cpp: Remove use of unsafe sprintf function and use snprintf

anlambert · Sep 7, 2023 · 672c5ae · 672c5ae
1 parent e61476c
commit 672c5ae
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/library/talipot-core/src/PluginLibraryLoader.cpp b/library/talipot-core/src/PluginLibraryLoader.cpp
@@ -141,8 +141,9 @@ bool PluginLibraryLoader::loadPluginLibrary(const std::string &filename, PluginL
                     nullptr);                       // no inserts
 
       if (!msg) {
-        char scode[128];
-        sprintf(scode, "%s: unable to load(error %d)", filename.c_str(), int(dwErrCode));
+        const size_t size = 128;
+        char scode[size];
+        snprintf(scode, size, "%s: unable to load(error %d)", filename.c_str(), int(dwErrCode));
         loader->aborted(filename, std::string(scode));
       } else {
         loader->aborted(filename, filename + ": " + msg);

diff --git a/utils/crash_handler/StackWalker.cpp b/utils/crash_handler/StackWalker.cpp
@@ -39,15 +39,16 @@ int backtrace(void **buffer, int size) {
 
 char *getStackFrameDetails(void *address) {
   Dl_info dli;
-  char tmp[1024];
+  const size_t size = 1024;
+  char tmp[size];
 
   if (dladdr(address, &dli)) {
     int64_t function_offset =
         reinterpret_cast<int64_t>(address) - reinterpret_cast<int64_t>(dli.dli_saddr);
-    sprintf(tmp, "%s(%s+%p)[%p]", dli.dli_fname, dli.dli_sname,
-            reinterpret_cast<void *>(function_offset), address);
+    snprintf(tmp, size, "%s(%s+%p)[%p]", dli.dli_fname, dli.dli_sname,
+             reinterpret_cast<void *>(function_offset), address);
   } else {
-    sprintf(tmp, "%s(%s+%s)[%p]", "???", "???", "???", address);
+    snprintf(tmp, size, "%s(%s+%s)[%p]", "???", "???", "???", address);
   }
 
   char *ret = new char[strlen(tmp) + 1];