From: Yann Collet <cyan@fb.com>
Date: Sun, 25 Feb 2024 07:03:40 +0000 (-0800)
Subject: removed sprintf usage from zstdcli.c
X-Git-Tag: v1.5.6^2~59^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F3916%2Fhead;p=thirdparty%2Fzstd.git

removed sprintf usage from zstdcli.c

some static analyzers flag this standard C90 function as unsafe.
---

diff --git a/programs/zstdcli.c b/programs/zstdcli.c
index 85d0e12d7..1cb16ef50 100644
--- a/programs/zstdcli.c
+++ b/programs/zstdcli.c
@@ -318,7 +318,7 @@ static void usageAdvanced(const char* programName)
 
 static void badUsage(const char* programName, const char* parameter)
 {
-    DISPLAYLEVEL(1, "Incorrect parameter: %s\n", parameter);
+    DISPLAYLEVEL(1, "Incorrect parameter: %s \n", parameter);
     if (g_displayLevel >= 2) usage(stderr, programName);
 }
 
@@ -1148,7 +1148,6 @@ int main(int argCount, const char* argv[])
 
             argument++;
             while (argument[0]!=0) {
-                char shortArgument[3];
 
 #ifndef ZSTD_NOCOMPRESS
                 /* compression Level */
@@ -1281,9 +1280,11 @@ int main(int argCount, const char* argv[])
 
                     /* unknown command */
                 default :
-                    sprintf(shortArgument, "-%c", argument[0]);
-                    badUsage(programName, shortArgument);
-                    CLEAN_RETURN(1);
+                    {   char shortArgument[3] = {'-', 0, 0};
+                        shortArgument[1] = argument[0];
+                        badUsage(programName, shortArgument);
+                        CLEAN_RETURN(1);
+                    }
                 }
             }
             continue;