Skip to content

Navigation Menu

Sign in

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 450ee70

Browse filesBrowse files
tglsfdctglsfdc
committed
Use libc's snprintf, not sprintf, for special cases in snprintf.c.
snprintf.c has always fallen back on libc's *printf implementation when printing pointers (%p) and floats. When this code originated, we were still supporting some platforms that lacked native snprintf, so we used sprintf for that. That's not actually unsafe in our usage, but nonetheless builds on macOS are starting to complain about sprintf being unconditionally deprecated; and I wouldn't be surprised if other platforms follow suit. There seems little reason to believe that any platform supporting C99 wouldn't have standards-compliant snprintf, so let's just use that instead to suppress such warnings. Back-patch to v12, which is where we started to require C99. It's also where we started to use our snprintf.c everywhere, so this wouldn't be enough to suppress the warning in older branches anyway --- that is, in older branches these aren't necessarily all our usages of libc's sprintf. It is enough in v12+ because any deprecation annotation attached to libc's sprintf won't apply to pg_sprintf. (Whether all our usages of pg_sprintf are adequately safe is not a matter I intend to address here, but perhaps it could do with some review.) Per report from Andres Freund and local testing. Discussion: https://postgr.es/m/20221015211955.q4cwbsfkyk3c4ty3@awork3.anarazel.de
1 parent 9a95a51 commit 450ee70
Copy full SHA for 450ee70

File tree

1 file changed

+7
-7
lines changed
Filter options

1 file changed

+7
-7
lines changed

‎src/port/snprintf.c

Copy file name to clipboardExpand all lines: src/port/snprintf.c
+7-7Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -998,8 +998,8 @@ fmtptr(const void *value, PrintfTarget *target)
998998
int vallen;
999999
char convert[64];
10001000

1001-
/* we rely on regular C library's sprintf to do the basic conversion */
1002-
vallen = sprintf(convert, "%p", value);
1001+
/* we rely on regular C library's snprintf to do the basic conversion */
1002+
vallen = snprintf(convert, sizeof(convert), "%p", value);
10031003
if (vallen < 0)
10041004
target->failed = true;
10051005
else
@@ -1149,11 +1149,11 @@ fmtfloat(double value, char type, int forcesign, int leftjust,
11491149
int padlen; /* amount to pad with spaces */
11501150

11511151
/*
1152-
* We rely on the regular C library's sprintf to do the basic conversion,
1152+
* We rely on the regular C library's snprintf to do the basic conversion,
11531153
* then handle padding considerations here.
11541154
*
11551155
* The dynamic range of "double" is about 1E+-308 for IEEE math, and not
1156-
* too wildly more than that with other hardware. In "f" format, sprintf
1156+
* too wildly more than that with other hardware. In "f" format, snprintf
11571157
* could therefore generate at most 308 characters to the left of the
11581158
* decimal point; while we need to allow the precision to get as high as
11591159
* 308+17 to ensure that we don't truncate significant digits from very
@@ -1205,14 +1205,14 @@ fmtfloat(double value, char type, int forcesign, int leftjust,
12051205
fmt[2] = '*';
12061206
fmt[3] = type;
12071207
fmt[4] = '\0';
1208-
vallen = sprintf(convert, fmt, prec, value);
1208+
vallen = snprintf(convert, sizeof(convert), fmt, prec, value);
12091209
}
12101210
else
12111211
{
12121212
fmt[0] = '%';
12131213
fmt[1] = type;
12141214
fmt[2] = '\0';
1215-
vallen = sprintf(convert, fmt, value);
1215+
vallen = snprintf(convert, sizeof(convert), fmt, value);
12161216
}
12171217
if (vallen < 0)
12181218
goto fail;
@@ -1341,7 +1341,7 @@ pg_strfromd(char *str, size_t count, int precision, double value)
13411341
fmt[2] = '*';
13421342
fmt[3] = 'g';
13431343
fmt[4] = '\0';
1344-
vallen = sprintf(convert, fmt, precision, value);
1344+
vallen = snprintf(convert, sizeof(convert), fmt, precision, value);
13451345
if (vallen < 0)
13461346
{
13471347
target.failed = true;

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.