Skip to content

Replace uses of sprintf with snprintf #525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 25, 2023
Merged

Replace uses of sprintf with snprintf #525

merged 1 commit into from
May 25, 2023

Conversation

timwoj
Copy link
Contributor

@timwoj timwoj commented May 24, 2023

The most recent version of the SDK on macOS recently started complaining about sprintf being deprecated, similar to this:

<>/c-ares/src/lib/ares_getnameinfo.c:371:11: warning: 'sprintf' is deprecated: This function is provided for compatibility reasons only.  Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead. [-Wdeprecated-declarations]
          sprintf(&tmpbuf[1], "%u", (unsigned int)addr6->sin6_scope_id);
          ^
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.sdk/usr/include/stdio.h:188:1: note: 'sprintf' has been explicitly marked deprecated here
__deprecated_msg("This function is provided for compatibility reasons only.  Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead.")
^
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX13.3.sdk/usr/include/sys/cdefs.h:215:48: note: expanded from macro '__deprecated_msg'
        #define __deprecated_msg(_msg) __attribute__((__deprecated__(_msg)))

This PR replaces all uses of sprintf with snprintf, with appropriate size values for the buffers used. The only thing I'm concerned about here is this note in src/lib/config-dos.h:

  /* Because djgpp <= 2.03 doesn't have snprintf() etc. */
  #if (DJGPP_MINOR < 4)
    #define _MPRINTF_REPLACE
  #endif

I'm not sure if that's still an issue, and I don't have any way to test that it's good locally. I assume CI covers it.

@bradh352
Copy link
Member

appears this PR causes failures on Windows. I haven't looked deeply at the changeset to see why it might only affect windows, but another PR came in and didn't have windows failures, and I just reissued a re-build of this pr and it still fails so I think that rules out any temporary AppVeyor issues.

@timwoj
Copy link
Contributor Author

timwoj commented May 25, 2023

Interesting, the build itself passed just fine but the tests failed:

[  FAILED  ] DefaultChannelTest.LiveGetNameInfoV6Numeric
[  FAILED  ] DefaultChannelTest.LiveGetNameInfoV6Numeric_virtualized
[  FAILED  ] DefaultChannelTest.LiveGetNameInfoV6LinkLocal
[  FAILED  ] DefaultChannelTest.LiveGetNameInfoV6LinkLocal_virtualized
[  FAILED  ] DefaultChannelTest.LiveGetNameInfoV6NotFound
[  FAILED  ] DefaultChannelTest.LiveGetNameInfoV6NotFound_virtualized

I do have a Windows machine here. I'll see if I can reproduce it.

@timwoj timwoj force-pushed the sprintf-replacement branch from e2f005d to 4e4bb6b Compare May 25, 2023 18:44
@timwoj
Copy link
Contributor Author

timwoj commented May 25, 2023

Fixed it. There was an error in the math in inet_ntop6. Should be good to go now.

@bradh352 bradh352 merged commit 66d0c01 into c-ares:main May 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timwoj @bradh352