From: Viktor Szakats Date: Tue, 25 Nov 2025 02:35:40 +0000 (+0100) Subject: curlx: replace `sprintf` with `snprintf` X-Git-Tag: rc-8_18_0-1~153 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=62683ad3f49aeb60ab311cf52aacc5630116418a;p=thirdparty%2Fcurl.git curlx: replace `sprintf` with `snprintf` To avoid using a deprecated function on Windows. Also: de-dupe `SNPRINTF` definition in curlx. Closes #19681 --- diff --git a/lib/Makefile.inc b/lib/Makefile.inc index cad02c8237..85faa875e0 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -50,6 +50,7 @@ LIB_CURLX_HFILES = \ curlx/inet_pton.h \ curlx/multibyte.h \ curlx/nonblock.h \ + curlx/snprintf.h \ curlx/strerr.h \ curlx/strparse.h \ curlx/timediff.h \ diff --git a/lib/curl_setup.h b/lib/curl_setup.h index 0e5ebb60c9..664aa14325 100644 --- a/lib/curl_setup.h +++ b/lib/curl_setup.h @@ -95,8 +95,7 @@ unlink(), etc. */ #endif #ifndef _CRT_SECURE_NO_WARNINGS -#define _CRT_SECURE_NO_WARNINGS /* for getenv(), gmtime(), sprintf(), - strcpy(), +#define _CRT_SECURE_NO_WARNINGS /* for getenv(), gmtime(), strcpy(), in tests: localtime(), sscanf() */ #endif #endif /* _MSC_VER */ diff --git a/lib/curlx/inet_ntop.c b/lib/curlx/inet_ntop.c index d4053f1a60..771af81474 100644 --- a/lib/curlx/inet_ntop.c +++ b/lib/curlx/inet_ntop.c @@ -32,6 +32,7 @@ #endif #include "inet_ntop.h" +#include "snprintf.h" #define IN6ADDRSZ 16 /* #define INADDRSZ 4 */ @@ -61,13 +62,12 @@ static char *inet_ntop4(const unsigned char *src, char *dst, size_t size) DEBUGASSERT(size >= 16); - /* this sprintf() does not overflow the buffer. Avoids snprintf to work more - widely. Avoids the msnprintf family to work as a curlx function. */ - (void)(sprintf)(tmp, "%d.%d.%d.%d", - ((int)((unsigned char)src[0])) & 0xff, - ((int)((unsigned char)src[1])) & 0xff, - ((int)((unsigned char)src[2])) & 0xff, - ((int)((unsigned char)src[3])) & 0xff); + /* this snprintf() does not overflow the buffer. */ + SNPRINTF(tmp, sizeof(tmp), "%d.%d.%d.%d", + ((int)((unsigned char)src[0])) & 0xff, + ((int)((unsigned char)src[1])) & 0xff, + ((int)((unsigned char)src[2])) & 0xff, + ((int)((unsigned char)src[3])) & 0xff); len = strlen(tmp); if(len == 0 || len >= size) { diff --git a/lib/curlx/snprintf.h b/lib/curlx/snprintf.h new file mode 100644 index 0000000000..266ea137fa --- /dev/null +++ b/lib/curlx/snprintf.h @@ -0,0 +1,36 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + * SPDX-License-Identifier: curl + * + ***************************************************************************/ + +/* Raw snprintf() for curlx */ + +#ifdef WITHOUT_LIBCURL /* when built for the test servers */ +#if defined(_MSC_VER) && (_MSC_VER < 1900) /* adjust for old MSVC */ +#define SNPRINTF _snprintf +#else +#define SNPRINTF snprintf +#endif +#else /* !WITHOUT_LIBCURL */ +#include +#define SNPRINTF curl_msnprintf +#endif /* WITHOUT_LIBCURL */ diff --git a/lib/curlx/strerr.c b/lib/curlx/strerr.c index 376f68b0b2..c33d107011 100644 --- a/lib/curlx/strerr.c +++ b/lib/curlx/strerr.c @@ -34,21 +34,8 @@ #include -#ifndef WITHOUT_LIBCURL -#include -#define SNPRINTF curl_msnprintf -#else -/* when built for the test servers */ - -/* adjust for old MSVC */ -#if defined(_MSC_VER) && (_MSC_VER < 1900) -#define SNPRINTF _snprintf -#else -#define SNPRINTF snprintf -#endif -#endif /* !WITHOUT_LIBCURL */ - #include "winapi.h" +#include "snprintf.h" #include "strerr.h" /* The last 2 #include files should be in this order */ #include "../curl_memory.h" diff --git a/lib/curlx/winapi.c b/lib/curlx/winapi.c index 7b3d6b6036..4cacbcb618 100644 --- a/lib/curlx/winapi.c +++ b/lib/curlx/winapi.c @@ -29,20 +29,7 @@ */ #ifdef _WIN32 #include "winapi.h" - -#ifndef WITHOUT_LIBCURL -#include -#define SNPRINTF curl_msnprintf -#else -/* when built for the test servers */ - -/* adjust for old MSVC */ -#if defined(_MSC_VER) && (_MSC_VER < 1900) -#define SNPRINTF _snprintf -#else -#define SNPRINTF snprintf -#endif -#endif /* !WITHOUT_LIBCURL */ +#include "snprintf.h" /* This is a helper function for curlx_strerror that converts Windows API error * codes (GetLastError) to error messages. diff --git a/src/Makefile.inc b/src/Makefile.inc index fa55837552..6e5e31f806 100644 --- a/src/Makefile.inc +++ b/src/Makefile.inc @@ -54,6 +54,7 @@ CURLX_HFILES = \ ../lib/curlx/fopen.h \ ../lib/curlx/multibyte.h \ ../lib/curlx/nonblock.h \ + ../lib/curlx/snprintf.h \ ../lib/curlx/strerr.h \ ../lib/curlx/strparse.h \ ../lib/curlx/timediff.h \