[CWEB] Replace 'sprintf' with 'snprintf'.

Apple's XCode 14 (Clang) issues deprecation warnings for the 'sprintf' system function (from <stdio.h>) when used with C++. As I am compiling CWEB as C++ code (locally, not in TeX Live), I became aware of this possible future issue. While common.w diligently checks user-provided file names for possible buffer overflows before invoking 'sprintf' (sections 77--79), I replace the uses of 'sprintf' in ctangle.w and cweave.w and cweav-twill.ch with the safer 'snprintf' alternative. git-svn-id: svn://tug.org/texlive/trunk/Build/source@67794 c570f23f-e606-0410-a88d-b1316a301751
TeX-Live · Aug 2, 2023 · fd3a887 · fd3a887
1 parent df80c5d
commit fd3a887
Show file tree

Hide file tree

Showing 8 changed files with 28 additions and 18 deletions.
diff --git a/texk/web2c/ctangleboot.cin b/texk/web2c/ctangleboot.cin
@@ -517,9 +517,9 @@ cur_out_file= end_output_files= output_files+max_files;
 /*:46*//*58:*/
 #line 696 "cwebdir/ctangle.w"
 
-{
-int i;
-for(i= 0;i<0200;i++)sprintf(translit[i],"X%02X",(unsigned int)(0200+i));
+{int i;
+for(i= 0;i<0200;i++)
+snprintf(translit[i],translit_length,"X%02X",(unsigned int)(0200+i));
 }
 
 #line 178 "cwebdir/ctang-w2c.ch"

diff --git a/texk/web2c/cwebdir/ChangeLog b/texk/web2c/cwebdir/ChangeLog
@@ -1,3 +1,12 @@
+2023-08-02  Andreas Scherer  <https://ascherer.github.io>
+
+	* ctang-bs.ch,
+	* ctangle.c,
+	* ctangle.w,
+	* ctwill-w2c.ch,
+	* cweave.w,
+	* system.bux: Replace 'sprintf' with 'snprintf'.
+
 2023-08-01  Andreas Scherer  <https://ascherer.github.io>
 
 	* comm-w2c.ch,

diff --git a/texk/web2c/cwebdir/ctang-bs.ch b/texk/web2c/cwebdir/ctang-bs.ch
@@ -154,10 +154,10 @@ text_ptr=text_info+1; text_ptr->tok_start=tok_mem;
 out_char(
 eight_bits cur_char)
 {
-  char *j, *k; /* pointer into |byte_mem| */
+  char *j; /* pointer into |byte_mem| */
 @y
 out_char(cur_char)
 eight_bits cur_char;
 {
-  char huge* j, huge* k; /* pointer into |byte_mem| */
+  char huge* j; /* pointer into |byte_mem| */
 @z
diff --git a/texk/web2c/cwebdir/ctangle.c b/texk/web2c/cwebdir/ctangle.c
@@ -485,9 +485,9 @@ cur_out_file= end_output_files= output_files+max_files;
 /*:46*//*58:*/
 #line 696 "ctangle.w"
 
-{
-int i;
-for(i= 0;i<0200;i++)sprintf(translit[i],"X%02X",(unsigned int)(0200+i));
+{int i;
+for(i= 0;i<0200;i++)
+snprintf(translit[i],translit_length,"X%02X",(unsigned int)(0200+i));
 }
 
 /*:58*//*63:*/

diff --git a/texk/web2c/cwebdir/ctangle.w b/texk/web2c/cwebdir/ctangle.w
@@ -694,9 +694,9 @@ This makes debugging a lot less confusing.
 static char translit[0200][translit_length];
 
 @ @<Set init...@>=
-{
-  int i;
-  for (i=0;i<0200;i++) sprintf(translit[i],"X%02X",(unsigned int)(0200+i));
+{ int i;
+  for (i=0;i<0200;i++)
+     snprintf(translit[i],translit_length,"X%02X",(unsigned int)(0200+i));
 }
 
 @ @<Case of an identifier@>=@t\1\quad@>

diff --git a/texk/web2c/cwebdir/ctwill-w2c.ch b/texk/web2c/cwebdir/ctwill-w2c.ch
@@ -1854,15 +1854,15 @@ placed on the list, unless they are reserved and their current
 @ @c static void
 out_mini(
   meaning_struct *m)
-{ char s[60];
+{ char s[90];
   name_pointer cur_name=m->id;
   if (m->prog_no==0) { /* reference within current program */
     if (m->sec_no==section_count) return; /* defined in current section */
-    sprintf(s,"\\[%d",m->sec_no);
+    snprintf(s,90,"\\[%d",m->sec_no);
   } else { name_pointer n=title_code[m->prog_no];
     if (*(n->byte_start)=='{')
-      sprintf(s,"\\]%.*s%d",(int)length(n),n->byte_start,m->sec_no);
-    else sprintf(s,"\\]%.*s",(int)length(n),n->byte_start);
+      snprintf(s,90,"\\]%.*s%d",(int)length(n),n->byte_start,m->sec_no);
+    else snprintf(s,90,"\\]%.*s",(int)length(n),n->byte_start);
   }
   out_str(s); out(' ');
   @<Mini-output the name at |cur_name|@>@;

diff --git a/texk/web2c/cwebdir/cweave.w b/texk/web2c/cwebdir/cweave.w
@@ -1482,7 +1482,7 @@ out_section(
 sixteen_bits n)
 {
   char s[6];
-  sprintf(s,"%d",(int)n); out_str(s);
+  snprintf(s,6,"%d",(int)n); out_str(s);
   if (changed_section[n]) out_str("\\*");
 @.\\*@>
 }
@@ -4236,7 +4236,7 @@ else {
   group_found=true;
   out_str("\\N");
 @.\\N@>
-  {@+ char s[32];@+sprintf(s,"{%d}",sec_depth+1);@+out_str(s);@+}
+  {@+ char s[32];@+snprintf(s,32,"{%d}",sec_depth+1);@+out_str(s);@+}
   if (show_progress)
   printf("*%d",(int)section_count); update_terminal(); /* print a progress report */
 }

diff --git a/texk/web2c/cwebdir/system.bux b/texk/web2c/cwebdir/system.bux
@@ -26,8 +26,9 @@
 @$puts "<stdio.h>" \zip@>
 @$rename "<stdio.h>" \zip@>
 @$remove "<stdio.h>" \zip@>
-@$sscanf "<stdio.h>" \zip@>
+@$snprintf "<stdio.h>" \zip@>
 @$sprintf "<stdio.h>" \zip@>
+@$sscanf "<stdio.h>" \zip@>
 @$stderr "<stdio.h>" \zip@>
 @$stdin "<stdio.h>" \zip@>
 @$stdout "<stdio.h>" \zip@>