Use snprintf instead of sprintf

[jclehner]

Use snprintf instead of sprintf to avoid potential (security) issues when encountering a ridiculously long CLASSPATH.

[rovo89]

Thanks. That would avoid overwriting memory (it would reserve one byte for the terminating character, right?). But there would likely be a crash in that (theoretical) case where anyone sets such a long CLASSPATH because anything after 4095 characters is cut off. So I think such a check would require checking whether the current classpath plus separator and the jar path fit into the buffer and don't even attempt to add Xposed in that case. I think this will never happen anyway, but if we touch this, I would like to make sure that it's a complete fix.

[jclehner]

Okay this patch lets addXposedToClasspath return false if the string would be longer than 4096 bytes. As to your question regarding snprintf: the buffer size includes the \0 byte.

[rovo89]

Ok, that looks like an elegant solution.

[rovo89]

I need to test it myself before merging it though ;)