diff --git a/src/port/snprintf.c b/src/port/snprintf.c index e037cf0a88..81d9c8c274 100644 --- a/src/port/snprintf.c +++ b/src/port/snprintf.c @@ -998,8 +998,8 @@ fmtptr(const void *value, PrintfTarget *target) int vallen; char convert[64]; - /* we rely on regular C library's sprintf to do the basic conversion */ - vallen = sprintf(convert, "%p", value); + /* we rely on regular C library's snprintf to do the basic conversion */ + vallen = snprintf(convert, sizeof(convert), "%p", value); if (vallen < 0) target->failed = true; else @@ -1149,11 +1149,11 @@ fmtfloat(double value, char type, int forcesign, int leftjust, int padlen; /* amount to pad with spaces */ /* - * We rely on the regular C library's sprintf to do the basic conversion, + * We rely on the regular C library's snprintf to do the basic conversion, * then handle padding considerations here. * * The dynamic range of "double" is about 1E+-308 for IEEE math, and not - * too wildly more than that with other hardware. In "f" format, sprintf + * too wildly more than that with other hardware. In "f" format, snprintf * could therefore generate at most 308 characters to the left of the * decimal point; while we need to allow the precision to get as high as * 308+17 to ensure that we don't truncate significant digits from very @@ -1205,14 +1205,14 @@ fmtfloat(double value, char type, int forcesign, int leftjust, fmt[2] = '*'; fmt[3] = type; fmt[4] = '\0'; - vallen = sprintf(convert, fmt, prec, value); + vallen = snprintf(convert, sizeof(convert), fmt, prec, value); } else { fmt[0] = '%'; fmt[1] = type; fmt[2] = '\0'; - vallen = sprintf(convert, fmt, value); + vallen = snprintf(convert, sizeof(convert), fmt, value); } if (vallen < 0) goto fail; @@ -1341,7 +1341,7 @@ pg_strfromd(char *str, size_t count, int precision, double value) fmt[2] = '*'; fmt[3] = 'g'; fmt[4] = '\0'; - vallen = sprintf(convert, fmt, precision, value); + vallen = snprintf(convert, sizeof(convert), fmt, precision, value); if (vallen < 0) { target.failed = true;