New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[3rdParty] Pine: Replace sprintf with snprintf to silence compiler warning #12773
Conversation
This fixes the following compiler deprecation warning `warning: 'sprintf' is deprecated: This function is provided for compatibility reasons only. Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead.`
This should probably be checked by @GovanifY |
You use sizeof on the yet-uninitialized variable. This leads it to return an undefined value (which will probably be 0, as uninitialized values usually are set to 0 but the array could as well be, say, filled with 0xCC for debugging making the size unpredictable and past the array's size). The way you propose it is unsafe but doing a |
Everything is safe with unitialized values unless you actually rely on their values to be specific, and sizeof doesn't care about it. Example:
d is 0 and there is no undefined behavior here. |
The sizeof is in this case either used directly on a pointer (
) which returns the size of the pointer or the empty array. |
Yeah he needs to write simply |
See for yourself what I mean: ➜ tmp (nix-shell) cat test.cpp gcc
#include <stdio.h>
#include <string>
int main() {
char* hash = new char[256];
printf("%lu", sizeof(hash));
return 0;
}
➜ tmp (nix-shell) g++ test.cpp gcc
➜ tmp (nix-shell) ./a.out gcc
8⏎ For sizeof, I misconstrued it as C's behaviour, which is NOT always compile-time (and thus safe in this case), so that one's on me (or even more probably as an strlen). |
Yeah, he/you (depending on who is reading) can just use the size directly from the std::string. |
Sorry but I'm not a C++ dev and am not very knowledgable about it. How exactly do you recommend for me to amend it? Writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The = 0x00;
are useless as snprintf nul-terminates, and had an off-by-one error (which should have been caught by ASAN when developing the server, but I did not commit this port).
This fixes the following compiler deprecation warning
warning: 'sprintf' is deprecated: This function is provided for compatibility reasons only. Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead.