-        sprintf(freplacement, "%06d", 0);
+        snprintf(freplacement, sizeof(freplacement), "%06d", 0);
 
     return PyBytes_FromStringAndSize(freplacement, strlen(freplacement));
 }
diff --git a/Modules/_pickle.c b/Modules/_pickle.c
@@ -2098,7 +2098,7 @@ save_long(PicklerObject *self, PyObject *obj)
             }
         }
         else {
-            sprintf(pdata, "%c%ld\n", INT,  val);
+            snprintf(pdata, sizeof(pdata), "%c%ld\n", INT,  val);
             len = strlen(pdata);
         }
         if (_Pickler_Write(self, pdata, len) < 0)
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
@@ -1324,8 +1324,9 @@ _get_peer_alt_names (_sslmodulestate *state, X509 *certificate) {
                 } else if (name->d.ip->length == 16) {
                     /* PyUnicode_FromFormat() does not support %X */
                     unsigned char *p = name->d.ip->data;
-                    len = sprintf(
+                    len = snprintf(
                         buf,
+                        sizeof(buf),
                         "%X:%X:%X:%X:%X:%X:%X:%X",
                         p[0] << 8 | p[1],
                         p[2] << 8 | p[3],
diff --git a/Modules/_testcapimodule.c b/Modules/_testcapimodule.c
@@ -1097,7 +1097,8 @@ test_capsule(PyObject *self, PyObject *Py_UNUSED(ignored))
 #undef FAIL
 #define FAIL(x) \
         { \
-        sprintf(buffer, "%s module: \"%s\" attribute: \"%s\"", \
+        snprintf(buffer, sizeof(buffer), \
+            "%s module: \"%s\" attribute: \"%s\"", \
             x, known->module, known->attribute); \
         error = buffer; \
         goto exit; \
diff --git a/Modules/getnameinfo.c b/Modules/getnameinfo.c
@@ -139,7 +139,7 @@ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags)
     if (serv == NULL || servlen == 0) {
         /* what we should do? */
     } else if (flags & NI_NUMERICSERV) {
-        sprintf(numserv, "%d", ntohs(port));
+        snprintf(numserv, sizeof(numserv), "%d", ntohs(port));
         if (strlen(numserv) > servlen)
             return ENI_MEMORY;
         strcpy(serv, numserv);
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
@@ -1302,11 +1302,11 @@ makebdaddr(bdaddr_t *bdaddr)
         octets[i] = ((*bdaddr) >> (8 * i)) & 0xFF;
     }
 
-    sprintf(buf, "%02X:%02X:%02X:%02X:%02X:%02X",
+    snprintf(buf, sizeof(buf), "%02X:%02X:%02X:%02X:%02X:%02X",
         octets[5], octets[4], octets[3],
         octets[2], octets[1], octets[0]);
 #else
-    sprintf(buf, "%02X:%02X:%02X:%02X:%02X:%02X",
+    snprintf(buf, sizeof(buf), "%02X:%02X:%02X:%02X:%02X:%02X",
         bdaddr->b[5], bdaddr->b[4], bdaddr->b[3],
         bdaddr->b[2], bdaddr->b[1], bdaddr->b[0]);
 #endif
diff --git a/Objects/bytesobject.c b/Objects/bytesobject.c
@@ -270,40 +270,43 @@ PyBytes_FromFormatV(const char *format, va_list vargs)
 
         case 'd':
             if (longflag) {
-                sprintf(buffer, "%ld", va_arg(vargs, long));
+                snprintf(buffer, sizeof(buffer), "%ld", va_arg(vargs, long));
             }
             else if (size_tflag) {
-                sprintf(buffer, "%zd", va_arg(vargs, Py_ssize_t));
+                snprintf(buffer, sizeof(buffer),
+                         "%zd", va_arg(vargs, Py_ssize_t));
             }
             else {
-                sprintf(buffer, "%d", va_arg(vargs, int));
+                snprintf(buffer, sizeof(buffer), "%d", va_arg(vargs, int));
             }
             assert(strlen(buffer) < sizeof(buffer));
             WRITE_BYTES(buffer);
             break;
 
         case 'u':
             if (longflag) {
-                sprintf(buffer, "%lu", va_arg(vargs, unsigned long));
+                snprintf(buffer, sizeof(buffer),
+                         "%lu", va_arg(vargs, unsigned long));
             }
             else if (size_tflag) {
-                sprintf(buffer, "%zu", va_arg(vargs, size_t));
+                snprintf(buffer, sizeof(buffer), "%zu", va_arg(vargs, size_t));
             }
             else {
-                sprintf(buffer, "%u", va_arg(vargs, unsigned int));
+                snprintf(buffer, sizeof(buffer),
+                         "%u", va_arg(vargs, unsigned int));
             }
             assert(strlen(buffer) < sizeof(buffer));
             WRITE_BYTES(buffer);
             break;
 
         case 'i':
-            sprintf(buffer, "%i", va_arg(vargs, int));
+            snprintf(buffer, sizeof(buffer), "%i", va_arg(vargs, int));
             assert(strlen(buffer) < sizeof(buffer));
             WRITE_BYTES(buffer);
             break;
 
         case 'x':
-            sprintf(buffer, "%x", va_arg(vargs, int));
+            snprintf(buffer, sizeof(buffer), "%x", va_arg(vargs, int));
             assert(strlen(buffer) < sizeof(buffer));
             WRITE_BYTES(buffer);
             break;
@@ -329,7 +332,7 @@ PyBytes_FromFormatV(const char *format, va_list vargs)
         }
 
         case 'p':
-            sprintf(buffer, "%p", va_arg(vargs, void*));
+            snprintf(buffer, sizeof(buffer), "%p", va_arg(vargs, void*));
             assert(strlen(buffer) < sizeof(buffer));
             /* %p is ill-defined:  ensure leading 0x. */
             if (buffer[1] == 'X')
diff --git a/Objects/typeobject.c b/Objects/typeobject.c
@@ -4730,7 +4730,8 @@ type_traverse(PyTypeObject *type, visitproc visit, void *arg)
        for heaptypes. */
     if (!(type->tp_flags & Py_TPFLAGS_HEAPTYPE)) {
         char msg[200];
-        sprintf(msg, "type_traverse() called on non-heap type '%.100s'",
+        snprintf(msg, sizeof(msg),
+                "type_traverse() called on non-heap type '%.100s'",
                 type->tp_name);
         _PyObject_ASSERT_FAILED_MSG((PyObject *)type, msg);
     }
diff --git a/Python/specialize.c b/Python/specialize.c
@@ -232,7 +232,7 @@ _Py_PrintSpecializationStats(int to_file)
         hex_name[40] = '\0';
         char buf[64];
         assert(strlen(dirname) + 40 + strlen(".txt") < 64);
-        sprintf(buf, "%s%s.txt", dirname, hex_name);
+        snprintf(buf, sizeof(buf), "%s%s.txt", dirname, hex_name);
         FILE *fout = fopen(buf, "w");
         if (fout) {
             out = fout;
@@ -1084,7 +1084,7 @@ PyObject *descr, DescriptorClassification kind)
             if (dict) {
                 SPECIALIZATION_FAIL(LOAD_ATTR, SPEC_FAIL_ATTR_NOT_MANAGED_DICT);
                 return 0;
-            }  
+            }
             assert(owner_cls->tp_dictoffset > 0);
             assert(owner_cls->tp_dictoffset <= INT16_MAX);
             _py_set_opcode(instr, LOAD_ATTR_METHOD_LAZY_DICT);

Original file line number	Diff line number	Diff line change
`@@ -2098,7 +2098,7 @@ save_long(PicklerObject self, PyObject obj)`
`2098`	`2098`	`}`
`2099`	`2099`	`}`
`2100`	`2100`	`else {`
`2101`		`- sprintf(pdata, "%c%ld\n", INT, val);`
	`2101`	`+ snprintf(pdata, sizeof(pdata), "%c%ld\n", INT, val);`
`2102`	`2102`	`len = strlen(pdata);`
`2103`	`2103`	`}`
`2104`	`2104`	`if (_Pickler_Write(self, pdata, len) < 0)`