sprintf -> PyOS_snprintf in some "obviously safe" cases.

tim-one · tim-one · commit 885d457709c1 · 2001-11-28T20:27:42.000Z
Also changed &lt;&gt;-style #includes to ""-style in some places where the
former didn't make sense.
diff --git a/Demo/pysvr/pysvr.c b/Demo/pysvr/pysvr.c
@@ -25,7 +25,7 @@ can log in on your machine.  Use with caution!
    Python.h defines a typedef destructor, which conflicts with pthread.h.
    So Python.h must be included after pthread.h. */
 
-#include <Python.h>
+#include "Python.h"
 
 extern int Py_VerboseFlag;
 
@@ -364,6 +364,7 @@ static void
 ps(void)
 {
 	char buffer[100];
-	sprintf(buffer, "ps -l -p %d </dev/null | tail +2l\n", getpid());
+	PyOS_snprintf(buffer, sizeof(buffer),
+		      "ps -l -p %d </dev/null | tail +2l\n", getpid());
 	system(buffer);
 }
diff --git a/Modules/_hotshot.c b/Modules/_hotshot.c
@@ -2,11 +2,11 @@
  * This is the High Performance Python Profiler portion of HotShot.
  */
 
-#include <Python.h>
-#include <compile.h>
-#include <eval.h>
-#include <frameobject.h>
-#include <structmember.h>
+#include "Python.h"
+#include "compile.h"
+#include "eval.h"
+#include "frameobject.h"
+#include "structmember.h"
 
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
@@ -1452,12 +1452,12 @@ write_header(ProfilerObject *self)
         pack_add_info(self, "executable-version", buffer);
 
 #ifdef MS_WIN32
-    sprintf(cwdbuffer, "%I64d", frequency.QuadPart);
+    PyOS_snprintf(cwdbuffer, sizeof(cwdbuffer), "%I64d", frequency.QuadPart);
     pack_add_info(self, "reported-performance-frequency", cwdbuffer);
 #else
-    sprintf(cwdbuffer, "%lu", rusage_diff);
+    PyOS_snprintf(cwdbuffer, sizeof(cwdbuffer), "%lu", rusage_diff);
     pack_add_info(self, "observed-interval-getrusage", cwdbuffer);
-    sprintf(cwdbuffer, "%lu", timeofday_diff);
+    PyOS_snprintf(cwdbuffer, sizeof(cwdbuffer), "%lu", timeofday_diff);
     pack_add_info(self, "observed-interval-gettimeofday", cwdbuffer);
 #endif
 
diff --git a/Modules/_localemodule.c b/Modules/_localemodule.c
@@ -376,7 +376,7 @@ PyLocale_getdefaultlocale(PyObject* self, PyObject* args)
     if (!PyArg_NoArgs(args))
         return NULL;
 
-    sprintf(encoding, "cp%d", GetACP());
+    PyOS_snprintf(encoding, sizeof(encoding), "cp%d", GetACP());
 
     if (GetLocaleInfo(LOCALE_USER_DEFAULT,
                       LOCALE_SISO639LANGNAME,
diff --git a/Modules/_testcapimodule.c b/Modules/_testcapimodule.c
@@ -19,7 +19,7 @@ raiseTestError(const char* test_name, const char* msg)
 	if (strlen(test_name) + strlen(msg) > sizeof(buf) - 50)
 		PyErr_SetString(TestError, "internal error msg too large");
 	else {
-		sprintf(buf, "%s: %s", test_name, msg);
+		PyOS_snprintf(buf, sizeof(buf), "%s: %s", test_name, msg);
 		PyErr_SetString(TestError, buf);
 	}
 	return NULL;
@@ -36,7 +36,8 @@ sizeof_error(const char* fatname, const char* typename,
         int expected, int got)
 {
 	char buf[1024];
-	sprintf(buf, "%.200s #define == %d but sizeof(%.200s) == %d",
+	PyOS_snprintf(buf, sizeof(buf), 
+		"%.200s #define == %d but sizeof(%.200s) == %d",
 		fatname, expected, typename, got);
 	PyErr_SetString(TestError, buf);
 	return (PyObject*)NULL;
diff --git a/Modules/_tkinter.c b/Modules/_tkinter.c
@@ -1579,8 +1579,8 @@ Tktt_Repr(PyObject *self)
 	TkttObject *v = (TkttObject *)self;
 	char buf[100];
 
-	sprintf(buf, "<tktimertoken at %p%s>", v,
-		v->func == NULL ? ", handler deleted" : "");
+	PyOS_snprintf(buf, sizeof(buf), "<tktimertoken at %p%s>", v,
+		      v->func == NULL ? ", handler deleted" : "");
 	return PyString_FromString(buf);
 }
 
diff --git a/Modules/arraymodule.c b/Modules/arraymodule.c
@@ -1313,12 +1313,13 @@ array_repr(arrayobject *a)
 	int i, len;
 	len = a->ob_size;
 	if (len == 0) {
-		sprintf(buf, "array('%c')", a->ob_descr->typecode);
+		PyOS_snprintf(buf, sizeof(buf), "array('%c')",
+			      a->ob_descr->typecode);
 		return PyString_FromString(buf);
 	}
 	if (a->ob_descr->typecode == 'c') {
 		PyObject *t_empty = PyTuple_New(0);
-		sprintf(buf, "array('c', ");
+		PyOS_snprintf(buf, sizeof(buf), "array('c', ");
 		s = PyString_FromString(buf);
 		v = array_tostring(a, t_empty);
 		Py_DECREF(t_empty);
@@ -1328,7 +1329,7 @@ array_repr(arrayobject *a)
 		PyString_ConcatAndDel(&s, PyString_FromString(")"));
 		return s;
 	}
-	sprintf(buf, "array('%c', [", a->ob_descr->typecode);
+	PyOS_snprintf(buf, sizeof(buf), "array('%c', [", a->ob_descr->typecode);
 	s = PyString_FromString(buf);
 	comma = PyString_FromString(", ");
 	for (i = 0; i < len && !PyErr_Occurred(); i++) {
diff --git a/Modules/flmodule.c b/Modules/flmodule.c
@@ -370,8 +370,8 @@ static PyObject *
 generic_repr(genericobject *g)
 {
 	char buf[100];
-	sprintf(buf, "<FORMS_object at %p, objclass=%d>",
-		g, g->ob_generic->objclass);
+	PyOS_snprintf(buf, sizeof(buf), "<FORMS_object at %p, objclass=%d>",
+		      g, g->ob_generic->objclass);
 	return PyString_FromString(buf);
 }
 
@@ -1580,8 +1580,8 @@ static PyObject *
 form_repr(formobject *f)
 {
 	char buf[100];
-	sprintf(buf, "<FORMS_form at %p, window=%ld>",
-		f, f->ob_form->window);
+	PyOS_snprintf(buf, sizeof(buf), "<FORMS_form at %p, window=%ld>",
+		      f, f->ob_form->window);
 	return PyString_FromString(buf);
 }
 
diff --git a/Modules/gdbmmodule.c b/Modules/gdbmmodule.c
@@ -477,7 +477,8 @@ dbmopen(PyObject *self, PyObject *args)
                 break;
 #endif
             default:
-                sprintf(buf, "Flag '%c' is not supported.", *flags);
+                PyOS_snprintf(buf, sizeof(buf), "Flag '%c' is not supported.",
+                	      *flags);
                 PyErr_SetString(DbmError, buf);
                 return NULL;
         }
diff --git a/Modules/pcremodule.c b/Modules/pcremodule.c
@@ -263,7 +263,8 @@ PyPcre_expand_escape(unsigned char *pattern, int pattern_len,
 	case('U'):    case('l'):    case('u'):
 	{
 		char message[50];
-		sprintf(message, "\\%c is not allowed", c);
+		PyOS_snprintf(message, sizeof(message),
+			      "\\%c is not allowed", c);
 		PyErr_SetString(ErrorObject, message);
 		return NULL;
 	}
@@ -495,7 +496,7 @@ PyPcre_expand(PyObject *self, PyObject *args)
 				if (result==Py_None)
 				{
 					char message[50];
-					sprintf(message, 
+					PyOS_snprintf(message, sizeof(message),
 						"group did not contribute to the match");
 					PyErr_SetString(ErrorObject, 
 							message);
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
@@ -432,7 +432,8 @@ os2_strerror(char *msgbuf, int msgbuflen, int errorcode, char *reason)
     if (rc == NO_ERROR)
         os2_formatmsg(msgbuf, msglen, reason);
     else
-        sprintf(msgbuf, "unknown OS error #%d", errorcode);
+        PyOS_snprintf(msgbuf, sizeof(msgbuf),
+        	      "unknown OS error #%d", errorcode);
 
     return msgbuf;
 }
@@ -5814,8 +5815,9 @@ static int insertvalues(PyObject *d)
     case 40: ver = "4.00"; break;
     case 50: ver = "5.00"; break;
     default:
-        sprintf(tmp, "%d-%d", values[QSV_VERSION_MAJOR],
-                              values[QSV_VERSION_MINOR]);
+        PyOS_snprintf(tmp, sizeof(tmp),
+        	      "%d-%d", values[QSV_VERSION_MAJOR],
+                      values[QSV_VERSION_MINOR]);
         ver = &tmp[0];
     }
 
diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
@@ -129,7 +129,7 @@ set_error(xmlparseobject *self)
     int column = XML_GetErrorColumnNumber(parser);
     enum XML_Error code = XML_GetErrorCode(parser);
 
-    sprintf(buffer, "%.200s: line %i, column %i",
+    PyOS_snprintf(buffer, sizeof(buffer), "%.200s: line %i, column %i",
             XML_ErrorString(code), lineno, column);
     err = PyObject_CallFunction(ErrorObject, "s", buffer);
     if (  err != NULL
diff --git a/Modules/readline.c b/Modules/readline.c
@@ -165,7 +165,7 @@ set_hook(const char * funcname, PyObject **hook_var, PyThreadState **tstate, PyO
 {
 	PyObject *function = Py_None;
 	char buf[80];
-	sprintf(buf, "|O:set_%.50s", funcname);
+	PyOS_snprintf(buf, sizeof(buf), "|O:set_%.50s", funcname);
 	if (!PyArg_ParseTuple(args, buf, &function))
 		return NULL;
 	if (function == Py_None) {
@@ -181,7 +181,9 @@ set_hook(const char * funcname, PyObject **hook_var, PyThreadState **tstate, PyO
 		*tstate = PyThreadState_Get();
 	}
 	else {
-		sprintf(buf, "set_%.50s(func): argument not callable", funcname);
+		PyOS_snprintf(buf, sizeof(buf),
+			      "set_%.50s(func): argument not callable",
+			      funcname);
 		PyErr_SetString(PyExc_TypeError, buf);
 		return NULL;
 	}
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
@@ -1768,9 +1768,11 @@ PySocketSock_repr(PySocketSockObject *s)
 		return NULL;
 	}
 #endif
-	sprintf(buf,
-		"<socket object, fd=%ld, family=%d, type=%d, protocol=%d>",
-		(long)s->sock_fd, s->sock_family, s->sock_type, s->sock_proto);
+	PyOS_snprintf(buf, sizeof(buf),
+		      "<socket object, fd=%ld, family=%d, type=%d, protocol=%d>",
+		      (long)s->sock_fd, s->sock_family,
+		      s->sock_type,
+		      s->sock_proto);
 	return PyString_FromString(buf);
 }
 
@@ -3056,7 +3058,8 @@ NTinit(void)
 		    "WSAStartup failed: requested version not supported");
 		break;
 	default:
-		sprintf(buf, "WSAStartup failed: error code %d", ret);
+		PyOS_snprintf(buf, sizeof(buf),
+			      "WSAStartup failed: error code %d", ret);
 		PyErr_SetString(PyExc_ImportError, buf);
 		break;
 	}
diff --git a/Modules/stropmodule.c b/Modules/stropmodule.c
@@ -772,7 +772,8 @@ strop_atoi(PyObject *self, PyObject *args)
 		end++;
 	if (*end != '\0') {
   bad:
-		sprintf(buffer, "invalid literal for atoi(): %.200s", s);
+		PyOS_snprintf(buffer, sizeof(buffer),
+			      "invalid literal for atoi(): %.200s", s);
 		PyErr_SetString(PyExc_ValueError, buffer);
 		return NULL;
 	}
@@ -865,12 +866,14 @@ strop_atof(PyObject *self, PyObject *args)
 	while (*end && isspace(Py_CHARMASK(*end)))
 		end++;
 	if (*end != '\0') {
-		sprintf(buffer, "invalid literal for atof(): %.200s", s);
+		PyOS_snprintf(buffer, sizeof(buffer),
+			      "invalid literal for atof(): %.200s", s);
 		PyErr_SetString(PyExc_ValueError, buffer);
 		return NULL;
 	}
 	else if (errno != 0) {
-		sprintf(buffer, "atof() literal too large: %.200s", s);
+		PyOS_snprintf(buffer, sizeof(buffer), 
+			      "atof() literal too large: %.200s", s);
 		PyErr_SetString(PyExc_ValueError, buffer);
 		return NULL;
 	}
diff --git a/Objects/stringobject.c b/Objects/stringobject.c
@@ -2876,7 +2876,9 @@ formatfloat(char *buf, size_t buflen, int flags,
 		prec = 6;
 	if (type == 'f' && fabs(x)/1e25 >= 1e25)
 		type = 'g';
-	sprintf(fmt, "%%%s.%d%c", (flags&F_ALT) ? "#" : "", prec, type);
+	PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%d%c",
+		      (flags&F_ALT) ? "#" : "",
+		      prec, type);
 	/* worst case length calc to ensure no buffer overrun:
 	     fmt = %#.<prec>g
 	     buf = '-' + [0-9]*prec + '.' + 'e+' + (longest exp
@@ -2889,7 +2891,7 @@ formatfloat(char *buf, size_t buflen, int flags,
 			"formatted float is too long (precision too large?)");
 		return -1;
 	}
-	sprintf(buf, fmt, x);
+	PyOS_snprintf(buf, buflen, fmt, x);
 	return strlen(buf);
 }
 
@@ -3047,15 +3049,17 @@ formatint(char *buf, size_t buflen, int flags,
 		return -1;
 	if (prec < 0)
 		prec = 1;
-	sprintf(fmt, "%%%s.%dl%c", (flags&F_ALT) ? "#" : "", prec, type);
+	PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%dl%c",
+		      (flags&F_ALT) ? "#" : "", 
+		      prec, type);
 	/* buf = '+'/'-'/'0'/'0x' + '[0-9]'*max(prec, len(x in octal))
 	   worst case buf = '0x' + [0-9]*prec, where prec >= 11 */
 	if (buflen <= 13 || buflen <= (size_t)2 + (size_t)prec) {
 		PyErr_SetString(PyExc_OverflowError,
 			"formatted integer is too long (precision too large?)");
 		return -1;
 	}
-	sprintf(buf, fmt, x);
+	PyOS_snprintf(buf, buflen, fmt, x);
 	/* When converting 0 under %#x or %#X, C leaves off the base marker,
 	 * but we want it (for consistency with other %#x conversions, and
 	 * for consistency with Python's hex() function).

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ can log in on your machine. Use with caution!`
`25`	`25`	`Python.h defines a typedef destructor, which conflicts with pthread.h.`
`26`	`26`	`So Python.h must be included after pthread.h. */`
`27`	`27`
`28`		`-#include <Python.h>`
	`28`	`+#include "Python.h"`
`29`	`29`
`30`	`30`	`extern int Py_VerboseFlag;`
`31`	`31`
`@@ -364,6 +364,7 @@ static void`
`364`	`364`	`ps(void)`
`365`	`365`	`{`
`366`	`366`	`char buffer[100];`
`367`		`- sprintf(buffer, "ps -l -p %d </dev/null \| tail +2l\n", getpid());`
	`367`	`+ PyOS_snprintf(buffer, sizeof(buffer),`
	`368`	`+ "ps -l -p %d </dev/null \| tail +2l\n", getpid());`
`368`	`369`	`system(buffer);`
`369`	`370`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1579,8 +1579,8 @@ Tktt_Repr(PyObject *self)`
`1579`	`1579`	`TkttObject v = (TkttObject )self;`
`1580`	`1580`	`char buf[100];`
`1581`	`1581`
`1582`		`- sprintf(buf, "<tktimertoken at %p%s>", v,`
`1583`		`- v->func == NULL ? ", handler deleted" : "");`
	`1582`	`+ PyOS_snprintf(buf, sizeof(buf), "<tktimertoken at %p%s>", v,`
	`1583`	`+ v->func == NULL ? ", handler deleted" : "");`
`1584`	`1584`	`return PyString_FromString(buf);`
`1585`	`1585`	`}`
`1586`	`1586`
Original file line number	Diff line number	Diff line change
`@@ -370,8 +370,8 @@ static PyObject *`
`370`	`370`	`generic_repr(genericobject *g)`
`371`	`371`	`{`
`372`	`372`	`char buf[100];`
`373`		`- sprintf(buf, "<FORMS_object at %p, objclass=%d>",`
`374`		`- g, g->ob_generic->objclass);`
	`373`	`+ PyOS_snprintf(buf, sizeof(buf), "<FORMS_object at %p, objclass=%d>",`
	`374`	`+ g, g->ob_generic->objclass);`
`375`	`375`	`return PyString_FromString(buf);`
`376`	`376`	`}`
`377`	`377`
`@@ -1580,8 +1580,8 @@ static PyObject *`
`1580`	`1580`	`form_repr(formobject *f)`
`1581`	`1581`	`{`
`1582`	`1582`	`char buf[100];`
`1583`		`- sprintf(buf, "<FORMS_form at %p, window=%ld>",`
`1584`		`- f, f->ob_form->window);`
	`1583`	`+ PyOS_snprintf(buf, sizeof(buf), "<FORMS_form at %p, window=%ld>",`
	`1584`	`+ f, f->ob_form->window);`
`1585`	`1585`	`return PyString_FromString(buf);`
`1586`	`1586`	`}`
`1587`	`1587`
Original file line number	Diff line number	Diff line change
`@@ -263,7 +263,8 @@ PyPcre_expand_escape(unsigned char *pattern, int pattern_len,`
`263`	`263`	`case('U'): case('l'): case('u'):`
`264`	`264`	`{`
`265`	`265`	`char message[50];`
`266`		`- sprintf(message, "\\%c is not allowed", c);`
	`266`	`+ PyOS_snprintf(message, sizeof(message),`
	`267`	`+ "\\%c is not allowed", c);`
`267`	`268`	`PyErr_SetString(ErrorObject, message);`
`268`	`269`	`return NULL;`
`269`	`270`	`}`
`@@ -495,7 +496,7 @@ PyPcre_expand(PyObject self, PyObject args)`
`495`	`496`	`if (result==Py_None)`
`496`	`497`	`{`
`497`	`498`	`char message[50];`
`498`		`- sprintf(message,`
	`499`	`+ PyOS_snprintf(message, sizeof(message),`
`499`	`500`	`"group did not contribute to the match");`
`500`	`501`	`PyErr_SetString(ErrorObject,`
`501`	`502`	`message);`