From f76c31f50ed0cca018591cc2d0b43837d6224f7d Mon Sep 17 00:00:00 2001
From: =?utf8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Thu, 26 Jan 2023 20:49:41 +0100
Subject: [PATCH] Avoid usage of sprintf

sprintf(3) does not take the destination buffer into account. Although
the destination in these case is large enough, sprintf(3) indicates a
code smell.

Use snprintf(3).
---
 lib/subordinateio.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/subordinateio.c b/lib/subordinateio.c
index b5f5b91a2..31470c846 100644
--- a/lib/subordinateio.c
+++ b/lib/subordinateio.c
@@ -222,7 +222,8 @@ static const struct subordinate_range *find_range(struct commonio_db *db,
          */
         struct passwd *pwd;
         uid_t          owner_uid;
-        char           owner_uid_string[33] = "";
+        char           owner_uid_string[33];
+        int ret;
 
 
         /* Get UID of the username we are looking for */
@@ -232,7 +233,9 @@ static const struct subordinate_range *find_range(struct commonio_db *db,
                 return NULL;
         }
         owner_uid = pwd->pw_uid;
-        sprintf(owner_uid_string, "%lu", (unsigned long int)owner_uid);
+        ret = snprintf(owner_uid_string, sizeof (owner_uid_string), "%lu", (unsigned long int)owner_uid);
+        if (ret < 0 || (size_t)ret >= sizeof (owner_uid_string))
+                return NULL;
 
         commonio_rewind(db);
         while ((range = commonio_next(db)) != NULL) {
-- 
2.47.2