diff --git a/examples/dbcrypt/CryptApplication.cpp b/examples/dbcrypt/CryptApplication.cpp index 0738f04e974..fc0cbeb1571 100644 --- a/examples/dbcrypt/CryptApplication.cpp +++ b/examples/dbcrypt/CryptApplication.cpp @@ -113,7 +113,7 @@ class App throw "setDbCryptCallback"; char s[256]; - sprintf(s, "localhost:%s", dbName); + snprintf(s, sizeof(s), "localhost:%s", dbName); att = p->attachDatabase(status, s, 0, NULL); if (status->getState() & IStatus::STATE_ERRORS) throw "attachDatabase"; diff --git a/examples/empbuild/empbuild.epp b/examples/empbuild/empbuild.epp index db6551dec8e..e534b5fcf5f 100644 --- a/examples/empbuild/empbuild.epp +++ b/examples/empbuild/empbuild.epp @@ -74,7 +74,7 @@ else /* Create the database */ printf ("creating database %s\n", Db_name); -sprintf (cmd, "CREATE DATABASE \"%s\"", Db_name); +snprintf(cmd, sizeof(cmd), "CREATE DATABASE \"%s\"", Db_name); gds_trans = 0; EXEC SQL EXECUTE IMMEDIATE :cmd; @@ -94,7 +94,7 @@ if (SQLCODE) } printf ("Turning forced writes off\n"); -sprintf (cmd, "gfix -write async %s", Db_name); +snprintf(cmd, sizeof(cmd), "gfix -write async %s", Db_name); if (system (cmd)) { printf ("Couldn't turn forced writes off\n"); @@ -102,7 +102,7 @@ if (system (cmd)) } printf ("Creating tables\n"); -sprintf (cmd, "isql %s -q -i empddl.sql", Db_name); +snprintf(cmd, sizeof(cmd), "isql %s -q -i empddl.sql", Db_name); if (system (cmd)) { printf ("Couldn't create tables \n"); @@ -110,7 +110,7 @@ if (system (cmd)) } printf ("Turning off indices and triggers \n"); -sprintf (cmd, "isql %s -i indexoff.sql", Db_name); +snprintf(cmd, sizeof(cmd), "isql %s -i indexoff.sql", Db_name); if (system (cmd)) { printf ("Couldn't turn off indices and triggers \n"); @@ -118,7 +118,7 @@ if (system (cmd)) } printf ("Loading column data\n"); -sprintf (cmd, "isql %s -i empdml.sql", Db_name); +snprintf(cmd, sizeof(cmd), "isql %s -i empdml.sql", Db_name); if (system (cmd)) { printf ("Couldn't load column data \n"); @@ -126,7 +126,7 @@ if (system (cmd)) } printf ("Turning on indices and triggers \n"); -sprintf (cmd, "isql %s -i indexon.sql", Db_name); +snprintf(cmd, sizeof(cmd), "isql %s -i indexon.sql", Db_name); if (system (cmd)) { printf ("Couldn't turn on indices and triggers \n"); diff --git a/examples/extauth/TcWrapper.cpp b/examples/extauth/TcWrapper.cpp index d4feacebb92..9428f5c462c 100644 --- a/examples/extauth/TcWrapper.cpp +++ b/examples/extauth/TcWrapper.cpp @@ -58,7 +58,7 @@ void check(ThrowStatusWrapper* status, int err, const char* text) return; char buf[256]; - sprintf(buf, "%s: %s", text, error_to_string(err)); + snprintf(buf, sizeof(buf), "%s: %s", text, error_to_string(err)); error(status, buf); } diff --git a/examples/interfaces/04.print_table.cpp b/examples/interfaces/04.print_table.cpp index b5d7521657e..00c0dcc4953 100644 --- a/examples/interfaces/04.print_table.cpp +++ b/examples/interfaces/04.print_table.cpp @@ -106,7 +106,7 @@ int main() default: { - sprintf(s, "Unknown type %d for %s", t, meta->getField(&status, j)); + snprintf(s, sizeof(s), "Unknown type %d for %s", t, meta->getField(&status, j)); throw s; } continue; diff --git a/examples/replication/fbSampleReplicator.cpp b/examples/replication/fbSampleReplicator.cpp index fcf59537b20..ee2f59fcf21 100644 --- a/examples/replication/fbSampleReplicator.cpp +++ b/examples/replication/fbSampleReplicator.cpp @@ -117,7 +117,7 @@ static const ISC_STATUS wrn[] = { isc_arg_gds, isc_random, isc_arg_string, (ISC_ ReplPlugin::ReplPlugin(IPluginConfig* conf) { char fn[100]; - sprintf(fn, "session_%08x_%d.log", (unsigned)time(nullptr), logCounter++); + snprintf(fn, sizeof(fn), "session_%08x_%d.log", (unsigned)time(nullptr), logCounter++); log = fopen(fn, "w"); WriteLog(log, "%p\tReplicatedSession constructed\n", this); status = master->getStatus(); diff --git a/examples/udr/Triggers.cpp b/examples/udr/Triggers.cpp index f397b9a373b..581b1aa3c68 100644 --- a/examples/udr/Triggers.cpp +++ b/examples/udr/Triggers.cpp @@ -135,7 +135,8 @@ FB_UDR_BEGIN_TRIGGER(replicate) const char* name = triggerMetadata->getField(status, i); strcat(buffer, " p"); - sprintf(buffer + strlen(buffer), "%d type of column \"%s\".\"%s\" = ?", i, table, name); + const size_t buflen = strlen(buffer); + snprintf(buffer + buflen, sizeof(buffer) - buflen, "%d type of column \"%s\".\"%s\" = ?", i, table, name); } strcat(buffer, @@ -175,7 +176,8 @@ FB_UDR_BEGIN_TRIGGER(replicate) if (i > 0) strcat(buffer, ", "); strcat(buffer, ":p"); - sprintf(buffer + strlen(buffer), "%d", i); + const size_t buflen = strlen(buffer); + snprintf(buffer + buflen, sizeof(buffer) - buflen, "%d", i); } strcat(buffer, ")\n on external data source '"); diff --git a/src/burp/mvol.cpp b/src/burp/mvol.cpp index b407df134ef..0de64b44b67 100644 --- a/src/burp/mvol.cpp +++ b/src/burp/mvol.cpp @@ -2119,7 +2119,7 @@ bool MVOL_split_hdr_write() time_t seconds = time(NULL); Firebird::string nm = tdgbl->toSystem(tdgbl->action->act_file->fil_name); - sprintf(buffer, "%s%.24s , file No. %4d of %4d, %-27.27s", + snprintf(buffer, sizeof(buffer), "%s%.24s , file No. %4d of %4d, %-27.27s", HDR_SPLIT_TAG, ctime(&seconds), tdgbl->action->act_file->fil_seq, tdgbl->action->act_total, nm.c_str()); diff --git a/src/common/DecFloat.cpp b/src/common/DecFloat.cpp index 51557f567b9..37904c26e61 100644 --- a/src/common/DecFloat.cpp +++ b/src/common/DecFloat.cpp @@ -386,8 +386,8 @@ Decimal64 Decimal64::set(Int128 value, DecimalStatus decSt, int scale) Decimal64 Decimal64::set(SINT64 value, DecimalStatus decSt, int scale) { { - char s[30]; // for sure enough for int64 - sprintf(s, "%" SQUADFORMAT, value); + char s[30]; + snprintf(s, sizeof(s), "%" SQUADFORMAT, value); DecimalContext context(this, decSt); decDoubleFromString(&dec, s, &context); } @@ -408,7 +408,7 @@ Decimal64 Decimal64::set(const char* value, DecimalStatus decSt) Decimal64 Decimal64::set(double value, DecimalStatus decSt) { char s[50]; - sprintf(s, "%.016e", value); + snprintf(s, sizeof(s), "%.016e", value); DecimalContext context(this, decSt); decDoubleFromString(&dec, s, &context); @@ -685,7 +685,7 @@ Decimal128 Decimal128::set(const char* value, DecimalStatus decSt) Decimal128 Decimal128::set(double value, DecimalStatus decSt) { char s[50]; - sprintf(s, "%.016e", value); + snprintf(s, sizeof(s), "%.016e", value); DecimalContext context(this, decSt); decQuadFromString(&dec, s, &context); diff --git a/src/common/SimilarToRegex.cpp b/src/common/SimilarToRegex.cpp index b1b30ed0b4d..dbe2c7eff78 100644 --- a/src/common/SimilarToRegex.cpp +++ b/src/common/SimilarToRegex.cpp @@ -501,7 +501,7 @@ namespace if (c > 0) { - sprintf(hex, "\\x00-\\x{%X}", (int) c - 1); + snprintf(hex, sizeof(hex), "\\x00-\\x{%X}", (int) c - 1); re2PatternStr.append(hex); } @@ -510,7 +510,7 @@ namespace if (c < maxChar) { - sprintf(hex, "\\x{%X}-\\x{%X}", (int) c + 1, maxChar); + snprintf(hex, sizeof(hex), "\\x{%X}-\\x{%X}", (int) c + 1, maxChar); re2PatternStr.append(hex); } } @@ -572,7 +572,7 @@ namespace else if (invalidInclude) { char str[30]; - sprintf(str, "[^\\x{0}-\\x{%X}]", maxChar); + snprintf(str, sizeof(str), "[^\\x{0}-\\x{%X}]", maxChar); re2PatternStr.append(str); } else diff --git a/src/common/StatusArg.cpp b/src/common/StatusArg.cpp index af22d32d51f..361512c30f0 100644 --- a/src/common/StatusArg.cpp +++ b/src/common/StatusArg.cpp @@ -407,19 +407,19 @@ Num::Num(ISC_STATUS s) noexcept : Int64::Int64(SINT64 val) noexcept : Str(text) { - sprintf(text, "%" SQUADFORMAT, val); + snprintf(text, sizeof(text), "%" SQUADFORMAT, val); } Int64::Int64(FB_UINT64 val) noexcept : Str(text) { - sprintf(text, "%" UQUADFORMAT, val); + snprintf(text, sizeof(text), "%" UQUADFORMAT, val); } Quad::Quad(const ISC_QUAD* quad) noexcept : Str(text) { - sprintf(text, "%x:%x", quad->gds_quad_high, quad->gds_quad_low); + snprintf(text, sizeof(text), "%x:%x", quad->gds_quad_high, quad->gds_quad_low); } Interpreted::Interpreted(const char* text) noexcept : diff --git a/src/common/classes/MsgPrint.cpp b/src/common/classes/MsgPrint.cpp index f5a451ccf7e..d38a7b4252d 100644 --- a/src/common/classes/MsgPrint.cpp +++ b/src/common/classes/MsgPrint.cpp @@ -52,7 +52,7 @@ const FB_SIZE_T MAX_STRING = 1 << 16; // Generic functions. int decode(uint64_t value, char* const rc, int radix = 10); int decode(int64_t value, char* const rc, int radix = 10); -int decode(double value, char* rc); +int decode(double value, char* const rc, const size_t sz); int adjust_prefix(int radix, int rev, bool is_neg, char* const rc); int MsgPrintHelper(BaseStream& out_stream, const safe_cell& item); @@ -131,9 +131,10 @@ int decode(int64_t value, char* const rc, int radix) // Stub that relies on the printf family to write a double using "g" // for smallest representation in text form. -int decode(double value, char* rc) +int decode(double value, char* const rc, const size_t sz) { - return sprintf(rc, "%g", value); + int n = snprintf(rc, sz, "%g", value); + return std::min(n, static_cast(sz - 1)); } @@ -203,7 +204,7 @@ int MsgPrintHelper(BaseStream& out_stream, const safe_cell& item) case safe_cell::at_double: { char s[DECODE_BUF_SIZE]; - int n = decode(item.d_value, s); + int n = decode(item.d_value, s, sizeof(s)); return out_stream.write(s, n); } case safe_cell::at_str: diff --git a/src/common/cvt.cpp b/src/common/cvt.cpp index 788d473a8a8..74de0058c8d 100644 --- a/src/common/cvt.cpp +++ b/src/common/cvt.cpp @@ -2361,70 +2361,73 @@ static void datetime_to_text(const dsc* from, dsc* to, Callbacks* cb) // Decode the timestamp into human readable terms - // yyyy-mm-dd hh:mm:ss.tttt +th:tm OR dd-MMM-yyyy hh:mm:ss.tttt +th:tm - TEXT temp[27 + TimeZoneUtil::MAX_LEN]; - TEXT* p = temp; + string temp; + // yyyy-mm-dd hh:mm:ss.tttt [{ +th:tm | zone-name }] OR dd-MMM-yyyy hh:mm:ss.tttt [{ +th:tm | zone-name }] + temp.reserve(26 + TimeZoneUtil::MAX_LEN); // Make a textual date for data types that include it if (!from->isTime()) { + // yyyy-mm-dd OR dd-MMM-yyyy + nul-termination + char dateStr[11 + 1]; if (from->dsc_dtype == dtype_sql_date || !version4) { - sprintf(p, "%4.4d-%2.2d-%2.2d", + snprintf(dateStr, sizeof(dateStr), "%4.4d-%2.2d-%2.2d", times.tm_year + 1900, times.tm_mon + 1, times.tm_mday); } else { // Prior to BLR version 5 timestamps were converted to text in the dd-MMM-yyyy format - sprintf(p, "%2.2d-%.3s-%4.4d", + snprintf(dateStr, sizeof(dateStr), "%2.2d-%.3s-%4.4d", times.tm_mday, FB_LONG_MONTHS_UPPER[times.tm_mon], times.tm_year + 1900); } - - while (*p) - p++; + temp.append(dateStr); } // Put in a space to separate date & time components if (from->isTimeStamp() && !version4) - *p++ = ' '; + temp.append(" "); // Add the time part for data types that include it if (from->dsc_dtype != dtype_sql_date) { + // hh:mm:ss.tttt + nul-termination + char timeStr[13 + 1]; if (from->isTime() || !version4) { - sprintf(p, "%2.2d:%2.2d:%2.2d.%4.4d", + snprintf(timeStr, sizeof(timeStr), "%2.2d:%2.2d:%2.2d.%4.4d", times.tm_hour, times.tm_min, times.tm_sec, fractions); } else if (times.tm_hour || times.tm_min || times.tm_sec || fractions) { // Timestamp formating prior to BLR Version 5 is slightly different - sprintf(p, " %d:%.2d:%.2d.%.4d", + snprintf(timeStr, sizeof(timeStr), " %d:%.2d:%.2d.%.4d", times.tm_hour, times.tm_min, times.tm_sec, fractions); } - - while (*p) - p++; + temp.append(timeStr); } if (from->isDateTimeTz()) { - *p++ = ' '; - p += TimeZoneUtil::format(p, sizeof(temp) - (p - temp), timezone, !tzLookup); + temp.append(" "); + // [{ +th:tm | zone-name }] + nul-termination + char tzStr[TimeZoneUtil::MAX_LEN + 1]; + TimeZoneUtil::format(tzStr, sizeof(tzStr), timezone, !tzLookup); + temp.append(tzStr); } // Move the text version of the date/time value into the destination dsc desc; MOVE_CLEAR(&desc, sizeof(desc)); - desc.dsc_address = (UCHAR*) temp; + desc.dsc_address = (UCHAR*) temp.c_str(); desc.dsc_dtype = dtype_text; desc.dsc_ttype() = ttype_ascii; - desc.dsc_length = (p - temp); + desc.dsc_length = static_cast(temp.length()); if (from->isTimeStamp() && version4) { diff --git a/src/common/isc_sync.cpp b/src/common/isc_sync.cpp index 6b468907391..7e5359bcc1c 100644 --- a/src/common/isc_sync.cpp +++ b/src/common/isc_sync.cpp @@ -886,28 +886,29 @@ ULONG ISC_exception_post(ULONG sig_num, const TEXT* err_msg, ISC_STATUS& /*isc_e err_msg = ""; } - TEXT* const log_msg = (TEXT *) gds__alloc(strlen(err_msg) + 256); + const size_t msgsz = strlen(err_msg) + 256; + TEXT* const log_msg = (TEXT *) gds__alloc(static_cast(msgsz)); // NOMEM: crash! log_msg[0] = '\0'; switch (sig_num) { case SIGSEGV: - sprintf(log_msg, "%s Segmentation Fault.\n" + snprintf(log_msg, msgsz, "%s Segmentation Fault.\n" "\t\tThe code attempted to access memory\n" "\t\twithout privilege to do so.\n" "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg); break; case SIGBUS: - sprintf(log_msg, "%s Bus Error.\n" + snprintf(log_msg, msgsz, "%s Bus Error.\n" "\t\tThe code caused a system bus error.\n" "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg); break; case SIGILL: - sprintf(log_msg, "%s Illegal Instruction.\n" + snprintf(log_msg, msgsz, "%s Illegal Instruction.\n" "\t\tThe code attempted to perform an\n" "\t\tillegal operation." "\tThis exception will cause the Firebird server\n" @@ -915,14 +916,14 @@ ULONG ISC_exception_post(ULONG sig_num, const TEXT* err_msg, ISC_STATUS& /*isc_e break; case SIGFPE: - sprintf(log_msg, "%s Floating Point Error.\n" + snprintf(log_msg, msgsz, "%s Floating Point Error.\n" "\t\tThe code caused an arithmetic exception\n" "\t\tor floating point exception." "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg); break; default: - sprintf(log_msg, "%s Unknown Exception.\n" + snprintf(log_msg, msgsz, "%s Unknown Exception.\n" "\t\tException number %" ULONGFORMAT"." "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg, sig_num); @@ -932,8 +933,10 @@ ULONG ISC_exception_post(ULONG sig_num, const TEXT* err_msg, ISC_STATUS& /*isc_e if (err_msg) { gds__log(log_msg); - gds__free(log_msg); } + + gds__free(log_msg); + abort(); return 0; // compiler silencer @@ -968,35 +971,36 @@ ULONG ISC_exception_post(ULONG except_code, const TEXT* err_msg, ISC_STATUS& isc err_msg = ""; } - TEXT* log_msg = (TEXT*) gds__alloc(static_cast(strlen(err_msg) + 256)); + const size_t msgsz = strlen(err_msg) + 256; + TEXT* const log_msg = (TEXT*)gds__alloc(static_cast(msgsz)); // NOMEM: crash! log_msg[0] = '\0'; switch (except_code) { case EXCEPTION_ACCESS_VIOLATION: - sprintf(log_msg, "%s Access violation.\n" + snprintf(log_msg, msgsz, "%s Access violation.\n" "\t\tThe code attempted to access a virtual\n" "\t\taddress without privilege to do so.\n" "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg); break; case EXCEPTION_DATATYPE_MISALIGNMENT: - sprintf(log_msg, "%s Datatype misalignment.\n" + snprintf(log_msg, msgsz, "%s Datatype misalignment.\n" "\t\tThe attempted to read or write a value\n" "\t\tthat was not stored on a memory boundary.\n" "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg); break; case EXCEPTION_ARRAY_BOUNDS_EXCEEDED: - sprintf(log_msg, "%s Array bounds exceeded.\n" + snprintf(log_msg, msgsz, "%s Array bounds exceeded.\n" "\t\tThe code attempted to access an array\n" "\t\telement that is out of bounds.\n" "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg); break; case EXCEPTION_FLT_DENORMAL_OPERAND: - sprintf(log_msg, "%s Float denormal operand.\n" + snprintf(log_msg, msgsz, "%s Float denormal operand.\n" "\t\tOne of the floating-point operands is too\n" "\t\tsmall to represent as a standard floating-point\n" "\t\tvalue.\n" @@ -1004,56 +1008,56 @@ ULONG ISC_exception_post(ULONG except_code, const TEXT* err_msg, ISC_STATUS& isc "\tto terminate abnormally.", err_msg); break; case EXCEPTION_FLT_DIVIDE_BY_ZERO: - sprintf(log_msg, "%s Floating-point divide by zero.\n" + snprintf(log_msg, msgsz, "%s Floating-point divide by zero.\n" "\t\tThe code attempted to divide a floating-point\n" "\t\tvalue by a floating-point divisor of zero.\n" "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg); break; case EXCEPTION_FLT_INEXACT_RESULT: - sprintf(log_msg, "%s Floating-point inexact result.\n" + snprintf(log_msg, msgsz, "%s Floating-point inexact result.\n" "\t\tThe result of a floating-point operation cannot\n" "\t\tbe represented exactly as a decimal fraction.\n" "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg); break; case EXCEPTION_FLT_INVALID_OPERATION: - sprintf(log_msg, "%s Floating-point invalid operand.\n" + snprintf(log_msg, msgsz, "%s Floating-point invalid operand.\n" "\t\tAn indeterminant error occurred during a\n" "\t\tfloating-point operation.\n" "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg); break; case EXCEPTION_FLT_OVERFLOW: - sprintf(log_msg, "%s Floating-point overflow.\n" + snprintf(log_msg, msgsz, "%s Floating-point overflow.\n" "\t\tThe exponent of a floating-point operation\n" "\t\tis greater than the magnitude allowed.\n" "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg); break; case EXCEPTION_FLT_STACK_CHECK: - sprintf(log_msg, "%s Floating-point stack check.\n" + snprintf(log_msg, msgsz, "%s Floating-point stack check.\n" "\t\tThe stack overflowed or underflowed as the\n" "result of a floating-point operation.\n" "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg); break; case EXCEPTION_FLT_UNDERFLOW: - sprintf(log_msg, "%s Floating-point underflow.\n" + snprintf(log_msg, msgsz, "%s Floating-point underflow.\n" "\t\tThe exponent of a floating-point operation\n" "\t\tis less than the magnitude allowed.\n" "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg); break; case EXCEPTION_INT_DIVIDE_BY_ZERO: - sprintf(log_msg, "%s Integer divide by zero.\n" + snprintf(log_msg, msgsz, "%s Integer divide by zero.\n" "\t\tThe code attempted to divide an integer value\n" "\t\tby an integer divisor of zero.\n" "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg); break; case EXCEPTION_INT_OVERFLOW: - sprintf(log_msg, "%s Interger overflow.\n" + snprintf(log_msg, msgsz, "%s Interger overflow.\n" "\t\tThe result of an integer operation caused the\n" "\t\tmost significant bit of the result to carry.\n" "\tThis exception will cause the Firebird server\n" @@ -1061,7 +1065,7 @@ ULONG ISC_exception_post(ULONG except_code, const TEXT* err_msg, ISC_STATUS& isc break; case EXCEPTION_STACK_OVERFLOW: isc_error = isc_exception_stack_overflow; - result = (ULONG) EXCEPTION_EXECUTE_HANDLER; + result = EXCEPTION_EXECUTE_HANDLER; is_critical = false; break; @@ -1086,7 +1090,7 @@ ULONG ISC_exception_post(ULONG except_code, const TEXT* err_msg, ISC_STATUS& isc is_critical = false; break; default: - sprintf (log_msg, "%s An exception occurred that does\n" + snprintf(log_msg, msgsz, "%s An exception occurred that does\n" "\t\tnot have a description. Exception number %" XLONGFORMAT".\n" "\tThis exception will cause the Firebird server\n" "\tto terminate abnormally.", err_msg, except_code); @@ -1807,7 +1811,7 @@ SharedMemoryBase::SharedMemoryBase(const TEXT* filename, ULONG length, IpcObject // Create the real file mapping object. TEXT mapping_name[64]; // enough for int32 as text - sprintf(mapping_name, "_mapping_%" ULONGFORMAT, header_address[1]); + snprintf(mapping_name, sizeof(mapping_name), "_mapping_%" ULONGFORMAT, header_address[1]); if (!make_object_name(object_name, sizeof(object_name), filename, mapping_name)) { @@ -2299,7 +2303,7 @@ static bool initializeFastMutex(FAST_MUTEX* lpMutex, LPSECURITY_ATTRIBUTES lpAtt char sz[MAXPATHLEN]; if (lpName) { - sprintf(sz, FAST_MUTEX_EVT_NAME, lpName); + snprintf(sz, sizeof(sz), FAST_MUTEX_EVT_NAME, lpName); name = sz; } @@ -2316,7 +2320,7 @@ static bool initializeFastMutex(FAST_MUTEX* lpMutex, LPSECURITY_ATTRIBUTES lpAtt SetHandleInformation(lpMutex->hEvent, HANDLE_FLAG_INHERIT, 0); if (lpName) - sprintf(sz, FAST_MUTEX_MAP_NAME, lpName); + snprintf(sz, sizeof(sz), FAST_MUTEX_MAP_NAME, lpName); lpMutex->hFileMap = CreateFileMapping( INVALID_HANDLE_VALUE, @@ -2595,7 +2599,7 @@ bool SharedMemoryBase::remapFile(CheckStatusWrapper* statusVector, while (true) { TEXT mapping_name[64]; // enough for int32 as text - sprintf(mapping_name, "_mapping_%" ULONGFORMAT, sh_mem_hdr_address[1] + 1); + snprintf(mapping_name, sizeof(mapping_name), "_mapping_%" ULONGFORMAT, sh_mem_hdr_address[1] + 1); TEXT object_name[MAXPATHLEN]; if (!make_object_name(object_name, sizeof(object_name), sh_mem_name, mapping_name)) diff --git a/src/common/os/guid.h b/src/common/os/guid.h index 9c79cdd5331..6dcf85b8e22 100644 --- a/src/common/os/guid.h +++ b/src/common/os/guid.h @@ -121,6 +121,7 @@ class Guid memcpy(&m_data, buffer, SIZE); } + [[deprecated("use toString(char* buffer, size_t sz)")]] void toString(char* buffer) const { sprintf(buffer, GUID_FORMAT, @@ -129,17 +130,25 @@ class Guid m_data.Data4[4], m_data.Data4[5], m_data.Data4[6], m_data.Data4[7]); } + void toString(char* buffer, size_t sz) const + { + snprintf(buffer, sz, GUID_FORMAT, + m_data.Data1, m_data.Data2, m_data.Data3, + m_data.Data4[0], m_data.Data4[1], m_data.Data4[2], m_data.Data4[3], + m_data.Data4[4], m_data.Data4[5], m_data.Data4[6], m_data.Data4[7]); + } + Firebird::string toString() const { Firebird::string result; - toString(result.getBuffer(GUID_BUFF_SIZE - 1)); + toString(result.getBuffer(GUID_BUFF_SIZE - 1), GUID_BUFF_SIZE); return result; } Firebird::PathName toPathName() const { Firebird::PathName result; - toString(result.getBuffer(GUID_BUFF_SIZE - 1)); + toString(result.getBuffer(GUID_BUFF_SIZE - 1), GUID_BUFF_SIZE); return result; } diff --git a/src/common/os/win32/isc_ipc.cpp b/src/common/os/win32/isc_ipc.cpp index 883516af1c8..9defcb65b87 100644 --- a/src/common/os/win32/isc_ipc.cpp +++ b/src/common/os/win32/isc_ipc.cpp @@ -199,7 +199,7 @@ HANDLE ISC_make_signal(bool /*create_flag*/, bool manual_reset, int process_idL, return CreateEvent(NULL, man_rst, FALSE, NULL); TEXT event_name[BUFFER_TINY]; - sprintf(event_name, SHARED_EVENT, process_idL, signal_number); + snprintf(event_name, sizeof(event_name), SHARED_EVENT, process_idL, signal_number); if (!fb_utils::private_kernel_object_name(event_name, sizeof(event_name))) { diff --git a/src/common/pretty.cpp b/src/common/pretty.cpp index d1a0e6956dd..416c5a56c1d 100644 --- a/src/common/pretty.cpp +++ b/src/common/pretty.cpp @@ -60,6 +60,16 @@ struct ctl SSHORT ctl_language; SSHORT ctl_level; TEXT ctl_buffer[PRETTY_BUFFER_SIZE]; + + void reset() noexcept { + ctl_ptr = ctl_buffer; + } + + size_t remaining() const noexcept { + if (!ctl_ptr) + return 0; + return sizeof(ctl_buffer) - (ctl_ptr - ctl_buffer); + } }; @@ -80,7 +90,7 @@ static int print_word(ctl*); static inline void CHECK_BUFFER(ctl* control, SSHORT offset) { - if (control->ctl_ptr > control->ctl_buffer + sizeof(control->ctl_buffer) - 20) + if (control->remaining() < 20) print_line(control, offset); } @@ -138,8 +148,8 @@ int PRETTY_print_cdb(const UCHAR* blr, FPTR_PRINT_CALLBACK routine, void* user_a control->ctl_routine = routine; control->ctl_user_arg = user_arg; control->ctl_blr = control->ctl_blr_start = blr; - control->ctl_ptr = control->ctl_buffer; control->ctl_language = language; + control->reset(); SSHORT level = 0; indent(control, level); @@ -147,9 +157,9 @@ int PRETTY_print_cdb(const UCHAR* blr, FPTR_PRINT_CALLBACK routine, void* user_a SCHAR temp[32]; if (*control->ctl_blr) - sprintf(temp, "gds__dpb_version%d, ", i); + snprintf(temp, sizeof(temp), "gds__dpb_version%d, ", i); else - sprintf(temp, "gds__dpb_version%d", i); + snprintf(temp, sizeof(temp), "gds__dpb_version%d", i); blr_format(control, temp); SSHORT offset = 0; @@ -199,8 +209,8 @@ int PRETTY_print_dyn(const UCHAR* blr, FPTR_PRINT_CALLBACK routine, void* user_a control->ctl_routine = routine; control->ctl_user_arg = user_arg; control->ctl_blr = control->ctl_blr_start = blr; - control->ctl_ptr = control->ctl_buffer; control->ctl_language = language; + control->reset(); const SSHORT version = BLR_BYTE; @@ -241,8 +251,8 @@ int PRETTY_print_sdl(const UCHAR* blr, FPTR_PRINT_CALLBACK routine, void *user_a control->ctl_routine = routine; control->ctl_user_arg = user_arg; control->ctl_blr = control->ctl_blr_start = blr; - control->ctl_ptr = control->ctl_buffer; control->ctl_language = language; + control->reset(); const SSHORT version = BLR_BYTE; @@ -275,10 +285,9 @@ static int blr_format(ctl* control, const char *string, ...) va_list ptr; va_start(ptr, string); - vsprintf(control->ctl_ptr, string, ptr); + vsnprintf(control->ctl_ptr, control->remaining(), string, ptr); va_end(ptr); - while (*control->ctl_ptr) - control->ctl_ptr++; + ADVANCE_PTR(control->ctl_ptr); return 0; } @@ -293,7 +302,7 @@ static int error( ctl* control, SSHORT offset, const TEXT* string, int arg) { print_line(control, offset); - sprintf(control->ctl_ptr, string, arg); + snprintf(control->ctl_ptr, control->remaining(), string, arg); fprintf(stderr, "%s", control->ctl_ptr); ADVANCE_PTR(control->ctl_ptr); print_line(control, offset); @@ -514,7 +523,8 @@ static void print_blr_line(void* arg, SSHORT offset, const char* line) static int print_byte( ctl* control) { const UCHAR v = BLR_BYTE; - sprintf(control->ctl_ptr, control->ctl_language ? "chr(%d), " : "%d, ", v); + snprintf(control->ctl_ptr, control->remaining(), + control->ctl_language ? "chr(%d), " : "%d, ", v); ADVANCE_PTR(control->ctl_ptr); return v; @@ -532,7 +542,8 @@ static int print_char( ctl* control, SSHORT offset) const bool printable = (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || c == '$' || c == '_'; - sprintf(control->ctl_ptr, printable ? "'%c'," : control->ctl_language ? "chr(%d)," : "%d,", c); + snprintf(control->ctl_ptr, control->remaining(), + printable ? "'%c'," : control->ctl_language ? "chr(%d)," : "%d,", c); ADVANCE_PTR(control->ctl_ptr); CHECK_BUFFER(control, offset); @@ -732,10 +743,9 @@ static int print_dyn_verb( ctl* control, SSHORT level) static int print_line( ctl* control, SSHORT offset) { - *control->ctl_ptr = 0; (*control->ctl_routine) (control->ctl_user_arg, offset, control->ctl_buffer); - control->ctl_ptr = control->ctl_buffer; + control->reset(); return 0; } @@ -751,9 +761,9 @@ static SLONG print_long( ctl* control) const UCHAR v2 = BLR_BYTE; const UCHAR v3 = BLR_BYTE; const UCHAR v4 = BLR_BYTE; - sprintf(control->ctl_ptr, control->ctl_language ? - "chr(%d),chr(%d),chr(%d),chr(%d) " : "%d,%d,%d,%d, ", - v1, v2, v3, v4); + snprintf(control->ctl_ptr, control->remaining(), + control->ctl_language ? "chr(%d),chr(%d),chr(%d),chr(%d) " : "%d,%d,%d,%d, ", + v1, v2, v3, v4); ADVANCE_PTR(control->ctl_ptr); return v1 | (v2 << 8) | (v3 << 16) | (v4 << 24); @@ -892,7 +902,8 @@ static int print_word( ctl* control) { const UCHAR v1 = BLR_BYTE; const UCHAR v2 = BLR_BYTE; - sprintf(control->ctl_ptr, control->ctl_language ? "chr(%d),chr(%d), " : "%d,%d, ", v1, v2); + snprintf(control->ctl_ptr, control->remaining(), + control->ctl_language ? "chr(%d),chr(%d), " : "%d,%d, ", v1, v2); ADVANCE_PTR(control->ctl_ptr); return (v2 << 8) | v1; diff --git a/src/dsql/DdlNodes.epp b/src/dsql/DdlNodes.epp index 4cdcfeb0228..ae4eed7a0b7 100644 --- a/src/dsql/DdlNodes.epp +++ b/src/dsql/DdlNodes.epp @@ -7652,7 +7652,7 @@ void AlterRelationNode::execute(thread_db* tdbb, DsqlCompilerScratch* dsqlScratc //// TODO: /*** char linecol[64]; - sprintf(linecol, "At line %d, column %d.", (int) dsqlNode->line, (int) dsqlNode->column); + snprintf(linecol, sizeof(linecol), "At line %d, column %d.", (int) dsqlNode->line, (int) dsqlNode->column); ***/ status_exception::raise( @@ -12686,8 +12686,9 @@ void GrantRevokeNode::setFieldClassName(thread_db* tdbb, jrd_tra* transaction, MODIFY RFR while (!unique) { - sprintf(RFR.RDB$SECURITY_CLASS, "%s%" SQUADFORMAT, SQL_FLD_SECCLASS_PREFIX, - DPM_gen_id(tdbb, MET_lookup_generator(tdbb, SQL_SECCLASS_GENERATOR), false, 1)); + snprintf(RFR.RDB$SECURITY_CLASS, sizeof(RFR.RDB$SECURITY_CLASS), "%s%" SQUADFORMAT, + SQL_FLD_SECCLASS_PREFIX, + DPM_gen_id(tdbb, MET_lookup_generator(tdbb, SQL_SECCLASS_GENERATOR), false, 1)); unique = true; diff --git a/src/dsql/DsqlCompilerScratch.cpp b/src/dsql/DsqlCompilerScratch.cpp index 72bae15b09d..80f852b533b 100644 --- a/src/dsql/DsqlCompilerScratch.cpp +++ b/src/dsql/DsqlCompilerScratch.cpp @@ -90,8 +90,7 @@ void DsqlCompilerScratch::putDtype(const TypeClause* field, bool useSubType) if (field->dtype > FB_NELEM(blr_dtypes) || !blr_dtypes[field->dtype]) { SCHAR buffer[100]; - - sprintf(buffer, "Invalid dtype %d in BlockNode::putDtype", field->dtype); + snprintf(buffer, sizeof(buffer), "Invalid dtype %d in BlockNode::putDtype", field->dtype); ERRD_bugcheck(buffer); } #endif @@ -190,8 +189,7 @@ void DsqlCompilerScratch::putType(const TypeClause* type, bool useSubType) if (type->dtype > FB_NELEM(blr_dtypes) || !blr_dtypes[type->dtype]) { SCHAR buffer[100]; - - sprintf(buffer, "Invalid dtype %d in put_dtype", type->dtype); + snprintf(buffer, sizeof(buffer), "Invalid dtype %d in put_dtype", type->dtype); ERRD_bugcheck(buffer); } #endif diff --git a/src/dsql/dsql.cpp b/src/dsql/dsql.cpp index 5140e1130a2..95429ced2d9 100644 --- a/src/dsql/dsql.cpp +++ b/src/dsql/dsql.cpp @@ -1022,7 +1022,8 @@ static void sql_info(thread_db* tdbb, --lineLen; char offsetStr[10]; - const auto offsetLen = sprintf(offsetStr, "%5d", (int) offset); + const auto offsetLen = snprintf(offsetStr, sizeof(offsetStr), + "%5d", (int) offset); localPath.push(reinterpret_cast(offsetStr), offsetLen); localPath.push(' '); diff --git a/src/dsql/pass1.cpp b/src/dsql/pass1.cpp index 1a01c6c3d23..66c34bb7d72 100644 --- a/src/dsql/pass1.cpp +++ b/src/dsql/pass1.cpp @@ -752,8 +752,9 @@ void PASS1_field_unknown(const TEXT* qualifier_name, const TEXT* field_name, if (qualifier_name) { - sprintf(field_buffer, "%.*s.%.*s", (int) MAX_SQL_IDENTIFIER_LEN, qualifier_name, - (int) MAX_SQL_IDENTIFIER_LEN, field_name ? field_name : "*"); + snprintf(field_buffer, sizeof(field_buffer), "%.*s.%.*s", + (int) MAX_SQL_IDENTIFIER_LEN, qualifier_name, + (int) MAX_SQL_IDENTIFIER_LEN, field_name ? field_name : "*"); field_name = field_buffer; } @@ -1191,7 +1192,7 @@ RseNode* PASS1_derived_table(DsqlCompilerScratch* dsqlScratch, SelectExprNode* i // Construct dummy fieldname char fieldname[25]; - sprintf(fieldname, "f%u", static_cast(count)); + snprintf(fieldname, sizeof(fieldname), "f%u", static_cast(count)); // Make new derived field node. diff --git a/src/gpre/c_cxx.cpp b/src/gpre/c_cxx.cpp index 1bf5c01abd0..af9b565764d 100644 --- a/src/gpre/c_cxx.cpp +++ b/src/gpre/c_cxx.cpp @@ -850,7 +850,7 @@ static void gen_based( const act* action, int column) default: { TEXT s[MAX_CURSOR_SIZE]; - sprintf(s, "datatype %d unknown\n", field->fld_dtype); + snprintf(s, sizeof(s), "datatype %d unknown\n", field->fld_dtype); CPR_error(s); return; } @@ -960,7 +960,7 @@ isc_close_blob (%V1, &%BH);\n\ args.pat_blob = (const blb*) action->act_object; if (action->act_error) { - sprintf(s1, "%s2", global_status_name); + snprintf(s1, sizeof(s1), "%s2", global_status_name); args.pat_vector1 = s1; } else @@ -1251,12 +1251,12 @@ static void gen_create_database( const act* action, int column) const gpre_req* request = ((const mdbb*) action->act_object)->mdbb_dpb_request; const gpre_dbb* db = request->req_database; - sprintf(s1, "isc_%dl", request->req_ident); - sprintf(trname, "isc_%dt", request->req_ident); + snprintf(s1, sizeof(s1), "isc_%dl", request->req_ident); + snprintf(trname, sizeof(trname), "isc_%dt", request->req_ident); if (request->req_flags & REQ_extend_dpb) { - sprintf(s2, "isc_%dp", request->req_ident); + snprintf(s2, sizeof(s2), "isc_%dp", request->req_ident); if (request->req_length) printa(column, "%s = isc_%d;", s2, request->req_ident); else @@ -1272,7 +1272,7 @@ static void gen_create_database( const act* action, int column) db->dbb_r_lc_ctype ? db->dbb_r_lc_ctype : "(char*) 0"); } else - sprintf(s2, "isc_%d", request->req_ident); + snprintf(s2, sizeof(s2), "isc_%d", request->req_ident); PAT args; args.pat_vector1 = status_vector(action); @@ -2119,7 +2119,7 @@ static void gen_event_wait( const act* action, int column) if (ident < 0) { - sprintf(s, "event handle \"%s\" not found", event_name->sym_string); + snprintf(s, sizeof(s), "event handle \"%s\" not found", event_name->sym_string); CPR_error(s); return; } @@ -2412,7 +2412,7 @@ static void gen_get_or_put_slice(const act* action, const ref* reference, bool g gen_name(s1, reference, true); // blob handle args.pat_string2 = s1; args.pat_value1 = reference->ref_sdl_length; // slice description length - sprintf(s2, "isc_%d", reference->ref_sdl_ident); // slice description + snprintf(s2, sizeof(s2), "isc_%d", reference->ref_sdl_ident); // slice description args.pat_string3 = s2; args.pat_long1 = reference->ref_field->fld_array_info->ary_size; @@ -2423,7 +2423,7 @@ static void gen_get_or_put_slice(const act* action, const ref* reference, bool g args.pat_string5 = reference->ref_value; else { - sprintf(s4, "isc_%d", reference->ref_field->fld_array_info->ary_ident); + snprintf(s4, sizeof(s4), "isc_%d", reference->ref_field->fld_array_info->ary_ident); args.pat_string5 = s4; // array name } @@ -2692,9 +2692,9 @@ static void gen_raw(const UCHAR* blr, int request_length) { const TEXT c = *blr++; if ((c >= 'A' && c <= 'Z') || c == '$' || c == '_') - sprintf(p, "'%c'", c); + snprintf(p, sizeof(buffer) - (p - buffer), "'%c'", c); else - sprintf(p, "%d", c); + snprintf(p, sizeof(buffer) - (p - buffer), "%d", c); while (*p) p++; if (count - 1) @@ -3399,7 +3399,8 @@ static void gen_tpb(const tpb* tpb_buffer, int column) for (length = 0; length < column; length++) *p++ = ' '; - sprintf(p, "isc_tpb_%d [%d] = {", tpb_buffer->tpb_ident, tpb_buffer->tpb_length); + snprintf(p, sizeof(buffer) - (p - buffer), "isc_tpb_%d [%d] = {", tpb_buffer->tpb_ident, + tpb_buffer->tpb_length); while (*p) p++; @@ -3410,9 +3411,9 @@ static void gen_tpb(const tpb* tpb_buffer, int column) { const TEXT c = *text++; if ((c >= 'A' && c <= 'Z') || c == '$' || c == '_') - sprintf(p, "'%c'", c); + snprintf(p, sizeof(buffer) - (p - buffer), "'%c'", c); else - sprintf(p, "%d", c); + snprintf(p, sizeof(buffer) - (p - buffer), "%d", c); while (*p) p++; if (tpb_length) @@ -3812,12 +3813,12 @@ static void make_ready(const gpre_dbb* db, if (request) { - sprintf(s1, "isc_%dl", request->req_ident); + snprintf(s1, sizeof(s1), "isc_%dl", request->req_ident); if (request->req_flags & REQ_extend_dpb) - sprintf(s2, "isc_%dp", request->req_ident); + snprintf(s2, sizeof(s2), "isc_%dp", request->req_ident); else - sprintf(s2, "isc_%d", request->req_ident); + snprintf(s2, sizeof(s2), "isc_%d", request->req_ident); // if the dpb needs to be extended at runtime to include items // in host variables, do so here; this assumes that there is diff --git a/src/gpre/cmd.cpp b/src/gpre/cmd.cpp index 30c98c00cf2..225b27e1a47 100644 --- a/src/gpre/cmd.cpp +++ b/src/gpre/cmd.cpp @@ -756,7 +756,6 @@ static void create_set_default_trg(gpre_req* request, cnstrt* constraint, bool on_upd_trg) { - TEXT s[512]; TEXT default_val[BLOB_BUFFER_SIZE]; fb_assert(request->req_actions->act_type == ACT_create_table || @@ -881,7 +880,8 @@ static void create_set_default_trg(gpre_req* request, // Nop. The column is not being created in this ddl statement if (request->req_actions->act_type == ACT_create_table) { - sprintf(s, "field \"%s\" does not exist in relation \"%s\"", + TEXT s[BUFFER_LARGE]; + snprintf(s, sizeof(s), "field \"%s\" does not exist in relation \"%s\"", for_key_fld_name->str_string, relation->rel_symbol->sym_string); CPR_error(s); } @@ -1129,7 +1129,6 @@ static void create_set_null_trg(gpre_req* request, static void get_referred_fields(const act* action, cnstrt* constraint) { - TEXT s[512]; const gpre_rel* relation = (gpre_rel*) action->act_object; for (gpre_req* req = gpreGlob.requests; req; req = req->req_next) @@ -1172,7 +1171,8 @@ static void get_referred_fields(const act* action, cnstrt* constraint) if (constraint->cnstrt_referred_fields == NULL) { // Nothing is in system tables. - sprintf(s, + TEXT s[BUFFER_MEDIUM]; + snprintf(s, sizeof(s), "\"REFERENCES %s\" without \"(column list)\" requires PRIMARY KEY on referenced table", constraint->cnstrt_referred_rel->str_string); CPR_error(s); @@ -1195,7 +1195,8 @@ static void get_referred_fields(const act* action, cnstrt* constraint) } if (prim_key_num_flds != for_key_num_flds) { - sprintf(s, + TEXT s[BUFFER_LARGE]; + snprintf(s, sizeof(s), "PRIMARY KEY column count in relation \"%s\" does not match FOREIGN KEY in relation \"%s\"", constraint->cnstrt_referred_rel->str_string, relation->rel_symbol->sym_string); diff --git a/src/gpre/cme.cpp b/src/gpre/cme.cpp index cc0575d8c85..8581ed457ff 100644 --- a/src/gpre/cme.cpp +++ b/src/gpre/cme.cpp @@ -164,7 +164,6 @@ void CME_expr(gpre_nod* node, gpre_req* request) gpre_ctx* context; gpre_fld field; const ref* reference; - TEXT s[128]; switch (node->nod_type) { @@ -226,7 +225,8 @@ void CME_expr(gpre_nod* node, gpre_req* request) if (!MET_generator(p, request->req_database)) { - sprintf(s, "generator %s not found", p); + TEXT s[BUFFER_MEDIUM]; + snprintf(s, sizeof(s), "generator %s not found", p); CPR_error(s); } request->add_byte(static_cast(strlen(p))); @@ -1883,7 +1883,7 @@ static void cmp_sdl_dtype( const gpre_fld* field, ref* reference) default: { TEXT s[50]; - sprintf(s, "datatype %d not understood", field->fld_dtype); + snprintf(s, sizeof(s), "datatype %d not understood", field->fld_dtype); CPR_error(s); } } diff --git a/src/gpre/cmp.cpp b/src/gpre/cmp.cpp index 2d2ddc77300..bf8514dfa4c 100644 --- a/src/gpre/cmp.cpp +++ b/src/gpre/cmp.cpp @@ -127,8 +127,9 @@ void CMP_compile_request( gpre_req* request) if (!request->req_handle && (request->req_type != REQ_procedure)) { - request->req_handle = (TEXT*) MSC_alloc(20); - sprintf(request->req_handle, gpreGlob.ident_pattern, CMP_next_ident()); + static constexpr size_t handleSize = 20; + request->req_handle = (TEXT*) MSC_alloc(handleSize); + snprintf(request->req_handle, handleSize, gpreGlob.ident_pattern, CMP_next_ident()); } if (!request->req_trans) @@ -857,7 +858,7 @@ static void cmp_field( gpre_req* request, const gpre_fld* field, default: { TEXT s[50]; - sprintf(s, "datatype %d not understood", field->fld_dtype); + snprintf(s, sizeof(s), "datatype %d not understood", field->fld_dtype); CPR_error(s); } } diff --git a/src/gpre/exp.cpp b/src/gpre/exp.cpp index 577437a43bf..07c45566781 100644 --- a/src/gpre/exp.cpp +++ b/src/gpre/exp.cpp @@ -402,7 +402,7 @@ SINT64 EXP_SINT64_ordinal(bool advance_flag) sscanf(gpreGlob.token_global.tok_string, format, &n); char buffer[64]; - sprintf(buffer, format, n); + snprintf(buffer, sizeof(buffer), format, n); if (strcmp(buffer, gpreGlob.token_global.tok_string) != 0) PAR_error("Numeric value out of range"); @@ -427,7 +427,7 @@ SLONG EXP_SLONG_ordinal(bool advance_flag) const SLONG n = atoi(gpreGlob.token_global.tok_string); char buffer[32]; - sprintf(buffer, "%" SLONGFORMAT, n); + snprintf(buffer, sizeof(buffer), "%" SLONGFORMAT, n); if (strcmp(buffer, gpreGlob.token_global.tok_string) != 0) PAR_error("Numeric value out of range"); @@ -477,7 +477,7 @@ ULONG EXP_ULONG_ordinal(bool advance_flag) const ULONG n = atoi(gpreGlob.token_global.tok_string); char buffer[32]; - sprintf(buffer, "%" ULONGFORMAT, n); + snprintf(buffer, sizeof(buffer), "%" ULONGFORMAT, n); if (strcmp(buffer, gpreGlob.token_global.tok_string) != 0) PAR_error("Numeric value out of range"); @@ -569,8 +569,6 @@ void EXP_post_array( ref* reference) ref* EXP_post_field(gpre_fld* field, gpre_ctx* context, bool null_flag) { - TEXT s[128]; - gpre_req* request = context->ctx_request; // If the reference is already posted, return the reference @@ -593,7 +591,9 @@ ref* EXP_post_field(gpre_fld* field, gpre_ctx* context, bool null_flag) reference->ref_field = field; else { - sprintf(s, "field %s is inconsistently cast", field->fld_symbol->sym_string); + TEXT s[BUFFER_MEDIUM]; + snprintf(s, sizeof(s), "field %s is inconsistently cast", + field->fld_symbol->sym_string); PAR_error(s); } } @@ -1026,13 +1026,13 @@ static gpre_nod* normalize_index( dim* dimension, gpre_nod* user_index, USHORT a case ZERO_BASED: if (dimension->dim_lower < 0) negate = true; - sprintf(string, "%d", abs(dimension->dim_lower)); + snprintf(string, sizeof(string), "%d", abs(dimension->dim_lower)); break; case ONE_BASED: if (dimension->dim_lower - 1 < 0) negate = true; - sprintf(string, "%d", abs(dimension->dim_lower - 1)); + snprintf(string, sizeof(string), "%d", abs(dimension->dim_lower - 1)); break; default: @@ -1304,8 +1304,6 @@ static gpre_nod* par_multiply( gpre_req* request, gpre_fld* field) static gpre_nod* par_native_value( gpre_req* request, gpre_fld* field) { - TEXT s[64]; - // Special case literals if (gpreGlob.token_global.tok_type == tok_number || @@ -1327,7 +1325,8 @@ static gpre_nod* par_native_value( gpre_req* request, gpre_fld* field) if (!field) { - sprintf(s, "no reference field for %s", reference->ref_value); + TEXT s[64]; + snprintf(s, sizeof(s), "no reference field for %s", reference->ref_value); PAR_error(s); } diff --git a/src/gpre/gpre.cpp b/src/gpre/gpre.cpp index 45a8e55a90e..82be2091da4 100644 --- a/src/gpre/gpre.cpp +++ b/src/gpre/gpre.cpp @@ -1181,9 +1181,8 @@ tok* CPR_token() gpre_sym* symbol = MSC_find_symbol(HSH_lookup(token->tok_string + 1), SYM_charset); if (!symbol) { - TEXT err_buffer[100]; - - sprintf(err_buffer, "Character set not recognized: '%.50s'", token->tok_string); + TEXT err_buffer[BUFFER_MEDIUM]; + snprintf(err_buffer, sizeof(err_buffer), "Character set not recognized: '%s'", token->tok_string); CPR_error(err_buffer); } token = get_token(); @@ -1448,7 +1447,6 @@ static void finish_based( act* action) { gpre_rel* relation = NULL; gpre_fld* field = NULL; - TEXT s[MAXPATHLEN << 1]; for (; action; action = action->act_rest) { @@ -1484,6 +1482,7 @@ static void finish_based( act* action) relation = MET_get_relation(db, based_on->bas_rel_name->str_string, ""); if (!relation) { + TEXT s[BUFFER_LARGE]; fb_utils::snprintf(s, sizeof(s), "relation %s is not defined in database %s", based_on->bas_rel_name->str_string, based_on->bas_db_name->str_string); CPR_error(s); @@ -1506,6 +1505,7 @@ static void finish_based( act* action) } else { + TEXT s[MAXPATHLEN << 1]; fb_utils::snprintf(s, sizeof(s), "database %s is not defined", based_on->bas_db_name->str_string); CPR_error(s); @@ -1524,7 +1524,7 @@ static void finish_based( act* action) { // The field reference is ambiguous. It exists in more // than one database. - + TEXT s[BUFFER_LARGE]; fb_utils::snprintf(s, sizeof(s), "field %s in relation %s ambiguous", based_on->bas_fld_name->str_string, based_on->bas_rel_name->str_string); CPR_error(s); @@ -1537,7 +1537,8 @@ static void finish_based( act* action) continue; if (!relation && !field) { - sprintf(s, "relation %s is not defined", based_on->bas_rel_name->str_string); + TEXT s[BUFFER_MEDIUM]; + snprintf(s, sizeof(s), "relation %s is not defined", based_on->bas_rel_name->str_string); CPR_error(s); continue; } @@ -1545,7 +1546,8 @@ static void finish_based( act* action) if (!field) { - sprintf(s, "field %s is not defined in relation %s", + TEXT s[BUFFER_LARGE]; + snprintf(s, sizeof(s), "field %s is not defined in relation %s", based_on->bas_fld_name->str_string, based_on->bas_rel_name->str_string); CPR_error(s); continue; @@ -1553,7 +1555,8 @@ static void finish_based( act* action) if ((based_on->bas_flags & BAS_segment) && !(field->fld_flags & FLD_blob)) { - sprintf(s, "field %s is not a blob", field->fld_symbol->sym_string); + TEXT s[BUFFER_MEDIUM]; + snprintf(s, sizeof(s), "field %s is not a blob", field->fld_symbol->sym_string); CPR_error(s); continue; } diff --git a/src/gpre/int_cxx.cpp b/src/gpre/int_cxx.cpp index fabd63c4771..7f4c70e6c93 100644 --- a/src/gpre/int_cxx.cpp +++ b/src/gpre/int_cxx.cpp @@ -451,9 +451,9 @@ static void gen_raw( const gpre_req* request) { const UCHAR c = *blr++; if ((c >= 'A' && c <= 'Z') || c == '$' || c == '_') - sprintf(p, "'%c',", c); + snprintf(p, sizeof(buffer) - (p - buffer), "'%c',", c); else - sprintf(p, "%d,", c); + snprintf(p, sizeof(buffer) - (p - buffer), "%d,", c); while (*p) p++; if (p - buffer > 60) diff --git a/src/gpre/languages/ada.cpp b/src/gpre/languages/ada.cpp index 35621f16931..63a0b907da3 100644 --- a/src/gpre/languages/ada.cpp +++ b/src/gpre/languages/ada.cpp @@ -642,7 +642,7 @@ static void gen_at_end( const act* action, int column) static void gen_based( const act* action, int column) { SSHORT datatype; - SCHAR s[512], s2[128]; + SCHAR s[BUFFER_MEDIUM], s2[BUFFER_TINY]; bas* based_on = (bas*) action->act_object; gpre_fld* field = based_on->bas_field; @@ -652,7 +652,7 @@ static void gen_based( const act* action, int column) if (field->fld_array_info) { datatype = field->fld_array->fld_dtype; - sprintf(s, "array ("); + snprintf(s, sizeof(s), "array ("); for (q = s; *q; q++) ; @@ -661,13 +661,13 @@ static void gen_based( const act* action, int column) for (SSHORT i = 1; i < field->fld_array_info->ary_dimension_count; dimension = dimension->dim_next, i++) { - sprintf(s2, "%s range %" SLONGFORMAT"..%" SLONGFORMAT",\n ", + snprintf(s2, sizeof(s2), "%s range %" SLONGFORMAT"..%" SLONGFORMAT",\n ", LONG_DCL, dimension->dim_lower, dimension->dim_upper); for (p = s2; *p; p++, q++) *q = *p; } - sprintf(s2, "%s range %" SLONGFORMAT"..%" SLONGFORMAT") of ", + snprintf(s2, sizeof(s2), "%s range %" SLONGFORMAT"..%" SLONGFORMAT") of ", LONG_DCL, dimension->dim_lower, dimension->dim_upper); for (p = s2; *p; p++, q++) *q = *p; @@ -680,17 +680,17 @@ static void gen_based( const act* action, int column) switch (datatype) { case dtype_short: - sprintf(s2, "%s", SHORT_DCL); + snprintf(s2, sizeof(s2), "%s", SHORT_DCL); break; case dtype_long: - sprintf(s2, "%s", LONG_DCL); + snprintf(s2, sizeof(s2), "%s", LONG_DCL); break; case dtype_date: case dtype_blob: case dtype_quad: - sprintf(s2, "firebird.quad"); + snprintf(s2, sizeof(s2), "firebird.quad"); break; case dtype_text: @@ -698,26 +698,26 @@ static void gen_based( const act* action, int column) if (field->fld_sub_type == 1) { if (length == 1) - sprintf(s2, "%s", BYTE_DCL); + snprintf(s2, sizeof(s2), "%s", BYTE_DCL); else - sprintf(s2, "%s (1..%d)", BYTE_VECTOR_DCL, length); + snprintf(s2, sizeof(s2), "%s (1..%d)", BYTE_VECTOR_DCL, length); } else if (length == 1) - sprintf(s2, "firebird.isc_character"); + snprintf(s2, sizeof(s2), "firebird.isc_character"); else - sprintf(s2, "string (1..%d)", length); + snprintf(s2, sizeof(s2), "string (1..%d)", length); break; case dtype_real: - sprintf(s2, "%s", REAL_DCL); + snprintf(s2, sizeof(s2), "%s", REAL_DCL); break; case dtype_double: - sprintf(s2, "%s", DOUBLE_DCL); + snprintf(s2, sizeof(s2), "%s", DOUBLE_DCL); break; default: - sprintf(s2, "datatype %d unknown\n", field->fld_dtype); + snprintf(s2, sizeof(s2), "datatype %d unknown\n", field->fld_dtype); return; } @@ -1017,11 +1017,11 @@ static void gen_create_database( const act* action, int column) gpre_req* request = ((mdbb*) action->act_object)->mdbb_dpb_request; const gpre_dbb* db = (gpre_dbb*) request->req_database; - sprintf(s1, "isc_%dl", request->req_ident); + snprintf(s1, sizeof(s1), "isc_%dl", request->req_ident); if (request->req_flags & REQ_extend_dpb) { - sprintf(s2, "isc_%dp", request->req_ident); + snprintf(s2, sizeof(s2), "isc_%dp", request->req_ident); if (request->req_length) printa(column, "%s = isc_to_dpb_ptr (isc_%d'address);", s2, request->req_ident); if (db->dbb_r_user) @@ -1046,7 +1046,7 @@ static void gen_create_database( const act* action, int column) } else - sprintf(s2, "isc_to_dpb_ptr (isc_%d'address)", request->req_ident); + snprintf(s2, sizeof(s2), "isc_to_dpb_ptr (isc_%d'address)", request->req_ident); if (request->req_length) printa(column, "firebird.CREATE_DATABASE (%s %d, \"%s\", %s%s, %s, %s, 0);", @@ -1817,7 +1817,7 @@ static void gen_event_wait( const act* action, int column) if (ident < 0) { TEXT s[64]; - sprintf(s, "event handle \"%s\" not found", event_name->sym_string); + snprintf(s, sizeof(s), "event handle \"%s\" not found", event_name->sym_string); CPR_error(s); return; } @@ -2124,23 +2124,21 @@ static void gen_get_or_put_slice(const act* action, args.pat_value1 = reference->ref_sdl_length; // slice descr. length TEXT s2[25]; - sprintf(s2, "isc_%d", reference->ref_sdl_ident); // slice description + snprintf(s2, sizeof(s2), "isc_%d", reference->ref_sdl_ident); // slice description args.pat_string3 = s2; args.pat_value2 = 0; // parameter length - TEXT s3[25]; - sprintf(s3, "isc_null_vector_l"); // parameter block init - args.pat_string4 = s3; + args.pat_string4 = "isc_null_vector_l"; // parameter block init args.pat_long1 = reference->ref_field->fld_array_info->ary_size; // slice size TEXT s4[25]; if (action->act_flags & ACT_sql) { - sprintf(s4, "%s'address", reference->ref_value); + snprintf(s4, sizeof(s4), "%s'address", reference->ref_value); } else { - sprintf(s4, "isc_%d'address", reference->ref_field->fld_array_info->ary_ident); + snprintf(s4, sizeof(s4), "isc_%d'address", reference->ref_field->fld_array_info->ary_ident); } args.pat_string5 = s4; // array name @@ -2368,7 +2366,7 @@ static void gen_raw(const UCHAR* blr, const int request_length) for (const UCHAR* const end = blr + request_length - 1; blr <= end; ++blr) { const UCHAR c = *blr; - sprintf(p, "%d", c); + snprintf(p, sizeof(buffer) - (p - buffer), "%d", c); while (*p) p++; if (blr != end) @@ -3054,7 +3052,7 @@ static void gen_tpb(const tpb* tpb_buffer, int column) while (--length) { const TEXT c = *text++; - sprintf(p, "%d, ", c); + snprintf(p, sizeof(buffer) - (p - buffer), "%d, ", c); while (*p) p++; if (p - buffer > 60) @@ -3068,7 +3066,7 @@ static void gen_tpb(const tpb* tpb_buffer, int column) // handle the last character const TEXT c = *text++; - sprintf(p, "%d", c); + snprintf(p, sizeof(buffer) - (p - buffer), "%d", c); printa(column + INDENT, "%s", buffer); printa(column, ");"); } @@ -3449,8 +3447,8 @@ static void make_ready(const gpre_dbb* db, if (request) { - sprintf(s1, "isc_%dl", request->req_ident); - sprintf(s2, "isc_%d", request->req_ident); + snprintf(s1, sizeof(s1), "isc_%dl", request->req_ident); + snprintf(s2, sizeof(s2), "isc_%d", request->req_ident); // if the dpb needs to be extended at runtime to include items // in host variables, do so here; this assumes that there is @@ -3458,7 +3456,7 @@ static void make_ready(const gpre_dbb* db, if (request->req_flags & REQ_extend_dpb) { - sprintf(s2, "isc_%dp", request->req_ident); + snprintf(s2, sizeof(s2), "isc_%dp", request->req_ident); if (request->req_length) printa(column, "%s = isc_%d;", s2, request->req_ident); if (db->dbb_r_user) @@ -3527,7 +3525,7 @@ static void printa( int column, const TEXT* string, ...) va_start(ptr, string); align(column); - vsprintf(output_buffer, string, ptr); + vsnprintf(output_buffer, sizeof(output_buffer), string, ptr); va_end(ptr); ADA_print_buffer(output_buffer, column); } @@ -3585,7 +3583,7 @@ static void t_start_auto(const act* action, if (gpreGlob.sw_auto) { - TEXT buffer[256], temp[40]; + TEXT buffer[BUFFER_SMALL], temp[40]; buffer[0] = 0; for (const gpre_dbb* db = gpreGlob.isc_databases; db; db = db->dbb_next) { @@ -3602,7 +3600,7 @@ static void t_start_auto(const act* action, endif(column); if (buffer[0]) strcat(buffer, ") and ("); - sprintf(temp, "%s%s /= 0", gpreGlob.ada_package, db->dbb_name->sym_string); + snprintf(temp, sizeof(temp), "%s%s /= 0", gpreGlob.ada_package, db->dbb_name->sym_string); strcat(buffer, temp); } } diff --git a/src/gpre/languages/cob.cpp b/src/gpre/languages/cob.cpp index ab80b799a86..90ee2e92e7b 100644 --- a/src/gpre/languages/cob.cpp +++ b/src/gpre/languages/cob.cpp @@ -487,7 +487,7 @@ void COB_action(const act* action, int /*column*/) gen_blob_end(action); return; case ACT_enderror: - sprintf(output_buffer, "%sEND-IF", names[COLUMN]); + snprintf(output_buffer, sizeof(output_buffer), "%sEND-IF", names[COLUMN]); COB_print_buffer(output_buffer, false); return; case ACT_endfor: @@ -834,18 +834,22 @@ static void asgn_from( const act* action, const ref* reference) else value = reference->ref_value; if (!reference->ref_master || (reference->ref_flags & REF_literal)) - sprintf(output_buffer, "%sMOVE %s TO %s\n", names[COLUMN], value, variable); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s TO %s\n", names[COLUMN], + value, variable); else { - sprintf(output_buffer, "%sIF %s < 0 THEN\n", names[COLUMN], value); + snprintf(output_buffer, sizeof(output_buffer), "%sIF %s < 0 THEN\n", names[COLUMN], + value); COB_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sMOVE -1 TO %s\n", names[COLUMN_INDENT], variable); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE -1 TO %s\n", + names[COLUMN_INDENT], variable); COB_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sELSE\n", names[COLUMN]); + snprintf(output_buffer, sizeof(output_buffer), "%sELSE\n", names[COLUMN]); COB_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sMOVE 0 TO %s\n", names[COLUMN_INDENT], variable); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE 0 TO %s\n", names[COLUMN_INDENT], + variable); COB_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sEND-IF\n", names[COLUMN]); + snprintf(output_buffer, sizeof(output_buffer), "%sEND-IF\n", names[COLUMN]); } COB_print_buffer(output_buffer, false); } @@ -873,15 +877,16 @@ static void asgn_to( const act* action, ref* reference) } field = reference->ref_field; - sprintf(output_buffer, "%sMOVE %s TO %s\n", names[COLUMN], s, reference->ref_value); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s TO %s\n", names[COLUMN], s, + reference->ref_value); COB_print_buffer(output_buffer, false); // Pick up NULL value if one is there if (reference = reference->ref_null) { - sprintf(output_buffer, "%sMOVE %s TO %s\n", names[COLUMN], gen_name(s, reference, true), - reference->ref_value); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s TO %s\n", names[COLUMN], + gen_name(s, reference, true), reference->ref_value); COB_print_buffer(output_buffer, false); } } @@ -903,7 +908,8 @@ static void asgn_to_proc( const ref* reference) continue; //gpre_fld* field = reference->ref_field; gen_name(s, reference, true); - sprintf(output_buffer, "%sMOVE %s TO %s\n", names[COLUMN], s, reference->ref_value); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s TO %s\n", names[COLUMN], s, + reference->ref_value); COB_print_buffer(output_buffer, false); } } @@ -1035,7 +1041,7 @@ static void gen_based( const act* action) default: { TEXT s[64]; - sprintf(s, "datatype %d unknown\n", field->fld_dtype); + snprintf(s, sizeof(s), "datatype %d unknown\n", field->fld_dtype); CPR_error(s); return; } @@ -1065,7 +1071,7 @@ static void gen_blob_close( const act* action) const TEXT* command = (action->act_type == ACT_blob_cancel) ? CANCEL : CLOSE; TEXT buffer[80]; - sprintf(buffer, ISC_BLOB, command); + snprintf(buffer, sizeof(buffer), ISC_BLOB, command); printa(names[COLUMN], true, "CALL \"%s\" USING %s, %s%s%d", buffer, status_vector(action), BY_REF, names[isc_a_pos], blob->blb_ident); @@ -1297,12 +1303,13 @@ static void gen_compile( const act* action) if (gpreGlob.sw_auto && action->act_error) printa(names[COLUMN], false, "IF %s NOT = 0 THEN", request_trans(action, request)); - sprintf(output_buffer, "%sCALL \"%s%s\" USING %s, %s%s, %s%s, %s%d%s, %s%s%d\n", - names[COLUMN], ISC_COMPILE_REQUEST, - (request->req_flags & REQ_exp_hand) ? "" : "2", - status_vector(action), BY_REF, symbol->sym_string, BY_REF, - request->req_handle, BY_VALUE, request->req_length, END_VALUE, - BY_REF, names[isc_a_pos], request->req_ident); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s%s\" USING %s, %s%s, %s%s, %s%d%s, %s%s%d\n", + names[COLUMN], ISC_COMPILE_REQUEST, + (request->req_flags & REQ_exp_hand) ? "" : "2", + status_vector(action), BY_REF, symbol->sym_string, BY_REF, + request->req_handle, BY_VALUE, request->req_length, END_VALUE, + BY_REF, names[isc_a_pos], request->req_ident); COB_print_buffer(output_buffer, true); if (gpreGlob.sw_auto && action->act_error) @@ -1316,7 +1323,7 @@ static void gen_compile( const act* action) for (const blb* blob = request->req_blobs; blob; blob = blob->blb_next) { - sprintf(output_buffer, "%sMOVE 0 TO %s%d\n", + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE 0 TO %s%d\n", names[COLUMN], names[isc_a_pos], blob->blb_ident); COB_print_buffer(output_buffer, false); @@ -1337,11 +1344,11 @@ static void gen_create_database( const act* action) gpre_dbb* db = (gpre_dbb*) request->req_database; if (request) { - sprintf(s1, "%s%dL", names[isc_b_pos], request->req_ident); + snprintf(s1, sizeof(s1), "%s%dL", names[isc_b_pos], request->req_ident); if (request->req_flags & REQ_extend_dpb) - sprintf(s2, "%s%dp", names[isc_b_pos], request->req_ident); + snprintf(s2, sizeof(s2), "%s%dp", names[isc_b_pos], request->req_ident); else - sprintf(s2, "%s%d", names[isc_b_pos], request->req_ident); + snprintf(s2, sizeof(s2), "%s%d", names[isc_b_pos], request->req_ident); // if the dpb needs to be extended at runtime to include items // in host variables, do so here; this assumes that there is @@ -1351,79 +1358,84 @@ static void gen_create_database( const act* action) { if (request->req_length) { - sprintf(output_buffer, "%sMOVE %s%d to %s\n", - names[COLUMN], names[isc_b_pos], request->req_ident, s2); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s%d to %s\n", + names[COLUMN], names[isc_b_pos], request->req_ident, s2); } if (db->dbb_r_user) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 28, %s %s, %s%" SIZEFORMAT "%s\n", - names[COLUMN], - ISC_MODIFY_DPB, - BY_REF, s2, - BY_REF, s1, - BY_DESC, db->dbb_r_user, - BY_VALUE, strlen(db->dbb_r_user) - 2, END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 28, %s %s, %s%" SIZEFORMAT "%s\n", + names[COLUMN], + ISC_MODIFY_DPB, + BY_REF, s2, + BY_REF, s1, + BY_DESC, db->dbb_r_user, + BY_VALUE, strlen(db->dbb_r_user) - 2, END_VALUE); COB_print_buffer(output_buffer, true); } if (db->dbb_r_password) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 29, %s %s, %s%" SIZEFORMAT "%s\n", - names[COLUMN], - ISC_MODIFY_DPB, - BY_REF, s2, - BY_REF, s1, - BY_DESC, db->dbb_r_password, - BY_VALUE, strlen(db->dbb_r_password) - 2, END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 29, %s %s, %s%" SIZEFORMAT "%s\n", + names[COLUMN], + ISC_MODIFY_DPB, + BY_REF, s2, + BY_REF, s1, + BY_DESC, db->dbb_r_password, + BY_VALUE, strlen(db->dbb_r_password) - 2, END_VALUE); COB_print_buffer(output_buffer, true); } // Process Role Name, isc_dpb_sql_role_name/60 if (db->dbb_r_sql_role) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 60, %s %s, %s%" SIZEFORMAT "%s\n", - names[COLUMN], - ISC_MODIFY_DPB, - BY_REF, s2, - BY_REF, s1, - BY_DESC, db->dbb_r_sql_role, - BY_VALUE, strlen(db->dbb_r_sql_role) - 2, END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 60, %s %s, %s%" SIZEFORMAT "%s\n", + names[COLUMN], + ISC_MODIFY_DPB, + BY_REF, s2, + BY_REF, s1, + BY_DESC, db->dbb_r_sql_role, + BY_VALUE, strlen(db->dbb_r_sql_role) - 2, END_VALUE); COB_print_buffer(output_buffer, true); } if (db->dbb_r_lc_messages) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 47, %s %s, %s%" SIZEFORMAT "%s\n", - names[COLUMN], - ISC_MODIFY_DPB, - BY_REF, s2, - BY_REF, s1, - BY_REF, db->dbb_r_lc_messages, - BY_VALUE, strlen(db->dbb_r_lc_messages) - 2, - END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 47, %s %s, %s%" SIZEFORMAT "%s\n", + names[COLUMN], + ISC_MODIFY_DPB, + BY_REF, s2, + BY_REF, s1, + BY_REF, db->dbb_r_lc_messages, + BY_VALUE, strlen(db->dbb_r_lc_messages) - 2, + END_VALUE); COB_print_buffer(output_buffer, true); } if (db->dbb_r_lc_ctype) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s%s %s%s, BY VALUE 48, %s %s, %s%" SIZEFORMAT "%s\n", - names[COLUMN], - ISC_MODIFY_DPB, - BY_REF, s2, - BY_REF, s1, - BY_REF, db->dbb_r_lc_ctype, - BY_VALUE, strlen(db->dbb_r_lc_ctype) - 2, END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s%s %s%s, BY VALUE 48, %s %s, %s%" SIZEFORMAT "%s\n", + names[COLUMN], + ISC_MODIFY_DPB, + BY_REF, s2, + BY_REF, s1, + BY_REF, db->dbb_r_lc_ctype, + BY_VALUE, strlen(db->dbb_r_lc_ctype) - 2, END_VALUE); COB_print_buffer(output_buffer, true); } } if (request->req_flags & REQ_extend_dpb) { - sprintf(s1Tmp, "%s%s%s", BY_VALUE, s1, END_VALUE); - sprintf(s2Tmp, "%s%s%s", BY_VALUE, s2, END_VALUE); + snprintf(s1Tmp, sizeof(s1Tmp), "%s%s%s", BY_VALUE, s1, END_VALUE); + snprintf(s2Tmp, sizeof(s2Tmp), "%s%s%s", BY_VALUE, s2, END_VALUE); } else { - sprintf(s2Tmp, "%s%s", BY_REF, s2); - sprintf(s1Tmp, "%s%d%s", BY_VALUE, request->req_length, END_VALUE); + snprintf(s2Tmp, sizeof(s2Tmp), "%s%s", BY_REF, s2); + snprintf(s1Tmp, sizeof(s1Tmp), "%s%d%s", BY_VALUE, request->req_length, END_VALUE); } } @@ -1433,17 +1445,18 @@ static void gen_create_database( const act* action) db->dbb_id = dbisc->dbb_id; } TEXT dbname[128]; - sprintf(dbname, "%s%ddb", names[isc_b_pos], db->dbb_id); - - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s%" SIZEFORMAT "%s, %s%s, %s%s, %s, %s, %s0%s\n", - names[COLUMN], - ISC_CREATE_DATABASE, - status_vector(action), - BY_VALUE, strlen(db->dbb_filename), END_VALUE, - BY_REF, dbname, - BY_REF, db->dbb_name->sym_string, - request->req_length ? s1Tmp : OMITTED, - request->req_length ? s2Tmp : OMITTED, BY_VALUE, END_VALUE); + snprintf(dbname, sizeof(dbname), "%s%ddb", names[isc_b_pos], db->dbb_id); + + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s%" SIZEFORMAT "%s, %s%s, %s%s, %s, %s, %s0%s\n", + names[COLUMN], + ISC_CREATE_DATABASE, + status_vector(action), + BY_VALUE, strlen(db->dbb_filename), END_VALUE, + BY_REF, dbname, + BY_REF, db->dbb_name->sym_string, + request->req_length ? s1Tmp : OMITTED, + request->req_length ? s2Tmp : OMITTED, BY_VALUE, END_VALUE); COB_print_buffer(output_buffer, true); // if the dpb was extended, free it here @@ -1452,15 +1465,18 @@ static void gen_create_database( const act* action) { if (request->req_length) { - sprintf(output_buffer, "if (%s != %s%d)", s2, names[isc_b_pos], request->req_ident); + snprintf(output_buffer, sizeof(output_buffer), "if (%s != %s%d)", s2, names[isc_b_pos], + request->req_ident); COB_print_buffer(output_buffer, true); } - sprintf(output_buffer, "%sCALL \"%s\" USING %s\n", names[COLUMN], ISC_FREE, s2Tmp); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"%s\" USING %s\n", names[COLUMN], + ISC_FREE, s2Tmp); COB_print_buffer(output_buffer, true); // reset the length of the dpb - sprintf(output_buffer, "%sMOVE %d to %s", names[COLUMN], request->req_length, s1); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %d to %s", names[COLUMN], + request->req_length, s1); COB_print_buffer(output_buffer, true); } const bool save_sw_auto = gpreGlob.sw_auto; @@ -1566,7 +1582,8 @@ static void gen_database( const act* action) return; global_first_flag = true; - sprintf(output_buffer, "\n%s**** GDS Preprocessor Definitions ****\n\n", names[COMMENT]); + snprintf(output_buffer, sizeof(output_buffer), "\n%s**** GDS Preprocessor Definitions ****\n\n", + names[COMMENT]); COB_print_buffer(output_buffer, false); printa(names[COLUMN_0], false, "01 %s PIC S9(18) USAGE COMP VALUE IS 0.", names[isc_blob_null_pos]); @@ -1801,7 +1818,7 @@ static void gen_ddl( const act* action) } - sprintf(output_buffer, + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"%s\" USING %s, %s%s, %s%s, %s%d%s, %s%s%d\n", names[COLUMN], ISC_DDL, status_vector(action), BY_REF, request->req_database->dbb_name->sym_string, BY_REF, @@ -1998,7 +2015,7 @@ static void gen_dyn_immediate( const act* action) TEXT s[64]; const TEXT* s2 = "ISC-CONST-DYN-IMMEDL"; printa(names[COLUMN], true, GET_LEN_CALL_TEMPLATE, STRING_LENGTH, statement->dyn_string, s2); - sprintf(s, " %s%s%s,", BY_VALUE, s2, END_VALUE); + snprintf(s, sizeof(s), " %s%s%s,", BY_VALUE, s2, END_VALUE); if (gpreGlob.sw_auto) { @@ -2134,7 +2151,7 @@ static void gen_dyn_prepare( const act* action) TEXT s[MAX_CURSOR_SIZE], s3[80]; make_name_formatted(s, "ISC-CONST-%s", statement->dyn_statement_name); TEXT s2[MAX_CURSOR_SIZE + 1]; - sprintf(s2, "%sL", s); + snprintf(s2, sizeof(s2), "%sL", s); printa(names[COLUMN], true, GET_LEN_CALL_TEMPLATE, STRING_LENGTH, statement->dyn_string, s2); fb_utils::snprintf(s3, sizeof(s3), " %s%s%s,", BY_VALUE, s2, END_VALUE); @@ -2188,10 +2205,12 @@ static void gen_emodify( const act* action) case dtype_blob: case dtype_quad: case dtype_date: - sprintf(output_buffer, "%sCALL \"isc_qtoq\" USING %s, %s\n", names[COLUMN], s1, s2); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"isc_qtoq\" USING %s, %s\n", + names[COLUMN], s1, s2); break; default: - sprintf(output_buffer, "%sMOVE %s TO %s\n", names[COLUMN], s1, s2); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s TO %s\n", names[COLUMN], s1, + s2); } COB_print_buffer(output_buffer, true); if (field->fld_array_info) @@ -2630,7 +2649,7 @@ static void gen_get_or_put_slice(const act* action, args.pat_value1 = reference->ref_sdl_length; // slice descr length TEXT s2[MAX_REF_SIZE]; - sprintf(s2, "%s%d", names[isc_a_pos], reference->ref_sdl_ident); // slice description + snprintf(s2, sizeof(s2), "%s%d", names[isc_a_pos], reference->ref_sdl_ident); // slice description args.pat_string3 = s2; args.pat_value2 = 0; // parameter length @@ -2646,7 +2665,8 @@ static void gen_get_or_put_slice(const act* action, } else { - sprintf(s4, "%s%dL", names[isc_a_pos], reference->ref_field->fld_array_info->ary_ident); + snprintf(s4, sizeof(s4), "%s%dL", names[isc_a_pos], + reference->ref_field->fld_array_info->ary_ident); args.pat_string5 = s4; // array name } @@ -2666,23 +2686,20 @@ static void gen_get_or_put_slice(const act* action, static void gen_get_segment( const act* action) { const blb* blob; - TEXT buffer[128]; - if (action->act_flags & ACT_sql) blob = (blb*) action->act_request->req_blobs; else blob = (blb*) action->act_object; - strcpy(buffer, GET_SEG_CALL_TEMPLATE); // Copy seems useless instead of using constant directly. - sprintf(output_buffer, - buffer, - names[COLUMN], - ISC_GET_SEGMENT, - names[isc_status_vector_pos], - names[isc_a_pos], blob->blb_ident, - names[isc_a_pos], blob->blb_len_ident, - BY_VALUE, blob->blb_seg_length, END_VALUE, - BY_REF, names[isc_a_pos], blob->blb_buff_ident, names[isc_status_pos]); + snprintf(output_buffer, sizeof(output_buffer), + GET_SEG_CALL_TEMPLATE, + names[COLUMN], + ISC_GET_SEGMENT, + names[isc_status_vector_pos], + names[isc_a_pos], blob->blb_ident, + names[isc_a_pos], blob->blb_len_ident, + BY_VALUE, blob->blb_seg_length, END_VALUE, + BY_REF, names[isc_a_pos], blob->blb_buff_ident, names[isc_status_pos]); COB_print_buffer(output_buffer, true); @@ -2848,16 +2865,14 @@ static void gen_put_segment( const act* action) else blob = (blb*) action->act_object; - TEXT buffer[128]; - strcpy(buffer, PUT_SEG_CALL_TEMPLATE); - sprintf(output_buffer, - buffer, - names[COLUMN], - ISC_PUT_SEGMENT, - status_vector(action), - BY_REF, names[isc_a_pos], blob->blb_ident, - BY_VALUE, names[isc_a_pos], blob->blb_len_ident, END_VALUE, - BY_REF, names[isc_a_pos], blob->blb_buff_ident, names[isc_status_pos]); + snprintf(output_buffer, sizeof(output_buffer), + PUT_SEG_CALL_TEMPLATE, + names[COLUMN], + ISC_PUT_SEGMENT, + status_vector(action), + BY_REF, names[isc_a_pos], blob->blb_ident, + BY_VALUE, names[isc_a_pos], blob->blb_len_ident, END_VALUE, + BY_REF, names[isc_a_pos], blob->blb_buff_ident, names[isc_status_pos]); COB_print_buffer(output_buffer, true); set_sqlcode(action); @@ -2910,7 +2925,7 @@ static void gen_raw(const UCHAR* blr, req_t request_type, int request_length, in strcat(s, names[COLUMN]); strcat(s, RAW_BLR_TEMPLATE); strcat(s, "\n"); - sprintf(output_buffer, s, names[isc_a_pos], ident, names[UNDER], length++, + snprintf(output_buffer, sizeof(output_buffer), s, names[isc_a_pos], ident, names[UNDER], length++, blr_hunk.longword_blr); COB_print_buffer(output_buffer, false); } @@ -2944,7 +2959,7 @@ static void gen_ready( const act* action) if (filename) { namelength = static_cast(strlen(filename)); - sprintf(dbname, "%s%ddb", names[isc_b_pos], dbisc->dbb_id); + snprintf(dbname, sizeof(dbname), "%s%ddb", names[isc_b_pos], dbisc->dbb_id); filename = dbname; } else @@ -2957,7 +2972,7 @@ static void gen_ready( const act* action) if (ready->rdy_id) { - sprintf(dbname, "%s%ddb", names[isc_b_pos], ready->rdy_id); + snprintf(dbname, sizeof(dbname), "%s%ddb", names[isc_b_pos], ready->rdy_id); filename = dbname; namelength -= 2; } @@ -3012,15 +3027,16 @@ static void gen_release( const act* action) static void gen_receive( const act* action, const gpre_port* port) { const gpre_req* request = action->act_request; - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s%s, %s%d%s, %s%d%s, %s%s%d, %s%s%s\n", - names[COLUMN], - ISC_RECEIVE, - status_vector(action), - BY_REF, request->req_handle, - BY_VALUE, port->por_msg_number, END_VALUE, - BY_VALUE, port->por_length, END_VALUE, - BY_REF, names[isc_a_pos], port->por_ident, - BY_VALUE, request->req_request_level, END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s%s, %s%d%s, %s%d%s, %s%s%d, %s%s%s\n", + names[COLUMN], + ISC_RECEIVE, + status_vector(action), + BY_REF, request->req_handle, + BY_VALUE, port->por_msg_number, END_VALUE, + BY_VALUE, port->por_length, END_VALUE, + BY_REF, names[isc_a_pos], port->por_ident, + BY_VALUE, request->req_request_level, END_VALUE); COB_print_buffer(output_buffer, true); set_sqlcode(action); @@ -3289,15 +3305,16 @@ static void gen_send( const act* action, const gpre_port* port) { const gpre_req* request = action->act_request; - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s%s, %s%d%s, %s%d%s, %s%s%d, %s%s%s\n", - names[COLUMN], - ISC_SEND, - status_vector(action), - BY_REF, request->req_handle, - BY_VALUE, port->por_msg_number, END_VALUE, - BY_VALUE, port->por_length, END_VALUE, - BY_REF, names[isc_a_pos], port->por_ident, - BY_VALUE, request->req_request_level, END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s%s, %s%d%s, %s%d%s, %s%s%d, %s%s%s\n", + names[COLUMN], + ISC_SEND, + status_vector(action), + BY_REF, request->req_handle, + BY_VALUE, port->por_msg_number, END_VALUE, + BY_VALUE, port->por_length, END_VALUE, + BY_REF, names[isc_a_pos], port->por_ident, + BY_VALUE, request->req_request_level, END_VALUE); COB_print_buffer(output_buffer, true); set_sqlcode(action); @@ -3438,25 +3455,27 @@ static void gen_start( const act* action, const gpre_port* port) gen_get_or_put_slice(action, reference, false); } - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s%s, %s%s, %s%d%s, %s%d%s, %s%s%d, %s%s%s\n", - names[COLUMN], - ISC_START_AND_SEND, - vector, - BY_REF, request->req_handle, - BY_REF, request_trans(action, request), - BY_VALUE, port->por_msg_number, END_VALUE, - BY_VALUE, port->por_length, END_VALUE, - BY_REF, names[isc_a_pos], port->por_ident, - BY_VALUE, request->req_request_level, END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s%s, %s%s, %s%d%s, %s%d%s, %s%s%d, %s%s%s\n", + names[COLUMN], + ISC_START_AND_SEND, + vector, + BY_REF, request->req_handle, + BY_REF, request_trans(action, request), + BY_VALUE, port->por_msg_number, END_VALUE, + BY_VALUE, port->por_length, END_VALUE, + BY_REF, names[isc_a_pos], port->por_ident, + BY_VALUE, request->req_request_level, END_VALUE); } else - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s%s, %s%s, %s%s%s\n", - names[COLUMN], - ISC_START_REQUEST, - vector, - BY_REF, request->req_handle, - BY_REF, request_trans(action, request), - BY_VALUE, request->req_request_level, END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s%s, %s%s, %s%s%s\n", + names[COLUMN], + ISC_START_REQUEST, + vector, + BY_REF, request->req_handle, + BY_REF, request_trans(action, request), + BY_VALUE, request->req_request_level, END_VALUE); COB_print_buffer(output_buffer, true); @@ -3523,7 +3542,7 @@ static void gen_t_start( const act* action) const USHORT namelength = static_cast(filename ? strlen(filename) : 0); if (filename) { - sprintf(dbname, "%s%ddb", names[isc_b_pos], db->dbb_id); + snprintf(dbname, sizeof(dbname), "%s%ddb", names[isc_b_pos], db->dbb_id); filename = dbname; } make_ready(db, filename, status_vector(action), 0, namelength); @@ -3588,8 +3607,8 @@ static void gen_tpb(const tpb* tpb_buffer) names[UNDER], length++, tpb_hunk.longword_tpb); } - sprintf(output_buffer, "%sEnd of data for %s%d\n", - names[COMMENT], names[isc_tpb_pos], tpb_buffer->tpb_ident); + snprintf(output_buffer, sizeof(output_buffer), "%sEnd of data for %s%d\n", + names[COMMENT], names[isc_tpb_pos], tpb_buffer->tpb_ident); COB_print_buffer(output_buffer, false); } @@ -3739,10 +3758,10 @@ static void make_array_declaration( ref* reference) } TEXT string1[256]; - TEXT* p = string1; const int dimension_size = dimension->dim_upper - dimension->dim_lower + 1; - sprintf(p, "%02d %s%d OCCURS %d TIMES ", + snprintf(string1, sizeof(string1), "%02d %s%d OCCURS %d TIMES ", i, names[isc_a_pos], field->fld_array_info->ary_ident, dimension_size); + TEXT* p = string1; while (*p) p++; @@ -3760,16 +3779,16 @@ static void make_array_declaration( ref* reference) if (scale >= -digits && scale <= 0) { if (scale > -digits) - sprintf(p, "9(%d)", digits + scale); + snprintf(p, sizeof(string1) - (p - string1), "9(%d)", digits + scale); while (*p) p++; if (scale) - sprintf(p, "V9(%d)", digits - (digits + scale)); + snprintf(p, sizeof(string1) - (p - string1), "V9(%d)", digits - (digits + scale)); } else if (scale > 0) - sprintf(p, "9(%d)P(%d)", digits, scale); + snprintf(p, sizeof(string1) - (p - string1), "9(%d)P(%d)", digits, scale); else - sprintf(p, "VP(%d)9(%d)", -(scale + digits), digits); + snprintf(p, sizeof(string1) - (p - string1), "VP(%d)9(%d)", -(scale + digits), digits); while (*p) p++; strcpy(p, USAGE_COMP); @@ -3779,7 +3798,7 @@ static void make_array_declaration( ref* reference) case dtype_cstring: case dtype_text: case dtype_varying: - sprintf(p, "PIC X(%d).", field->fld_array->fld_length); + snprintf(p, sizeof(string1) - (p - string1), "PIC X(%d).", field->fld_array->fld_length); break; case dtype_date: @@ -3789,13 +3808,14 @@ static void make_array_declaration( ref* reference) break; case dtype_quad: - sprintf(p, "PIC S9(%d)", 18 + field->fld_array->fld_scale); + snprintf(p, sizeof(string1) - (p - string1), "PIC S9(%d)", + 18 + field->fld_array->fld_scale); while (*p) p++; if (field->fld_array->fld_scale < 0) - sprintf(p, "V9(%d)", -field->fld_array->fld_scale); + snprintf(p, sizeof(string1) - (p - string1), "V9(%d)", -field->fld_array->fld_scale); else if (field->fld_array->fld_scale > 0) - sprintf(p, "P(%d)", field->fld_array->fld_scale); + snprintf(p, sizeof(string1) - (p - string1), "P(%d)", field->fld_array->fld_scale); while (*p) p++; strcpy(p, USAGE_COMP); @@ -3954,11 +3974,11 @@ static void make_ready(const gpre_dbb* db, const TEXT* filename, if (request) { - sprintf(s1, "%s%dL", names[isc_b_pos], request->req_ident); + snprintf(s1, sizeof(s1), "%s%dL", names[isc_b_pos], request->req_ident); if (request->req_flags & REQ_extend_dpb) - sprintf(s2, "%s%dp", names[isc_b_pos], request->req_ident); + snprintf(s2, sizeof(s2), "%s%dp", names[isc_b_pos], request->req_ident); else - sprintf(s2, "%s%d", names[isc_b_pos], request->req_ident); + snprintf(s2, sizeof(s2), "%s%d", names[isc_b_pos], request->req_ident); // if the dpb needs to be extended at runtime to include items // in host variables, do so here; this assumes that there is @@ -3968,99 +3988,105 @@ static void make_ready(const gpre_dbb* db, const TEXT* filename, { if (request->req_length) { - sprintf(output_buffer, "%sMOVE %s%d to %s\n", - names[COLUMN], names[isc_b_pos], request->req_ident, s2); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s%d to %s\n", + names[COLUMN], names[isc_b_pos], request->req_ident, s2); } if (db->dbb_r_user) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 28, %s %s, %s%" SIZEFORMAT "%s\n", - names[COLUMN], - ISC_MODIFY_DPB, - BY_REF, s2, - BY_REF, s1, - BY_DESC, db->dbb_r_user, - BY_VALUE, strlen(db->dbb_r_user) - 2, END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 28, %s %s, %s%" SIZEFORMAT "%s\n", + names[COLUMN], + ISC_MODIFY_DPB, + BY_REF, s2, + BY_REF, s1, + BY_DESC, db->dbb_r_user, + BY_VALUE, strlen(db->dbb_r_user) - 2, END_VALUE); COB_print_buffer(output_buffer, true); } if (db->dbb_r_password) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 29, %s %s, %s%" SIZEFORMAT "%s\n", - names[COLUMN], - ISC_MODIFY_DPB, - BY_REF, s2, - BY_REF, s1, - BY_DESC, db->dbb_r_password, - BY_VALUE, strlen(db->dbb_r_password) - 2, END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 29, %s %s, %s%" SIZEFORMAT "%s\n", + names[COLUMN], + ISC_MODIFY_DPB, + BY_REF, s2, + BY_REF, s1, + BY_DESC, db->dbb_r_password, + BY_VALUE, strlen(db->dbb_r_password) - 2, END_VALUE); COB_print_buffer(output_buffer, true); } // Process Role Name, isc_dpb_sql_role_name/60 if (db->dbb_r_sql_role) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 60, %s %s, %s%" SIZEFORMAT "%s\n", - names[COLUMN], - ISC_MODIFY_DPB, - BY_REF, s2, - BY_REF, s1, - BY_DESC, db->dbb_r_sql_role, - BY_VALUE, strlen(db->dbb_r_sql_role) - 2, END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 60, %s %s, %s%" SIZEFORMAT "%s\n", + names[COLUMN], + ISC_MODIFY_DPB, + BY_REF, s2, + BY_REF, s1, + BY_DESC, db->dbb_r_sql_role, + BY_VALUE, strlen(db->dbb_r_sql_role) - 2, END_VALUE); COB_print_buffer(output_buffer, true); } if (db->dbb_r_lc_messages) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 47, %s %s, %s%" SIZEFORMAT "%s\n", - names[COLUMN], - ISC_MODIFY_DPB, - BY_REF, s2, - BY_REF, s1, - BY_REF, db->dbb_r_lc_messages, - BY_VALUE, strlen(db->dbb_r_lc_messages) - 2, - END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s%s, %s%s, BY VALUE 47, %s %s, %s%" SIZEFORMAT "%s\n", + names[COLUMN], + ISC_MODIFY_DPB, + BY_REF, s2, + BY_REF, s1, + BY_REF, db->dbb_r_lc_messages, + BY_VALUE, strlen(db->dbb_r_lc_messages) - 2, + END_VALUE); COB_print_buffer(output_buffer, true); } if (db->dbb_r_lc_ctype) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s%s %s%s, BY VALUE 48, %s %s, %s%" SIZEFORMAT "%s\n", - names[COLUMN], - ISC_MODIFY_DPB, - BY_REF, s2, - BY_REF, s1, - BY_REF, db->dbb_r_lc_ctype, - BY_VALUE, strlen(db->dbb_r_lc_ctype) - 2, END_VALUE); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s%s %s%s, BY VALUE 48, %s %s, %s%" SIZEFORMAT "%s\n", + names[COLUMN], + ISC_MODIFY_DPB, + BY_REF, s2, + BY_REF, s1, + BY_REF, db->dbb_r_lc_ctype, + BY_VALUE, strlen(db->dbb_r_lc_ctype) - 2, END_VALUE); COB_print_buffer(output_buffer, true); } } if (request->req_flags & REQ_extend_dpb) { - sprintf(s1Tmp, "%s%s%s", BY_VALUE, s1, END_VALUE); - sprintf(s2Tmp, "%s%s%s", BY_VALUE, s2, END_VALUE); + snprintf(s1Tmp, sizeof(s1Tmp), "%s%s%s", BY_VALUE, s1, END_VALUE); + snprintf(s2Tmp, sizeof(s2Tmp), "%s%s%s", BY_VALUE, s2, END_VALUE); } else { - sprintf(s2Tmp, "%s%s", BY_REF, s2); - sprintf(s1Tmp, "%s%d%s", BY_VALUE, request->req_length, END_VALUE); + snprintf(s2Tmp, sizeof(s2Tmp), "%s%s", BY_REF, s2); + snprintf(s1Tmp, sizeof(s1Tmp), "%s%d%s", BY_VALUE, request->req_length, END_VALUE); } } TEXT dbname[128]; if (!filename) { - sprintf(dbname, "%s%ddb", names[isc_b_pos], dbisc->dbb_id); + snprintf(dbname, sizeof(dbname), "%s%ddb", names[isc_b_pos], dbisc->dbb_id); filename = dbname; namelength = static_cast(strlen(db->dbb_filename)); } - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s%d%s, %s %s, %s%s, %s, %s\n", - names[COLUMN], - ISC_ATTACH_DATABASE, - vector, - BY_VALUE, namelength, END_VALUE, - BY_REF, filename, - BY_REF, db->dbb_name->sym_string, - request ? s1Tmp : OMITTED, request ? s2Tmp : OMITTED); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s%d%s, %s %s, %s%s, %s, %s\n", + names[COLUMN], + ISC_ATTACH_DATABASE, + vector, + BY_VALUE, namelength, END_VALUE, + BY_REF, filename, + BY_REF, db->dbb_name->sym_string, + request ? s1Tmp : OMITTED, request ? s2Tmp : OMITTED); COB_print_buffer(output_buffer, true); @@ -4070,15 +4096,18 @@ static void make_ready(const gpre_dbb* db, const TEXT* filename, { if (request->req_length) { - sprintf(output_buffer, "if (%s != %s%d)", s2, names[isc_b_pos], request->req_ident); + snprintf(output_buffer, sizeof(output_buffer), "if (%s != %s%d)", s2, names[isc_b_pos], + request->req_ident); COB_print_buffer(output_buffer, true); } - sprintf(output_buffer, "%sCALL \"%s\" USING %s\n", names[COLUMN], ISC_FREE, s2Tmp); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"%s\" USING %s\n", names[COLUMN], + ISC_FREE, s2Tmp); COB_print_buffer(output_buffer, true); // reset the length of the dpb - sprintf(output_buffer, "%sMOVE %d to %s\n", names[COLUMN], request->req_length, s1); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %d to %s\n", names[COLUMN], + request->req_length, s1); COB_print_buffer(output_buffer, true); } } @@ -4098,7 +4127,7 @@ static void printa(const TEXT* column, bool call, const TEXT* string, ...) strcpy(s, column); strcat(s, string); strcat(s, "\n"); - vsprintf(output_buffer, s, ptr); + vsnprintf(output_buffer, sizeof(output_buffer), s, ptr); va_end(ptr); COB_print_buffer(output_buffer, call); } @@ -4211,7 +4240,7 @@ static void t_start_auto(const gpre_req* request, const USHORT namelength = static_cast(filename ? strlen(filename) : 0); if (filename) { - sprintf(dbname, "%s%ddb", names[isc_b_pos], db->dbb_id); + snprintf(dbname, sizeof(dbname), "%s%ddb", names[isc_b_pos], db->dbb_id); filename = dbname; } make_ready(db, filename, vector, 0, namelength); diff --git a/src/gpre/languages/fbrmclib.cpp b/src/gpre/languages/fbrmclib.cpp index cc9fc289e4c..237a31e3478 100644 --- a/src/gpre/languages/fbrmclib.cpp +++ b/src/gpre/languages/fbrmclib.cpp @@ -1510,32 +1510,32 @@ EXPORT RM_ENTRY(rmc_ctod) if (fmt.yr_start != -1) { - sprintf(stemp, "%*.*d", fmt.yr_len, fmt.yr_len, tim.tm_year + 1900); + snprintf(stemp, sizeof(stemp), "%*.*d", fmt.yr_len, fmt.yr_len, tim.tm_year + 1900); memmove(dt + fmt.yr_start, stemp, fmt.yr_len); } if (fmt.mon_start != -1) { - sprintf(stemp, "%2.2d", tim.tm_mon + 1); + snprintf(stemp, sizeof(stemp), "%2.2d", tim.tm_mon + 1); memmove(dt + fmt.mon_start, stemp, 2); } if (fmt.day_start != -1) { - sprintf(stemp, "%2.2d", tim.tm_mday); + snprintf(stemp, sizeof(stemp), "%2.2d", tim.tm_mday); memmove(dt + fmt.day_start, stemp, 2); } if (fmt.hr_start != -1) { - sprintf(stemp, "%2.2d", tim.tm_hour); + snprintf(stemp, sizeof(stemp), "%2.2d", tim.tm_hour); memmove(dt + fmt.hr_start, stemp, 2); } if (fmt.min_start != -1) { - sprintf(stemp, "%2.2d", tim.tm_min); + snprintf(stemp, sizeof(stemp), "%2.2d", tim.tm_min); memmove(dt + fmt.min_start, stemp, 2); } if (fmt.sec_start != -1) { - sprintf(stemp, "%2.2d", tim.tm_sec); + snprintf(stemp, sizeof(stemp), "%2.2d", tim.tm_sec); memmove(dt + fmt.sec_start, stemp, 2); } StringToCobol(&arg_vector[0], dt); diff --git a/src/gpre/languages/ftn.cpp b/src/gpre/languages/ftn.cpp index 88715e20342..45687420a45 100644 --- a/src/gpre/languages/ftn.cpp +++ b/src/gpre/languages/ftn.cpp @@ -634,7 +634,7 @@ void FTN_print_buffer( TEXT* output_bufferL) q += 50; *p-- = 0; TEXT err[128]; - sprintf(err, "Output line overflow: %s", s); + snprintf(err, sizeof(err), "Output line overflow: %s", s); CPR_error(err); break; } @@ -691,23 +691,25 @@ static void asgn_from(const act* action, const ref* reference) if (field->fld_dtype == dtype_blob || field->fld_dtype == dtype_quad || field->fld_dtype == dtype_date) { - sprintf(output_buffer, "%sCALL isc_qtoq (%s, %s)\n", COLUMN, value, variable); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL isc_qtoq (%s, %s)\n", COLUMN, value, + variable); } else if (!reference->ref_master || (reference->ref_flags & REF_literal)) { - sprintf(output_buffer, "%s%s = %s\n", COLUMN, variable, value); + snprintf(output_buffer, sizeof(output_buffer), "%s%s = %s\n", COLUMN, variable, value); } else { - sprintf(output_buffer, "%sIF (%s .LT. 0) THEN\n", COLUMN, value); + snprintf(output_buffer, sizeof(output_buffer), "%sIF (%s .LT. 0) THEN\n", COLUMN, + value); FTN_print_buffer(output_buffer); - sprintf(output_buffer, "%s%s = -1\n", COLUMN_INDENT, variable); + snprintf(output_buffer, sizeof(output_buffer), "%s%s = -1\n", COLUMN_INDENT, variable); FTN_print_buffer(output_buffer); - sprintf(output_buffer, "%sELSE\n", COLUMN); + snprintf(output_buffer, sizeof(output_buffer), "%sELSE\n", COLUMN); FTN_print_buffer(output_buffer); - sprintf(output_buffer, "%s%s = 0\n", COLUMN_INDENT, variable); + snprintf(output_buffer, sizeof(output_buffer), "%s%s = 0\n", COLUMN_INDENT, variable); FTN_print_buffer(output_buffer); - sprintf(output_buffer, "%sEND IF\n", COLUMN); + snprintf(output_buffer, sizeof(output_buffer), "%sEND IF\n", COLUMN); } FTN_print_buffer(output_buffer); } @@ -737,18 +739,20 @@ static void asgn_to(const act* action, const ref* reference) if (field->fld_dtype == dtype_blob || field->fld_dtype == dtype_quad || field->fld_dtype == dtype_date) { - sprintf(output_buffer, "%sCALL isc_qtoq (%s, %s)\n", COLUMN, s, reference->ref_value); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL isc_qtoq (%s, %s)\n", COLUMN, s, + reference->ref_value); } else - sprintf(output_buffer, "%s%s = %s\n", COLUMN, reference->ref_value, s); + snprintf(output_buffer, sizeof(output_buffer), "%s%s = %s\n", COLUMN, reference->ref_value, + s); FTN_print_buffer(output_buffer); // Pick up NULL value if one is there if (reference = reference->ref_null) { - sprintf(output_buffer, "%s%s = %s\n", - COLUMN, reference->ref_value, gen_name(s, reference, true)); + snprintf(output_buffer, sizeof(output_buffer), "%s%s = %s\n", + COLUMN, reference->ref_value, gen_name(s, reference, true)); FTN_print_buffer(output_buffer); } } @@ -773,10 +777,12 @@ static void asgn_to_proc( const ref* reference) if (field->fld_dtype == dtype_blob || field->fld_dtype == dtype_quad || field->fld_dtype == dtype_date) { - sprintf(output_buffer, "%sCALL isc_qtoq (%s, %s)\n", COLUMN, s, reference->ref_value); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL isc_qtoq (%s, %s)\n", COLUMN, s, + reference->ref_value); } else - sprintf(output_buffer, "%s%s = %s\n", COLUMN, reference->ref_value, s); + snprintf(output_buffer, sizeof(output_buffer), "%s%s = %s\n", COLUMN, + reference->ref_value, s); FTN_print_buffer(output_buffer); } } @@ -855,7 +861,7 @@ static void gen_based(const act* action) default: { TEXT s[64]; - sprintf(s, "datatype %d unknown\n", field->fld_dtype); + snprintf(s, sizeof(s), "datatype %d unknown\n", field->fld_dtype); CPR_error(s); return; } @@ -1105,11 +1111,12 @@ static void gen_compile(const act* action) else printa(COLUMN, "IF (%s .EQ. 0) THEN", request->req_handle); - sprintf(output_buffer, "%sCALL ISC_COMPILE_REQUEST%s (%s, %s, %s, %s%d%s, %sisc_%d%s)\n", - COLUMN, (request->req_flags & REQ_exp_hand) ? "" : "2", - status_vector(), symbol->sym_string, request->req_handle, - I2CONST_1, request->req_length, I2CONST_2, REF_1, - request->req_ident, REF_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_COMPILE_REQUEST%s (%s, %s, %s, %s%d%s, %sisc_%d%s)\n", + COLUMN, (request->req_flags & REQ_exp_hand) ? "" : "2", + status_vector(), symbol->sym_string, request->req_handle, + I2CONST_1, request->req_length, I2CONST_2, REF_1, + request->req_ident, REF_2); FTN_print_buffer(output_buffer); status_and_stop(action); printa(COLUMN, "END IF"); @@ -1119,7 +1126,7 @@ static void gen_compile(const act* action) for (const blb* blob = request->req_blobs; blob; blob = blob->blb_next) { - sprintf(output_buffer, "%sisc_%d = 0\n", COLUMN, blob->blb_ident); + snprintf(output_buffer, sizeof(output_buffer), "%sisc_%d = 0\n", COLUMN, blob->blb_ident); FTN_print_buffer(output_buffer); } } @@ -1138,97 +1145,101 @@ static void gen_create_database(const act* action) const gpre_req* request = ((mdbb*) action->act_object)->mdbb_dpb_request; const gpre_dbb* db = (gpre_dbb*) request->req_database; - sprintf(s1, "isc_%dl", request->req_ident); + snprintf(s1, sizeof(s1), "isc_%dl", request->req_ident); if (request->req_flags & REQ_extend_dpb) { - sprintf(s2, "isc_%dp", request->req_ident); + snprintf(s2, sizeof(s2), "isc_%dp", request->req_ident); if (request->req_length) { - sprintf(output_buffer, "%s%s = isc_%d\n", COLUMN, s2, request->req_ident); + snprintf(output_buffer, sizeof(output_buffer), "%s%s = isc_%d\n", COLUMN, s2, + request->req_ident); FTN_print_buffer(output_buffer); } if (db->dbb_r_user) { - sprintf(output_buffer, - "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_user_name, %s, %sLEN(%s)%s)\n", - COLUMN, - s2, s1, db->dbb_r_user, - I2CONST_1, db->dbb_r_user, I2CONST_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_user_name, %s, %sLEN(%s)%s)\n", + COLUMN, + s2, s1, db->dbb_r_user, + I2CONST_1, db->dbb_r_user, I2CONST_2); FTN_print_buffer(output_buffer); } if (db->dbb_r_password) { - sprintf(output_buffer, - "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_password, %s, %sLEN(%s)%s)\n", - COLUMN, - s2, s1, db->dbb_r_password, - I2CONST_1, db->dbb_r_password, I2CONST_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_password, %s, %sLEN(%s)%s)\n", + COLUMN, + s2, s1, db->dbb_r_password, + I2CONST_1, db->dbb_r_password, I2CONST_2); FTN_print_buffer(output_buffer); } // SQL Role supports GPRE/Fortran if (db->dbb_r_sql_role) { - sprintf(output_buffer, - "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_sql_role_name, %s, %sLEN(%s)%s)\n", - COLUMN, - s2, s1, db->dbb_r_sql_role, - I2CONST_1, db->dbb_r_sql_role, I2CONST_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_sql_role_name, %s, %sLEN(%s)%s)\n", + COLUMN, + s2, s1, db->dbb_r_sql_role, + I2CONST_1, db->dbb_r_sql_role, I2CONST_2); FTN_print_buffer(output_buffer); } if (db->dbb_r_lc_messages) { - sprintf(output_buffer, - "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_lc_messages, %s, %sLEN(%s)%s)\n", - COLUMN, - s2, s1, db->dbb_r_lc_messages, - I2CONST_1, db->dbb_r_lc_messages, I2CONST_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_lc_messages, %s, %sLEN(%s)%s)\n", + COLUMN, + s2, s1, db->dbb_r_lc_messages, + I2CONST_1, db->dbb_r_lc_messages, I2CONST_2); FTN_print_buffer(output_buffer); } if (db->dbb_r_lc_ctype) { - sprintf(output_buffer, - "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_lc_type, %s, %sLEN(%s)%s)\n", - COLUMN, - s2, s1, db->dbb_r_lc_ctype, - I2CONST_1, db->dbb_r_lc_ctype, I2CONST_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_lc_type, %s, %sLEN(%s)%s)\n", + COLUMN, + s2, s1, db->dbb_r_lc_ctype, + I2CONST_1, db->dbb_r_lc_ctype, I2CONST_2); FTN_print_buffer(output_buffer); } } else - sprintf(s2, "isc_%d", request->req_ident); + snprintf(s2, sizeof(s2), "isc_%d", request->req_ident); if (request->req_length || request->req_flags & REQ_extend_dpb) - sprintf(output_buffer, - "%sCALL ISC_CREATE_DATABASE (%s, %s%" SIZEFORMAT"%s, %s'%s'%s, %s, %s%s%s, %s, 0)\n", - COLUMN, - status_vector(), - I2CONST_1, strlen(db->dbb_filename), I2CONST_2, - REF_1, db->dbb_filename, REF_2, - db->dbb_name->sym_string, I2CONST_1, s1, I2CONST_2, s2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_CREATE_DATABASE (%s, %s%" SIZEFORMAT"%s, %s'%s'%s, %s, %s%s%s, %s, 0)\n", + COLUMN, + status_vector(), + I2CONST_1, strlen(db->dbb_filename), I2CONST_2, + REF_1, db->dbb_filename, REF_2, + db->dbb_name->sym_string, I2CONST_1, s1, I2CONST_2, s2); else - sprintf(output_buffer, "%sCALL ISC_CREATE_DATABASE (%s, %s%" SIZEFORMAT"%s, %s'%s'%s, %s, %s0%s, 0, 0)\n", - COLUMN, - status_vector(), - I2CONST_1, strlen(db->dbb_filename), I2CONST_2, - REF_1, db->dbb_filename, REF_2, - db->dbb_name->sym_string, I2CONST_1, I2CONST_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_CREATE_DATABASE (%s, %s%" SIZEFORMAT"%s, %s'%s'%s, %s, %s0%s, 0, 0)\n", + COLUMN, + status_vector(), + I2CONST_1, strlen(db->dbb_filename), I2CONST_2, + REF_1, db->dbb_filename, REF_2, + db->dbb_name->sym_string, I2CONST_1, I2CONST_2); FTN_print_buffer(output_buffer); if (request && request->req_flags & REQ_extend_dpb) { if (request->req_length) { - sprintf(output_buffer, "%sif (%s != isc_%d)\n", COLUMN, s2, request->req_ident); + snprintf(output_buffer, sizeof(output_buffer), "%sif (%s != isc_%d)\n", COLUMN, s2, + request->req_ident); FTN_print_buffer(output_buffer); } - sprintf(output_buffer, "%sCALL ISC_FREE (%s)\n", COLUMN, s2); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL ISC_FREE (%s)\n", COLUMN, s2); FTN_print_buffer(output_buffer); // reset the length of the dpb - sprintf(output_buffer, "%s%s = %d\n", COLUMN, s1, request->req_length); + snprintf(output_buffer, sizeof(output_buffer), "%s%s = %d\n", COLUMN, s1, + request->req_length); FTN_print_buffer(output_buffer); } @@ -1345,7 +1356,8 @@ static void gen_database() global_first_flag = true; - sprintf(output_buffer, "\n%s **** GDS Preprocessor Definitions ****\n\n", COMMENT); + snprintf(output_buffer, sizeof(output_buffer), + "\n%s **** GDS Preprocessor Definitions ****\n\n", COMMENT); FTN_print_buffer(output_buffer); gen_database_decls(); //(action); @@ -1365,7 +1377,7 @@ static void gen_database_data() //(const act* action) Firebird::PathName include_buffer; include_buffer = fb_utils::getPrefix(Firebird::IConfigManager::DIR_INC, INCLUDE_FTN_FILE); - sprintf(output_buffer, INCLUDE_ISC_FTN, include_buffer.c_str()); + snprintf(output_buffer, sizeof(output_buffer), INCLUDE_ISC_FTN, include_buffer.c_str()); FTN_print_buffer(output_buffer); @@ -1570,10 +1582,11 @@ static void gen_ddl(const act* action) const gpre_req* request = action->act_request; - sprintf(output_buffer, "%sCALL isc_ddl (%s, %s, gds__trans, %s%d%s, isc_%d)\n", COLUMN, - status_vector(), - request->req_database->dbb_name->sym_string, I2CONST_1, - request->req_length, I2CONST_2, request->req_ident); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL isc_ddl (%s, %s, gds__trans, %s%d%s, isc_%d)\n", COLUMN, + status_vector(), + request->req_database->dbb_name->sym_string, I2CONST_1, + request->req_length, I2CONST_2, request->req_ident); FTN_print_buffer(output_buffer); @@ -1599,11 +1612,12 @@ static void gen_drop_database(const act* action) { const gpre_dbb* db = (gpre_dbb*) action->act_object; - sprintf(output_buffer, "%s CALL ISC_DROP_DATABASE (%s, %s%" SIZEFORMAT"%s, %s\'%s\'%s, RDB_K_DB_TYPE_GDS)\n", - COLUMN, - status_vector(), - I2_1, strlen(db->dbb_filename), I2_2, - REF_1, db->dbb_filename, REF_2); + snprintf(output_buffer, sizeof(output_buffer), + "%s CALL ISC_DROP_DATABASE (%s, %s%" SIZEFORMAT "%s, %s\'%s\'%s, RDB_K_DB_TYPE_GDS)\n", + COLUMN, + status_vector(), + I2_1, strlen(db->dbb_filename), I2_2, + REF_1, db->dbb_filename, REF_2); FTN_print_buffer(output_buffer); status_and_stop(action); } @@ -1699,12 +1713,12 @@ static void gen_dyn_execute(const act* action) TEXT s2[64], s3[64]; if (sqlda) { - sprintf(s2, "isc_baddress (%s)", sqlda); + snprintf(s2, sizeof(s2), "isc_baddress (%s)", sqlda); sqlda = s2; } if (sqlda2) { - sprintf(s3, "isc_baddress (%s)", sqlda2); + snprintf(s3, sizeof(s3), "isc_baddress (%s)", sqlda2); sqlda2 = s3; } #endif @@ -1741,7 +1755,7 @@ static void gen_dyn_fetch(const act* action) TEXT s2[64]; if (sqlda) { - sprintf(s2, "isc_baddress (%s)", sqlda); + snprintf(s2, sizeof(s2), "isc_baddress (%s)", sqlda); sqlda = s2; } #endif @@ -1795,12 +1809,12 @@ static void gen_dyn_immediate(const act* action) TEXT s2[64], s3[64]; if (sqlda) { - sprintf(s2, "isc_baddress (%s)", sqlda); + snprintf(s2, sizeof(s2), "isc_baddress (%s)", sqlda); sqlda = s2; } if (sqlda2) { - sprintf(s3, "isc_baddress (%s)", sqlda2); + snprintf(s3, sizeof(s3), "isc_baddress (%s)", sqlda2); sqlda2 = s3; } #endif @@ -1838,7 +1852,7 @@ static void gen_dyn_insert(const act* action) TEXT s2[64]; if (sqlda) { - sprintf(s2, "isc_baddress (%s)", sqlda); + snprintf(s2, sizeof(s2), "isc_baddress (%s)", sqlda); sqlda = s2; } #endif @@ -1890,12 +1904,12 @@ static void gen_dyn_open(const act* action) TEXT s2[64], s3[64]; if (sqlda) { - sprintf(s2, "isc_baddress (%s)", sqlda); + snprintf(s2, sizeof(s2), "isc_baddress (%s)", sqlda); sqlda = s2; } if (sqlda2) { - sprintf(s3, "isc_baddress (%s)", sqlda2); + snprintf(s3, sizeof(s3), "isc_baddress (%s)", sqlda2); sqlda2 = s3; } #endif @@ -1955,7 +1969,7 @@ static void gen_dyn_prepare(const act* action) TEXT s2[64]; if (sqlda) { - sprintf(s2, "isc_baddress (%s)", sqlda); + snprintf(s2, sizeof(s2), "isc_baddress (%s)", sqlda); sqlda = s2; } #endif @@ -1998,10 +2012,11 @@ static void gen_emodify(const act* action) if (field->fld_dtype == dtype_blob || field->fld_dtype == dtype_quad || field->fld_dtype == dtype_date) { - sprintf(output_buffer, "%sCALL isc_qtoq (%s, %s)\n", COLUMN, s1, s2); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL isc_qtoq (%s, %s)\n", COLUMN, s1, + s2); } else - sprintf(output_buffer, "%s%s = %s\n", COLUMN, s2, s1); + snprintf(output_buffer, sizeof(output_buffer), "%s%s = %s\n", COLUMN, s2, s1); FTN_print_buffer(output_buffer); if (field->fld_array_info) gen_get_or_put_slice(action, reference, false); @@ -2204,7 +2219,7 @@ static void gen_event_wait(const act* action) if (ident < 0) { TEXT s[64]; - sprintf(s, "event handle \"%s\" not found", event_name->sym_string); + snprintf(s, sizeof(s), "event handle \"%s\" not found", event_name->sym_string); CPR_error(s); return; } @@ -2366,76 +2381,74 @@ static void gen_get_or_put_slice(const act* action, const ref* reference, bool g { if (action->act_flags & ACT_sql) { - sprintf(output_buffer, - "%sCALL ISC_GET_SLICE (%s, %s, %s, %s, %s%d%s, isc_%d, %s0%s, %s0%s, %s%" - SLONGFORMAT"%s, %s, ISC_ARRAY_LENGTH)\n", - COLUMN, - status_vector(), - action->act_request->req_database->dbb_name->sym_string, - action->act_request->req_trans, - gen_name(s, reference, true), - I2CONST_1, reference->ref_sdl_length, I2CONST_2, - reference->ref_sdl_ident, - I2CONST_1, I2CONST_2, - I2CONST_1, I2CONST_2, - I4CONST_1, reference->ref_field->fld_array_info->ary_size, - I4CONST_2, reference->ref_value); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_GET_SLICE (%s, %s, %s, %s, %s%d%s, isc_%d, %s0%s, %s0%s, %s%" + SLONGFORMAT "%s, %s, ISC_ARRAY_LENGTH)\n", + COLUMN, + status_vector(), + action->act_request->req_database->dbb_name->sym_string, + action->act_request->req_trans, + gen_name(s, reference, true), + I2CONST_1, reference->ref_sdl_length, I2CONST_2, + reference->ref_sdl_ident, + I2CONST_1, I2CONST_2, + I2CONST_1, I2CONST_2, + I4CONST_1, reference->ref_field->fld_array_info->ary_size, I4CONST_2, + reference->ref_value); } else { - sprintf(output_buffer, - "%sCALL ISC_GET_SLICE (%s, %s, %s, %s, %s%d%s, isc_%d, %s0%s, %s0%s, %s%" - SLONGFORMAT"%s, isc_%d, ISC_ARRAY_LENGTH)\n", - COLUMN, - status_vector(), - action->act_request->req_database->dbb_name->sym_string, - action->act_request->req_trans, - gen_name(s, reference, true), - I2CONST_1, reference->ref_sdl_length, I2CONST_2, - reference->ref_sdl_ident, - I2CONST_1, I2CONST_2, - I2CONST_1, I2CONST_2, - I4CONST_1, reference->ref_field->fld_array_info->ary_size, - I4CONST_2, - reference->ref_field->fld_array_info->ary_ident); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_GET_SLICE (%s, %s, %s, %s, %s%d%s, isc_%d, %s0%s, %s0%s, %s%" + SLONGFORMAT "%s, isc_%d, ISC_ARRAY_LENGTH)\n", + COLUMN, + status_vector(), + action->act_request->req_database->dbb_name->sym_string, + action->act_request->req_trans, + gen_name(s, reference, true), + I2CONST_1, reference->ref_sdl_length, I2CONST_2, + reference->ref_sdl_ident, + I2CONST_1, I2CONST_2, + I2CONST_1, I2CONST_2, + I4CONST_1, reference->ref_field->fld_array_info->ary_size, I4CONST_2, + reference->ref_field->fld_array_info->ary_ident); } } else { if (action->act_flags & ACT_sql) { - sprintf(output_buffer, - "%sCALL ISC_PUT_SLICE (%s, %s, %s, %s, %s%d%s, isc_%d, %s0%s, %s0%s, %s%" - SLONGFORMAT"%s, %s)\n", - COLUMN, - status_vector(), - action->act_request->req_database->dbb_name->sym_string, - action->act_request->req_trans, - gen_name(s, reference, true), - I2CONST_1, reference->ref_sdl_length, I2CONST_2, - reference->ref_sdl_ident, - I2CONST_1, I2CONST_2, - I2CONST_1, I2CONST_2, - I4CONST_1, reference->ref_field->fld_array_info->ary_size, - I4CONST_2, reference->ref_value); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_PUT_SLICE (%s, %s, %s, %s, %s%d%s, isc_%d, %s0%s, %s0%s, %s%" + SLONGFORMAT "%s, %s)\n", + COLUMN, + status_vector(), + action->act_request->req_database->dbb_name->sym_string, + action->act_request->req_trans, + gen_name(s, reference, true), + I2CONST_1, reference->ref_sdl_length, I2CONST_2, + reference->ref_sdl_ident, + I2CONST_1, I2CONST_2, + I2CONST_1, I2CONST_2, + I4CONST_1, reference->ref_field->fld_array_info->ary_size, I4CONST_2, + reference->ref_value); } else { - sprintf(output_buffer, - "%sCALL ISC_PUT_SLICE (%s, %s, %s, %s, %s%d%s, isc_%d, %s0%s, %s0%s, %s%" - SLONGFORMAT"%s, isc_%d)\n", - COLUMN, - status_vector(), - action->act_request->req_database->dbb_name->sym_string, - action->act_request->req_trans, - gen_name(s, reference, true), - I2CONST_1, reference->ref_sdl_length, I2CONST_2, - reference->ref_sdl_ident, - I2CONST_1, I2CONST_2, - I2CONST_1, I2CONST_2, - I4CONST_1, reference->ref_field->fld_array_info->ary_size, - I4CONST_2, - reference->ref_field->fld_array_info->ary_ident); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_PUT_SLICE (%s, %s, %s, %s, %s%d%s, isc_%d, %s0%s, %s0%s, %s%" + SLONGFORMAT "%s, isc_%d)\n", + COLUMN, + status_vector(), + action->act_request->req_database->dbb_name->sym_string, + action->act_request->req_trans, + gen_name(s, reference, true), + I2CONST_1, reference->ref_sdl_length, I2CONST_2, + reference->ref_sdl_ident, + I2CONST_1, I2CONST_2, + I2CONST_1, I2CONST_2, + I4CONST_1, reference->ref_field->fld_array_info->ary_size, I4CONST_2, + reference->ref_field->fld_array_info->ary_ident); } } @@ -2457,14 +2470,14 @@ static void gen_get_segment(const act* action) else blob = (blb*) action->act_object; - sprintf(output_buffer, - "%sISC_STATUS(2) = ISC_GET_SEGMENT (%s, isc_%d, isc_%d, %sLEN(isc_%d)%s, %sisc_%d%s)\n", - COLUMN, - status_vector(), - blob->blb_ident, - blob->blb_len_ident, - I2CONST_1, blob->blb_buff_ident, I2CONST_2, - REF_1, blob->blb_buff_ident, REF_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sISC_STATUS(2) = ISC_GET_SEGMENT (%s, isc_%d, isc_%d, %sLEN(isc_%d)%s, %sisc_%d%s)\n", + COLUMN, + status_vector(), + blob->blb_ident, + blob->blb_len_ident, + I2CONST_1, blob->blb_buff_ident, I2CONST_2, + REF_1, blob->blb_buff_ident, REF_2); FTN_print_buffer(output_buffer); @@ -2638,12 +2651,13 @@ static void gen_put_segment(const act* action) else blob = (blb*) action->act_object; - sprintf(output_buffer, "%sISC_STATUS(2) = ISC_PUT_SEGMENT (%s, isc_%d, %sisc_%d%s, %sisc_%d%s)\n", - COLUMN, - status_vector(), - blob->blb_ident, - VAL_1, blob->blb_len_ident, VAL_2, - REF_1, blob->blb_buff_ident, REF_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sISC_STATUS(2) = ISC_PUT_SEGMENT (%s, isc_%d, %sisc_%d%s, %sisc_%d%s)\n", + COLUMN, + status_vector(), + blob->blb_ident, + VAL_1, blob->blb_len_ident, VAL_2, + REF_1, blob->blb_buff_ident, REF_2); FTN_print_buffer(output_buffer); status_and_stop(action); @@ -2690,9 +2704,9 @@ static void gen_raw(const UCHAR* blr, req_t request_type, int request_length, in } } if (blr_length) - sprintf(p, "%" SLONGFORMAT",", blr_hunk.longword_blr); + snprintf(p, sizeof(buffer) - (p - buffer), "%" SLONGFORMAT ",", blr_hunk.longword_blr); else - sprintf(p, "%" SLONGFORMAT, blr_hunk.longword_blr); + snprintf(p, sizeof(buffer) - (p - buffer), "%" SLONGFORMAT, blr_hunk.longword_blr); while (*p) p++; if (p - buffer > 50) @@ -2741,11 +2755,12 @@ static void gen_receive(const act* action, const gpre_port* port) { const gpre_req* request = action->act_request; - sprintf(output_buffer, "%sCALL ISC_RECEIVE (%s, %s, %s%d%s, %s%d%s, %sisc_%d%s, %s%s%s)\n", - COLUMN, status_vector(), request->req_handle, I2CONST_1, - port->por_msg_number, I2CONST_2, I2CONST_1, port->por_length, - I2CONST_2, REF_1, port->por_ident, REF_2, VAL_1, - request->req_request_level, VAL_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_RECEIVE (%s, %s, %s%d%s, %s%d%s, %sisc_%d%s, %s%s%s)\n", + COLUMN, status_vector(), request->req_handle, + I2CONST_1, port->por_msg_number, I2CONST_2, + I2CONST_1, port->por_length, I2CONST_2, REF_1, port->por_ident, REF_2, + VAL_1, request->req_request_level, VAL_2); FTN_print_buffer(output_buffer); @@ -3201,11 +3216,12 @@ static void gen_select(const act* action) static void gen_send(const act* action, const gpre_port* port) { const gpre_req* request = action->act_request; - sprintf(output_buffer, "%s CALL ISC_SEND (%s, %s, %s%d%s, %s%d%s, %sisc_%d%s, %s%s%s)\n", - COLUMN, status_vector(), request->req_handle, I2CONST_1, - port->por_msg_number, I2CONST_2, I2CONST_1, port->por_length, - I2CONST_2, REF_1, port->por_ident, REF_2, VAL_1, - request->req_request_level, VAL_2); + snprintf(output_buffer, sizeof(output_buffer), + "%s CALL ISC_SEND (%s, %s, %s%d%s, %s%d%s, %sisc_%d%s, %s%s%s)\n", + COLUMN, status_vector(), request->req_handle, + I2CONST_1, port->por_msg_number, I2CONST_2, + I2CONST_1, port->por_length, I2CONST_2, REF_1, port->por_ident, REF_2, + VAL_1, request->req_request_level, VAL_2); FTN_print_buffer(output_buffer); @@ -3234,7 +3250,8 @@ static void gen_slice(const act* action) // Compute array size - sprintf(buffer, "isc_%ds = %d", request->req_ident, slice->slc_field->fld_array->fld_length); + snprintf(buffer, sizeof(buffer), "isc_%ds = %d", request->req_ident, + slice->slc_field->fld_array->fld_length); const slc::slc_repeat* tail = slice->slc_rpt; for (const slc::slc_repeat* const end = tail + slice->slc_dimensions; tail < end; ++tail) @@ -3244,9 +3261,10 @@ static void gen_slice(const act* action) const ref* lower = (const ref*) tail->slc_lower->nod_arg[0]; const ref* upper = (const ref*) tail->slc_upper->nod_arg[0]; if (lower->ref_value) - sprintf(temp, " * ( %s - %s + 1)", upper->ref_value, lower->ref_value); + snprintf(temp, sizeof(temp), " * ( %s - %s + 1)", upper->ref_value, + lower->ref_value); else - sprintf(temp, " * ( %s + 1)", upper->ref_value); + snprintf(temp, sizeof(temp), " * ( %s + 1)", upper->ref_value); strcat(buffer, temp); } } @@ -3300,19 +3318,19 @@ static void gen_start(const act* action, const gpre_port* port) gen_get_or_put_slice(action, reference, false); } - sprintf(output_buffer, - "%sCALL ISC_START_AND_SEND (%s, %s, %s, %s%d%s, %s%d%s, %sisc_%d%s, %s%s%s)\n", - COLUMN, vector, request->req_handle, - request_trans(action, request), - I2CONST_1, port->por_msg_number, I2CONST_2, - I2CONST_1, port->por_length, I2CONST_2, - REF_1, port->por_ident, REF_2, - I2CONST_1, request->req_request_level, I2CONST_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_START_AND_SEND (%s, %s, %s, %s%d%s, %s%d%s, %sisc_%d%s, %s%s%s)\n", + COLUMN, vector, request->req_handle, + request_trans(action, request), + I2CONST_1, port->por_msg_number, I2CONST_2, + I2CONST_1, port->por_length, I2CONST_2, + REF_1, port->por_ident, REF_2, + I2CONST_1, request->req_request_level, I2CONST_2); } else - sprintf(output_buffer, "%sCALL ISC_START_REQUEST (%s, %s, %s, %s%s%s)\n", - COLUMN, vector, request->req_handle, request_trans(action, request), - I2CONST_1, request->req_request_level, I2CONST_2); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL ISC_START_REQUEST (%s, %s, %s, %s%s%s)\n", + COLUMN, vector, request->req_handle, request_trans(action, request), + I2CONST_1, request->req_request_level, I2CONST_2); FTN_print_buffer(output_buffer); @@ -3457,14 +3475,18 @@ static void gen_tpb_data(const tpb* tpb_buffer) break; } if (length) - sprintf(p, "%" SLONGFORMAT",", tpb_hunk.longword_tpb); + snprintf(p, sizeof(output_buffer) - (p - output_buffer), "%" SLONGFORMAT",", + tpb_hunk.longword_tpb); else - sprintf(p, "%" SLONGFORMAT"/\n", tpb_hunk.longword_tpb); - p += 12; // ??? + snprintf(p, sizeof(output_buffer) - (p - output_buffer), "%" SLONGFORMAT"/\n", + tpb_hunk.longword_tpb); + while (*p) + p++; } FTN_print_buffer(output_buffer); - sprintf(output_buffer, "%sEnd of data for ISC_TPB_%d\n", COMMENT, tpb_buffer->tpb_ident); + snprintf(output_buffer, sizeof(output_buffer), "%sEnd of data for ISC_TPB_%d\n", COMMENT, + tpb_buffer->tpb_ident); FTN_print_buffer(output_buffer); } @@ -3641,7 +3663,7 @@ static void make_array_declaration( const ref* reference) default: { TEXT s[64]; - sprintf(s, "datatype %d unknown\n", field->fld_dtype); + snprintf(s, sizeof(s), "datatype %d unknown\n", field->fld_dtype); CPR_error(s); return; } @@ -3791,12 +3813,12 @@ static void make_ready(const gpre_dbb* db, const TEXT* filename, const TEXT* vec if (request) { - sprintf(s1, "isc_%dl", request->req_ident); + snprintf(s1, sizeof(s1), "isc_%dl", request->req_ident); if (request->req_flags & REQ_extend_dpb) - sprintf(s2, "isc_%dp", request->req_ident); + snprintf(s2, sizeof(s2), "isc_%dp", request->req_ident); else - sprintf(s2, "isc_%d", request->req_ident); + snprintf(s2, sizeof(s2), "isc_%d", request->req_ident); // if the dpb needs to be extended at runtime to include items // in host variables, do so here; this assumes that there is // always a request generated for runtime variables @@ -3805,57 +3827,58 @@ static void make_ready(const gpre_dbb* db, const TEXT* filename, const TEXT* vec { if (request->req_length) { - sprintf(output_buffer, "%s%s = isc_%d\n", COLUMN, s2, request->req_ident); + snprintf(output_buffer, sizeof(output_buffer), "%s%s = isc_%d\n", COLUMN, s2, + request->req_ident); FTN_print_buffer(output_buffer); } // MMM else { - sprintf(output_buffer, "%s%s = 0\n", COLUMN, s2); + snprintf(output_buffer, sizeof(output_buffer), "%s%s = 0\n", COLUMN, s2); FTN_print_buffer(output_buffer); } if (db->dbb_r_user) { - sprintf(output_buffer, - "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_user_name, %s, %sLEN(%s)%s)\n", - COLUMN, s2, s1, db->dbb_r_user, - I2CONST_1, db->dbb_r_user, I2CONST_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_user_name, %s, %sLEN(%s)%s)\n", + COLUMN, s2, s1, db->dbb_r_user, + I2CONST_1, db->dbb_r_user, I2CONST_2); FTN_print_buffer(output_buffer); } if (db->dbb_r_password) { - sprintf(output_buffer, - "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_password, %s, %sLEN(%s)%s)\n", - COLUMN, s2, s1, db->dbb_r_password, - I2CONST_1, db->dbb_r_password, I2CONST_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_password, %s, %sLEN(%s)%s)\n", + COLUMN, s2, s1, db->dbb_r_password, + I2CONST_1, db->dbb_r_password, I2CONST_2); FTN_print_buffer(output_buffer); } // SQL Role supports GPRE/Fortran if (db->dbb_r_sql_role) { - sprintf(output_buffer, - "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_sql_role_name, %s, %sLEN(%s)%s)\n", - COLUMN, s2, s1, db->dbb_r_sql_role, - I2CONST_1, db->dbb_r_sql_role, I2CONST_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_sql_role_name, %s, %sLEN(%s)%s)\n", + COLUMN, s2, s1, db->dbb_r_sql_role, + I2CONST_1, db->dbb_r_sql_role, I2CONST_2); FTN_print_buffer(output_buffer); } if (db->dbb_r_lc_messages) { - sprintf(output_buffer, - "%sCALL ISC_MODIFY_DPB(%s, %s, isc_dpb_lc_messages, %s, %sLEN(%s)%s)\n", - COLUMN, s2, s1, db->dbb_r_lc_messages, - I2CONST_1, db->dbb_r_lc_messages, I2CONST_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_MODIFY_DPB(%s, %s, isc_dpb_lc_messages, %s, %sLEN(%s)%s)\n", + COLUMN, s2, s1, db->dbb_r_lc_messages, + I2CONST_1, db->dbb_r_lc_messages, I2CONST_2); FTN_print_buffer(output_buffer); } if (db->dbb_r_lc_ctype) { - sprintf(output_buffer, - "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_lc_type, %s, %sLEN(%s)%s)\n", - COLUMN, s2, s1, db->dbb_r_lc_ctype, - I2CONST_1, db->dbb_r_lc_ctype, I2CONST_2); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_MODIFY_DPB (%s, %s, isc_dpb_lc_type, %s, %sLEN(%s)%s)\n", + COLUMN, s2, s1, db->dbb_r_lc_ctype, + I2CONST_1, db->dbb_r_lc_ctype, I2CONST_2); FTN_print_buffer(output_buffer); } } @@ -3863,43 +3886,47 @@ static void make_ready(const gpre_dbb* db, const TEXT* filename, const TEXT* vec if (filename) { - sprintf(output_buffer, "%sISC_%s = %s\n", COLUMN, db->dbb_name->sym_string, filename); + snprintf(output_buffer, sizeof(output_buffer), "%sISC_%s = %s\n", COLUMN, + db->dbb_name->sym_string, filename); FTN_print_buffer(output_buffer); - sprintf(output_buffer, - "%sCALL ISC_ATTACH_DATABASE (%s, %sLEN(%s)%s, %sISC_%s%s, %s, %s%s%s, %s)\n", - COLUMN, vector, I2CONST_1, filename, I2CONST_2, - REF_1, db->dbb_name->sym_string, REF_2, - db->dbb_name->sym_string, I2CONST_1, - (request ? s1 : "0"), I2CONST_2, (request ? s2 : "0")); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_ATTACH_DATABASE (%s, %sLEN(%s)%s, %sISC_%s%s, %s, %s%s%s, %s)\n", + COLUMN, vector, I2CONST_1, filename, I2CONST_2, + REF_1, db->dbb_name->sym_string, REF_2, + db->dbb_name->sym_string, I2CONST_1, (request ? s1 : "0"), I2CONST_2, + (request ? s2 : "0")); FTN_print_buffer(output_buffer); } else { - sprintf(output_buffer, "%sISC_%s = '%s'\n", COLUMN, db->dbb_name->sym_string, db->dbb_filename); + snprintf(output_buffer, sizeof(output_buffer), "%sISC_%s = '%s'\n", COLUMN, + db->dbb_name->sym_string, db->dbb_filename); FTN_print_buffer(output_buffer); - sprintf(output_buffer, - "%sCALL ISC_ATTACH_DATABASE (%s, %sLEN('%s')%s, %sISC_%s%s, %s, %s%s%s, %s)\n", - COLUMN, vector, I2CONST_1, db->dbb_filename, I2CONST_2, - REF_1, db->dbb_name->sym_string, REF_2, - db->dbb_name->sym_string, I2CONST_1, - (request ? s1 : "0"), I2CONST_2, (request ? s2 : "0")); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL ISC_ATTACH_DATABASE (%s, %sLEN('%s')%s, %sISC_%s%s, %s, %s%s%s, %s)\n", + COLUMN, vector, I2CONST_1, db->dbb_filename, I2CONST_2, + REF_1, db->dbb_name->sym_string, REF_2, + db->dbb_name->sym_string, I2CONST_1, (request ? s1 : "0"), I2CONST_2, + (request ? s2 : "0")); FTN_print_buffer(output_buffer); } if (request && request->req_flags & REQ_extend_dpb) { if (request->req_length) { - sprintf(output_buffer, "%sif (%s != isc_%d)\n", COLUMN, s2, request->req_ident); + snprintf(output_buffer, sizeof(output_buffer), "%sif (%s != isc_%d)\n", COLUMN, s2, + request->req_ident); FTN_print_buffer(output_buffer); } - sprintf(output_buffer, "%sCALL ISC_FREE (%s)\n", COLUMN, s2); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL ISC_FREE (%s)\n", COLUMN, s2); FTN_print_buffer(output_buffer); // reset the length of the dpb - sprintf(output_buffer, "%s%s = %d\n", COLUMN, s1, request->req_length); + snprintf(output_buffer, sizeof(output_buffer), "%s%s = %d\n", COLUMN, s1, + request->req_length); FTN_print_buffer(output_buffer); } } @@ -3943,7 +3970,7 @@ static void printa(const TEXT* column, const TEXT* string, ...) strcpy(s, column); strcat(s, string); strcat(s, "\n"); - vsprintf(output_buffer, s, ptr); + vsnprintf(output_buffer, sizeof(output_buffer), s, ptr); va_end(ptr); FTN_print_buffer(output_buffer); } @@ -4035,7 +4062,7 @@ static void t_start_auto(const gpre_req* request, const TEXT* vector, const act* printa(COLUMN, "END IF"); if (buffer[0]) strcat(buffer, " .AND. "); - sprintf(temp, "%s .NE. 0", db->dbb_name->sym_string); + snprintf(temp, sizeof(temp), "%s .NE. 0", db->dbb_name->sym_string); strcat(buffer, temp); } } diff --git a/src/gpre/languages/pas.cpp b/src/gpre/languages/pas.cpp index 30d8ca9762c..bce283a9d15 100644 --- a/src/gpre/languages/pas.cpp +++ b/src/gpre/languages/pas.cpp @@ -722,8 +722,6 @@ static void gen_based( const act* action, int column) fprintf(gpreGlob.out_file, "%s [1..%d] of ", PACKED_ARRAY, field->fld_length); } - TEXT s[64]; - switch (datatype) { case dtype_short: @@ -753,10 +751,13 @@ static void gen_based( const act* action, int column) break; default: - sprintf(s, "datatype %d unknown\n", field->fld_dtype); + { + TEXT s[64]; + snprintf(s, sizeof(s), "datatype %d unknown\n", field->fld_dtype); CPR_error(s); return; } + } } @@ -1880,7 +1881,7 @@ static void gen_event_wait( const act* action, int column) if (ident < 0) { TEXT s[64]; - sprintf(s, "event handle \"%s\" not found", event_name->sym_string); + snprintf(s, sizeof(s), "event handle \"%s\" not found", event_name->sym_string); CPR_error(s); return; } @@ -2056,19 +2057,18 @@ static void gen_get_or_put_slice(const act* action, args.pat_database = action->act_request->req_database; // database handle args.pat_string1 = action->act_request->req_trans; // transaction handle - TEXT s1[MAX_REF_SIZE], s2[MAX_REF_SIZE], s3[MAX_REF_SIZE], s4[MAX_REF_SIZE]; + TEXT s1[MAX_REF_SIZE], s2[MAX_REF_SIZE], s4[MAX_REF_SIZE]; gen_name(s1, reference, true); // blob handle args.pat_string2 = s1; args.pat_value1 = reference->ref_sdl_length; // slice descr. length - sprintf(s2, "gds__%d", reference->ref_sdl_ident); // slice description + snprintf(s2, sizeof(s2), "gds__%d", reference->ref_sdl_ident); // slice description args.pat_string3 = s2; args.pat_value2 = 0; // parameter length - sprintf(s3, "0"); // parameter - args.pat_string4 = s3; + args.pat_string4 = "0"; // parameter args.pat_long1 = reference->ref_field->fld_array_info->ary_size; // slice size @@ -2078,7 +2078,7 @@ static void gen_get_or_put_slice(const act* action, } else { - sprintf(s4, "gds__%d", reference->ref_field->fld_array_info->ary_ident); + snprintf(s4, sizeof(s4), "gds__%d", reference->ref_field->fld_array_info->ary_ident); args.pat_string5 = s4; // array name } @@ -2344,9 +2344,9 @@ static void gen_raw(const UCHAR* blr, int request_length) //, int column) { const UCHAR c = *blr; if ((c >= 'A' && c <= 'Z') || c == '$' || c == '_') - sprintf(p, "'%c'", c); + snprintf(p, sizeof(buffer) - (p - buffer), "'%c'", c); else - sprintf(p, "chr(%d)", c); + snprintf(p, sizeof(buffer) - (p - buffer), "chr(%d)", c); while (*p) p++; if (blr != end) @@ -3027,9 +3027,9 @@ static void gen_tpb( const tpb* tpb_val, int column) { const TEXT c = *text++; if ((c >= 'A' && c <= 'Z') || c == '$' || c == '_') - sprintf(p, "'%c', ", c); + snprintf(p, sizeof(buffer) - (p - buffer), "'%c', ", c); else - sprintf(p, "chr(%d), ", c); + snprintf(p, sizeof(buffer) - (p - buffer), "chr(%d), ", c); while (*p) p++; if (p - buffer > 60) @@ -3045,9 +3045,9 @@ static void gen_tpb( const tpb* tpb_val, int column) TEXT c = *text++; if ((c >= 'A' && c <= 'Z') || c == '$' || c == '_') - sprintf(p, "'%c',", c); + snprintf(p, sizeof(buffer) - (p - buffer), "'%c',", c); else - sprintf(p, "chr(%d)", c); + snprintf(p, sizeof(buffer) - (p - buffer), "chr(%d)", c); align(column + INDENT); fprintf(gpreGlob.out_file, "%s", buffer); @@ -3350,8 +3350,8 @@ static void make_ready(const gpre_dbb* db, if (request) { - sprintf(s1, "gds__%dL", request->req_ident); - sprintf(s2, "gds__%d", request->req_ident); + snprintf(s1, sizeof(s1), "gds__%dL", request->req_ident); + snprintf(s2, sizeof(s2), "gds__%d", request->req_ident); } align(column); @@ -3467,7 +3467,7 @@ static void t_start_auto( const act* action, const gpre_req* request, strcat(buffer, ") and\n\t("); and_count++; TEXT temp[40]; - sprintf(temp, "%s <> nil", db->dbb_name->sym_string); + snprintf(temp, sizeof(temp), "%s <> nil", db->dbb_name->sym_string); strcat(buffer, temp); printa(column, "if (%s) then", buffer); align(column + INDENT); diff --git a/src/gpre/languages/rmc.cpp b/src/gpre/languages/rmc.cpp index 061cfb4040e..f7aa8a168df 100644 --- a/src/gpre/languages/rmc.cpp +++ b/src/gpre/languages/rmc.cpp @@ -412,7 +412,7 @@ void RMC_action(const act* action, int /*column*/) gen_blob_end(action); return; case ACT_enderror: - sprintf(output_buffer, "%sEND-IF", names[COLUMN]); + snprintf(output_buffer, sizeof(output_buffer), "%sEND-IF", names[COLUMN]); RMC_print_buffer(output_buffer, false); return; case ACT_endfor: @@ -744,42 +744,46 @@ static void asgn_from( const act* action, const ref* reference) if (reference->ref_field->fld_dtype == dtype_date && strlen(gpreGlob.sw_cob_dformat) != 0) { - sprintf(output_buffer, "%sCALL \"rmc_dtoc\" USING %s, %s, \"%s\"\n", - names[COLUMN], variable, value, gpreGlob.sw_cob_dformat); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_dtoc\" USING %s, %s, \"%s\"\n", + names[COLUMN], variable, value, gpreGlob.sw_cob_dformat); } else { if (reference->ref_field->fld_dtype == dtype_sql_date && strlen(gpreGlob.sw_cob_dformat) != 0) { - sprintf(output_buffer, "%sCALL \"rmc_dtoc\" USING ISC-TEMP-QUAD, %s, \"%s\"\n", - names[COLUMN], value, gpreGlob.sw_cob_dformat); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_dtoc\" USING ISC-TEMP-QUAD, %s, \"%s\"\n", + names[COLUMN], value, gpreGlob.sw_cob_dformat); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sMOVE ISC-TEMP-QUAD-HIGH TO %s\n", - names[COLUMN], variable); + snprintf(output_buffer, sizeof(output_buffer), + "%sMOVE ISC-TEMP-QUAD-HIGH TO %s\n", names[COLUMN], variable); } else { if (reference->ref_field->fld_dtype == dtype_sql_time && strlen(gpreGlob.sw_cob_dformat) != 0) { - sprintf(output_buffer, "%sCALL \"rmc_dtoc\" USING ISC-TEMP-QUAD, %s, \"%s\"\n", - names[COLUMN], value, gpreGlob.sw_cob_dformat); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_dtoc\" USING ISC-TEMP-QUAD, %s, \"%s\"\n", + names[COLUMN], value, gpreGlob.sw_cob_dformat); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sMOVE ISC-TEMP-QUAD-LOW TO %s\n", - names[COLUMN], variable); + snprintf(output_buffer, sizeof(output_buffer), + "%sMOVE ISC-TEMP-QUAD-LOW TO %s\n", names[COLUMN], variable); } else { if (reference->ref_field->fld_dtype == dtype_cstring) { - sprintf(output_buffer, "%sCALL \"rmc_stoc\" USING %s GIVING %s\n", - names[COLUMN], value, variable); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_stoc\" USING %s GIVING %s\n", + names[COLUMN], value, variable); } else { - sprintf(output_buffer, "%sMOVE %s TO %s\n", - names[COLUMN], value, variable); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s TO %s\n", + names[COLUMN], value, variable); switch (reference->ref_field->fld_dtype) { @@ -787,14 +791,16 @@ static void asgn_from( const act* action, const ref* reference) case dtype_long: case dtype_int64: RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sCALL \"rmc_btoc\" USING %s GIVING %s\n", - names[COLUMN], variable, variable); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_btoc\" USING %s GIVING %s\n", + names[COLUMN], variable, variable); break; case dtype_real: case dtype_double: RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sCALL \"rmc_ftoc\" USING %s GIVING %s\n", - names[COLUMN], variable, variable); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_ftoc\" USING %s GIVING %s\n", + names[COLUMN], variable, variable); break; } } @@ -804,15 +810,18 @@ static void asgn_from( const act* action, const ref* reference) } else { - sprintf(output_buffer, "%sIF %s < 0 THEN\n", names[COLUMN], value); + snprintf(output_buffer, sizeof(output_buffer), "%sIF %s < 0 THEN\n", names[COLUMN], + value); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sMOVE -1 TO %s\n", names[COLUMN_INDENT], variable); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE -1 TO %s\n", + names[COLUMN_INDENT], variable); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sELSE\n", names[COLUMN]); + snprintf(output_buffer, sizeof(output_buffer), "%sELSE\n", names[COLUMN]); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sMOVE 0 TO %s\n", names[COLUMN_INDENT], variable); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE 0 TO %s\n", names[COLUMN_INDENT], + variable); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sEND-IF\n", names[COLUMN]); + snprintf(output_buffer, sizeof(output_buffer), "%sEND-IF\n", names[COLUMN]); } RMC_print_buffer(output_buffer, false); } @@ -841,43 +850,47 @@ static void asgn_to( const act* action, ref* reference) if ((field->fld_dtype == dtype_date) && (strlen(gpreGlob.sw_cob_dformat) != 0)) { - sprintf(output_buffer, "%sCALL \"rmc_ctod\" USING %s, %s, \"%s\"\n", - names[COLUMN], - reference->ref_value, - s, - gpreGlob.sw_cob_dformat); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"rmc_ctod\" USING %s, %s, \"%s\"\n", + names[COLUMN], reference->ref_value, s, gpreGlob.sw_cob_dformat); RMC_print_buffer(output_buffer, false); } else { if ((field->fld_dtype == dtype_sql_date) && (strlen(gpreGlob.sw_cob_dformat) != 0)) { - sprintf(output_buffer, "%sMOVE ZERO TO ISC-TEMP-QUAD-LOW\n", names[COLUMN]); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE ZERO TO ISC-TEMP-QUAD-LOW\n", + names[COLUMN]); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sMOVE %s TO ISC-TEMP-QUAD-HIGH\n", names[COLUMN], s); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s TO ISC-TEMP-QUAD-HIGH\n", + names[COLUMN], s); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sCALL \"rmc_ctod\" USING %s, ISC-TEMP-QUAD, \"%s\"\n", - names[COLUMN], reference->ref_value, gpreGlob.sw_cob_dformat); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_ctod\" USING %s, ISC-TEMP-QUAD, \"%s\"\n", + names[COLUMN], reference->ref_value, gpreGlob.sw_cob_dformat); RMC_print_buffer(output_buffer, false); } else { if ((field->fld_dtype == dtype_sql_time) && (strlen(gpreGlob.sw_cob_dformat) != 0)) { - sprintf(output_buffer, "%sMOVE ZERO TO ISC-TEMP-QUAD-HIGH\n", names[COLUMN]); + snprintf(output_buffer, sizeof(output_buffer), + "%sMOVE ZERO TO ISC-TEMP-QUAD-HIGH\n", names[COLUMN]); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sMOVE %s TO ISC-TEMP-QUAD-LOW\n", names[COLUMN], s); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s TO ISC-TEMP-QUAD-LOW\n", + names[COLUMN], s); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sCALL \"rmc_ctod\" USING %s, ISC-TEMP-QUAD, \"%s\"\n", - names[COLUMN], reference->ref_value, gpreGlob.sw_cob_dformat); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_ctod\" USING %s, ISC-TEMP-QUAD, \"%s\"\n", + names[COLUMN], reference->ref_value, gpreGlob.sw_cob_dformat); RMC_print_buffer(output_buffer, false); } else { if (field->fld_dtype == dtype_cstring) { - sprintf(output_buffer, "%sCALL \"rmc_ctos\" USING %s GIVING %s\n", - names[COLUMN], s, reference->ref_value); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_ctos\" USING %s GIVING %s\n", + names[COLUMN], s, reference->ref_value); RMC_print_buffer(output_buffer, false); } else @@ -887,19 +900,20 @@ static void asgn_to( const act* action, ref* reference) case dtype_short: case dtype_long: case dtype_int64: - sprintf(output_buffer, "%sCALL \"rmc_ctob\" USING %s GIVING %s\n", - names[COLUMN], s, s); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_ctob\" USING %s GIVING %s\n", names[COLUMN], s, s); RMC_print_buffer(output_buffer, false); break; case dtype_real: case dtype_double: - sprintf(output_buffer, "%sCALL \"rmc_ctof\" USING %s GIVING %s\n", - names[COLUMN], s, s); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_ctof\" USING %s GIVING %s\n", names[COLUMN], s, s); RMC_print_buffer(output_buffer, false); break; } field = reference->ref_field; - sprintf(output_buffer, "%sMOVE %s TO %s\n", names[COLUMN], s, reference->ref_value); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s TO %s\n", + names[COLUMN], s, reference->ref_value); RMC_print_buffer(output_buffer, false); } } @@ -910,8 +924,8 @@ static void asgn_to( const act* action, ref* reference) if (reference = reference->ref_null) { - sprintf(output_buffer, "%sMOVE %s TO %s\n", - names[COLUMN], gen_name(s, reference, true), reference->ref_value); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s TO %s\n", + names[COLUMN], gen_name(s, reference, true), reference->ref_value); RMC_print_buffer(output_buffer, false); } } @@ -935,43 +949,48 @@ static void asgn_to_proc( const ref* reference) gen_name(s, reference, true); if ((reference->ref_field->fld_dtype == dtype_date) && strlen(gpreGlob.sw_cob_dformat) != 0) { - sprintf(output_buffer, "%sCALL \"rmc_ctod\" USING %s, %s, \"%s\"\n", - names[COLUMN], - reference->ref_value, - s, - gpreGlob.sw_cob_dformat); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_ctod\" USING %s, %s, \"%s\"\n", + names[COLUMN], reference->ref_value, s, gpreGlob.sw_cob_dformat); RMC_print_buffer(output_buffer, false); } else { if ((reference->ref_field->fld_dtype == dtype_sql_date) && (strlen(gpreGlob.sw_cob_dformat) != 0)) { - sprintf(output_buffer, "%sMOVE ZERO TO ISC-TEMP-QUAD-LOW\n", names[COLUMN]); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE ZERO TO ISC-TEMP-QUAD-LOW\n", + names[COLUMN]); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sMOVE %s TO ISC-TEMP-QUAD-HIGH\n", names[COLUMN], s); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s TO ISC-TEMP-QUAD-HIGH\n", + names[COLUMN], s); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sCALL \"rmc_ctod\" USING %s, ISC-TEMP-QUAD, \"%s\"\n", - names[COLUMN], reference->ref_value, gpreGlob.sw_cob_dformat); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_ctod\" USING %s, ISC-TEMP-QUAD, \"%s\"\n", + names[COLUMN], reference->ref_value, gpreGlob.sw_cob_dformat); RMC_print_buffer(output_buffer, false); } else { if ((reference->ref_field->fld_dtype == dtype_sql_time) && (strlen(gpreGlob.sw_cob_dformat) != 0)) { - sprintf(output_buffer, "%sMOVE ZERO TO ISC-TEMP-QUAD-HIGH\n", names[COLUMN]); + snprintf(output_buffer, sizeof(output_buffer), + "%sMOVE ZERO TO ISC-TEMP-QUAD-HIGH\n", names[COLUMN]); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sMOVE %s TO ISC-TEMP-QUAD-LOW\n", names[COLUMN], s); + snprintf(output_buffer, sizeof(output_buffer), + "%sMOVE %s TO ISC-TEMP-QUAD-LOW\n", names[COLUMN], s); RMC_print_buffer(output_buffer, false); - sprintf(output_buffer, "%sCALL \"rmc_ctod\" USING %s, ISC-TEMP-QUAD, \"%s\"\n", - names[COLUMN], reference->ref_value, gpreGlob.sw_cob_dformat); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_ctod\" USING %s, ISC-TEMP-QUAD, \"%s\"\n", + names[COLUMN], reference->ref_value, gpreGlob.sw_cob_dformat); RMC_print_buffer(output_buffer, false); } else { if (reference->ref_field->fld_dtype == dtype_cstring) { - sprintf(output_buffer, "%sCALL \"rmc_ctos\" USING %s GIVING %s\n", - names[COLUMN], s, reference->ref_value); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_ctos\" USING %s GIVING %s\n", + names[COLUMN], s, reference->ref_value); RMC_print_buffer(output_buffer, false); } else @@ -980,11 +999,11 @@ static void asgn_to_proc( const ref* reference) (reference->ref_field->fld_dtype == dtype_long) || (reference->ref_field->fld_dtype == dtype_int64)) { - sprintf(output_buffer, "%sCALL \"rmc_ctob\" USING %s GIVING %s\n", - names[COLUMN], s, s); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"rmc_ctob\" USING %s GIVING %s\n", names[COLUMN], s, s); RMC_print_buffer(output_buffer, false); } - sprintf(output_buffer, "%sMOVE %s TO %s\n", + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s TO %s\n", names[COLUMN], s, reference->ref_value); RMC_print_buffer(output_buffer, false); } @@ -1156,7 +1175,7 @@ static void gen_based( const act* action) default: { TEXT s[64]; - sprintf(s, "datatype %d unknown\n", field->fld_dtype); + snprintf(s, sizeof(s), "datatype %d unknown\n", field->fld_dtype); CPR_error(s); return; } @@ -1186,7 +1205,7 @@ static void gen_blob_close( const act* action) const TEXT* command = (action->act_type == ACT_blob_cancel) ? CANCEL : CLOSE; TEXT buffer[80]; - sprintf(buffer, ISC_BLOB, command); + snprintf(buffer, sizeof(buffer), ISC_BLOB, command); printa(names[COLUMN], true, "CALL \"%s\" USING %s, %s%d", buffer, @@ -1422,11 +1441,11 @@ static void gen_compile( const act* action) // cause other difficult to find memory corruption problems. This implies // that the user must issue a RELEASE_REQUESTS request before exiting any // subprogram in order to clean up its handles. - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, %s, %d, %s%d\n", - names[COLUMN], ISC_COMPILE_REQUEST, - status_vector(action), symbol->sym_string, - request->req_handle, request->req_length, - names[isc_a_pos], request->req_ident); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"%s\" USING %s, %s, %s, %d, %s%d\n", + names[COLUMN], ISC_COMPILE_REQUEST, + status_vector(action), symbol->sym_string, + request->req_handle, request->req_length, + names[isc_a_pos], request->req_ident); RMC_print_buffer(output_buffer, true); if (gpreGlob.sw_auto && action->act_error) @@ -1440,8 +1459,8 @@ static void gen_compile( const act* action) for (const blb* blob = request->req_blobs; blob; blob = blob->blb_next) { - sprintf(output_buffer, "%sMOVE 0 TO %s%d\n", - names[COLUMN], names[isc_a_pos], blob->blb_ident); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE 0 TO %s%d\n", + names[COLUMN], names[isc_a_pos], blob->blb_ident); RMC_print_buffer(output_buffer, false); } @@ -1461,11 +1480,11 @@ static void gen_create_database( const act* action) gpre_dbb* db = (gpre_dbb*) request->req_database; if (request) { - sprintf(s1, "%s%dL", names[isc_b_pos], request->req_ident); + snprintf(s1, sizeof(s1), "%s%dL", names[isc_b_pos], request->req_ident); if (request->req_flags & REQ_extend_dpb) - sprintf(s2, "%s%dp", names[isc_b_pos], request->req_ident); + snprintf(s2, sizeof(s2), "%s%dp", names[isc_b_pos], request->req_ident); else - sprintf(s2, "%s%d", names[isc_b_pos], request->req_ident); + snprintf(s2, sizeof(s2), "%s%d", names[isc_b_pos], request->req_ident); // if the dpb needs to be extended at runtime to include items // in host variables, do so here; this assumes that there is @@ -1475,73 +1494,58 @@ static void gen_create_database( const act* action) { if (request->req_length) { - sprintf(output_buffer, "%sMOVE %s%d to %s\n", - names[COLUMN], names[isc_b_pos], request->req_ident, s2); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s%d to %s\n", + names[COLUMN], names[isc_b_pos], request->req_ident, s2); } if (db->dbb_r_user) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, 28, %s\n", - names[COLUMN], - ISC_EXPAND_DPB, - s2, - s1, - db->dbb_r_user); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s, 28, %s\n", + names[COLUMN], ISC_EXPAND_DPB, s2, s1, db->dbb_r_user); RMC_print_buffer(output_buffer, true); } if (db->dbb_r_password) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, 29, %s\n", - names[COLUMN], - ISC_EXPAND_DPB, - s2, - s1, - db->dbb_r_password); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s, 29, %s\n", + names[COLUMN], ISC_EXPAND_DPB, s2, s1, db->dbb_r_password); RMC_print_buffer(output_buffer, true); } // Process Role Name, isc_dpb_sql_role_name/60 if (db->dbb_r_sql_role) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, 60, %s\n", - names[COLUMN], - ISC_EXPAND_DPB, - s2, - s1, - db->dbb_r_sql_role); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s, 60, %s\n", + names[COLUMN], ISC_EXPAND_DPB, s2, s1, db->dbb_r_sql_role); RMC_print_buffer(output_buffer, true); } if (db->dbb_r_lc_messages) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, 47, %s\n", - names[COLUMN], - ISC_EXPAND_DPB, - s2, - s1, - db->dbb_r_lc_messages); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s, 47, %s\n", + names[COLUMN], ISC_EXPAND_DPB, s2, s1, db->dbb_r_lc_messages); RMC_print_buffer(output_buffer, true); } if (db->dbb_r_lc_ctype) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s %s, 48, %s\n", - names[COLUMN], - ISC_EXPAND_DPB, - s2, - s1, - db->dbb_r_lc_ctype); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s %s, 48, %s\n", + names[COLUMN], ISC_EXPAND_DPB, s2, s1, db->dbb_r_lc_ctype); RMC_print_buffer(output_buffer, true); } } if (request->req_flags & REQ_extend_dpb) { - sprintf(s1Tmp, "%s", s1); - sprintf(s2Tmp, "%s", s2); + snprintf(s1Tmp, sizeof(s1Tmp), "%s", s1); + snprintf(s2Tmp, sizeof(s2Tmp), "%s", s2); } else { - sprintf(s2Tmp, "%s", s2); - sprintf(s1Tmp, "%d", request->req_length); + snprintf(s2Tmp, sizeof(s2Tmp), "%s", s2); + snprintf(s1Tmp, sizeof(s1Tmp), "%d", request->req_length); } } @@ -1552,17 +1556,18 @@ static void gen_create_database( const act* action) db->dbb_id = dbisc->dbb_id; } - sprintf(dbname, "%s%ddb", names[isc_b_pos], db->dbb_id); + snprintf(dbname, sizeof(dbname), "%s%ddb", names[isc_b_pos], db->dbb_id); - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %" SIZEFORMAT", %s, %s, %s, %s, 0\n", - names[COLUMN], - ISC_CREATE_DATABASE, - status_vector(action), - strlen(db->dbb_filename), - dbname, - db->dbb_name->sym_string, - request->req_length ? s1Tmp : OMITTED, - request->req_length ? s2Tmp : OMITTED); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %" SIZEFORMAT ", %s, %s, %s, %s, 0\n", + names[COLUMN], + ISC_CREATE_DATABASE, + status_vector(action), + strlen(db->dbb_filename), + dbname, + db->dbb_name->sym_string, + request->req_length ? s1Tmp : OMITTED, + request->req_length ? s2Tmp : OMITTED); RMC_print_buffer(output_buffer, true); // if the dpb was extended, free it here @@ -1571,15 +1576,18 @@ static void gen_create_database( const act* action) { if (request->req_length) { - sprintf(output_buffer, "if (%s != %s%d)", s2, names[isc_b_pos], request->req_ident); + snprintf(output_buffer, sizeof(output_buffer), "if (%s != %s%d)", s2, names[isc_b_pos], + request->req_ident); RMC_print_buffer(output_buffer, true); } - sprintf(output_buffer, "%sCALL \"%s\" USING %s\n", names[COLUMN], ISC_FREE, s2Tmp); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"%s\" USING %s\n", names[COLUMN], + ISC_FREE, s2Tmp); RMC_print_buffer(output_buffer, true); // reset the length of the dpb - sprintf(output_buffer, "%sMOVE %d to %s", names[COLUMN], request->req_length, s1); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %d to %s", names[COLUMN], + request->req_length, s1); RMC_print_buffer(output_buffer, true); } const bool save_sw_auto = gpreGlob.sw_auto; @@ -1688,7 +1696,8 @@ static void gen_database( const act* action) global_first_flag = true; - sprintf(output_buffer, "\n%s**** GDS Preprocessor Definitions ****\n\n", names[COMMENT]); + snprintf(output_buffer, sizeof(output_buffer), "\n%s**** GDS Preprocessor Definitions ****\n\n", + names[COMMENT]); RMC_print_buffer(output_buffer, false); printa(COLUMN8, false, "01 %s PIC S9(19) %s VALUE IS 0.", names[isc_blob_null_pos], USAGE_BINARY8); @@ -1929,11 +1938,11 @@ static void gen_ddl( const act* action) } - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, %s, %d, %s%d\n", - names[COLUMN], ISC_DDL, status_vector(action), - request->req_database->dbb_name->sym_string, - names[isc_trans_pos], request->req_length, - names[isc_a_pos], request->req_ident); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"%s\" USING %s, %s, %s, %d, %s%d\n", + names[COLUMN], ISC_DDL, status_vector(action), + request->req_database->dbb_name->sym_string, + names[isc_trans_pos], request->req_length, + names[isc_a_pos], request->req_ident); RMC_print_buffer(output_buffer, true); @@ -2122,7 +2131,7 @@ static void gen_dyn_immediate( const act* action) TEXT s[64]; const TEXT* s2 = "ISC-CONST-DYN-IMMEDL"; printa(names[COLUMN], true, GET_LEN_CALL_TEMPLATE, STRING_LENGTH, statement->dyn_string, s2); - sprintf(s, " %s,", s2); + snprintf(s, sizeof(s), " %s,", s2); if (gpreGlob.sw_auto) { @@ -2253,7 +2262,7 @@ static void gen_dyn_prepare( const act* action) TEXT s[MAX_CURSOR_SIZE], s3[80]; make_name_formatted(s, "ISC-CONST-%s", statement->dyn_statement_name); TEXT s2[MAX_CURSOR_SIZE + 1]; - sprintf(s2, "%sL", s); + snprintf(s2, sizeof(s2), "%sL", s); printa(names[COLUMN], true, GET_LEN_CALL_TEMPLATE, STRING_LENGTH, statement->dyn_string, s2); fb_utils::snprintf(s3, sizeof(s3), " %s,", s2); @@ -2304,10 +2313,12 @@ static void gen_emodify( const act* action) if (field->fld_dtype == dtype_blob || field->fld_dtype == dtype_quad || field->fld_dtype == dtype_date) { - sprintf(output_buffer, "%sCALL \"isc_qtoq\" USING %s, %s\n", names[COLUMN], s1, s2); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"isc_qtoq\" USING %s, %s\n", + names[COLUMN], s1, s2); } else - sprintf(output_buffer, "%sMOVE %s TO %s\n", names[COLUMN], s1, s2); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s TO %s\n", names[COLUMN], s1, + s2); RMC_print_buffer(output_buffer, true); if (field->fld_array_info) gen_get_or_put_slice(action, reference, false); @@ -2739,7 +2750,7 @@ static void gen_get_or_put_slice(const act* action, const ref* reference, bool g args.pat_value1 = reference->ref_sdl_length; // slice descr length TEXT s2[MAX_REF_SIZE]; - sprintf(s2, "%s%d", names[isc_a_pos], reference->ref_sdl_ident); // slice description + snprintf(s2, sizeof(s2), "%s%d", names[isc_a_pos], reference->ref_sdl_ident); // slice description args.pat_string3 = s2; args.pat_value2 = 0; // parameter length @@ -2754,7 +2765,8 @@ static void gen_get_or_put_slice(const act* action, const ref* reference, bool g } else { - sprintf(s4, "%s%dL", names[isc_a_pos], reference->ref_field->fld_array_info->ary_ident); + snprintf(s4, sizeof(s4), "%s%dL", names[isc_a_pos], + reference->ref_field->fld_array_info->ary_ident); args.pat_string5 = s4; // array name } @@ -2780,14 +2792,14 @@ static void gen_get_segment( const act* action) else blob = (blb*) action->act_object; - sprintf(output_buffer, GET_SEG_CALL_TEMPLATE, - names[COLUMN], - ISC_GET_SEGMENT, - names[isc_status_vector_pos], - names[isc_a_pos], blob->blb_ident, - names[isc_a_pos], blob->blb_len_ident, - blob->blb_seg_length, - names[isc_a_pos], blob->blb_buff_ident, names[isc_status_pos]); + snprintf(output_buffer, sizeof(output_buffer), GET_SEG_CALL_TEMPLATE, + names[COLUMN], + ISC_GET_SEGMENT, + names[isc_status_vector_pos], + names[isc_a_pos], blob->blb_ident, + names[isc_a_pos], blob->blb_len_ident, + blob->blb_seg_length, + names[isc_a_pos], blob->blb_buff_ident, names[isc_status_pos]); RMC_print_buffer(output_buffer, true); @@ -2946,13 +2958,13 @@ static void gen_put_segment( const act* action) blob = (blb*) action->act_object; - sprintf(output_buffer, PUT_SEG_CALL_TEMPLATE, - names[COLUMN], - ISC_PUT_SEGMENT, - status_vector(action), - names[isc_a_pos], blob->blb_ident, - names[isc_a_pos], blob->blb_len_ident, - names[isc_a_pos], blob->blb_buff_ident, names[isc_status_pos]); + snprintf(output_buffer, sizeof(output_buffer), PUT_SEG_CALL_TEMPLATE, + names[COLUMN], + ISC_PUT_SEGMENT, + status_vector(action), + names[isc_a_pos], blob->blb_ident, + names[isc_a_pos], blob->blb_len_ident, + names[isc_a_pos], blob->blb_buff_ident, names[isc_status_pos]); RMC_print_buffer(output_buffer, true); set_sqlcode(action); @@ -2982,7 +2994,8 @@ static void gen_raw(const UCHAR* blr, req_t request_type, int request_length, in strcpy(s, COLUMN12); strcat(s, RAW_BLR_TEMPLATE); strcat(s, "\n"); - sprintf(output_buffer, s, names[isc_a_pos], ident, names[UNDER], length++, ltemp); + snprintf(output_buffer, sizeof(output_buffer), s, names[isc_a_pos], ident, names[UNDER], + length++, ltemp); RMC_print_buffer(output_buffer, false); ltemp = 0; offset = 24; @@ -3006,7 +3019,8 @@ static void gen_raw(const UCHAR* blr, req_t request_type, int request_length, in strcpy(s, COLUMN12); strcat(s, RAW_BLR_TEMPLATE); strcat(s, "\n"); - sprintf(output_buffer, s, names[isc_a_pos], ident, names[UNDER], length++, ltemp); + snprintf(output_buffer, sizeof(output_buffer), s, names[isc_a_pos], ident, names[UNDER], + length++, ltemp); RMC_print_buffer(output_buffer, false); } @@ -3038,7 +3052,7 @@ static void gen_ready( const act* action) if (filename) { namelength = static_cast(strlen(filename)); - sprintf(dbname, "%s%ddb", names[isc_b_pos], dbisc->dbb_id); + snprintf(dbname, sizeof(dbname), "%s%ddb", names[isc_b_pos], dbisc->dbb_id); filename = dbname; } else @@ -3051,7 +3065,7 @@ static void gen_ready( const act* action) if (ready->rdy_id) { - sprintf(dbname, "%s%ddb", names[isc_b_pos], ready->rdy_id); + snprintf(dbname, sizeof(dbname), "%s%ddb", names[isc_b_pos], ready->rdy_id); filename = dbname; namelength -= 2; } @@ -3132,15 +3146,15 @@ static void gen_release( const act* action) static void gen_receive( const act* action, const gpre_port* port) { const gpre_req* request = action->act_request; - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, %d, %d, %s%d, %s\n", - names[COLUMN], - ISC_RECEIVE, - status_vector(action), - request->req_handle, - port->por_msg_number, - port->por_length, - names[isc_a_pos], port->por_ident, - request->req_request_level); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"%s\" USING %s, %s, %d, %d, %s%d, %s\n", + names[COLUMN], + ISC_RECEIVE, + status_vector(action), + request->req_handle, + port->por_msg_number, + port->por_length, + names[isc_a_pos], port->por_ident, + request->req_request_level); RMC_print_buffer(output_buffer, true); set_sqlcode(action); @@ -3414,15 +3428,15 @@ static void gen_send( const act* action, const gpre_port* port) { const gpre_req* request = action->act_request; - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, %d, %d, %s%d, %s\n", - names[COLUMN], - ISC_SEND, - status_vector(action), - request->req_handle, - port->por_msg_number, - port->por_length, - names[isc_a_pos], port->por_ident, - request->req_request_level); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"%s\" USING %s, %s, %d, %d, %s%d, %s\n", + names[COLUMN], + ISC_SEND, + status_vector(action), + request->req_handle, + port->por_msg_number, + port->por_length, + names[isc_a_pos], port->por_ident, + request->req_request_level); RMC_print_buffer(output_buffer, true); set_sqlcode(action); @@ -3562,25 +3576,26 @@ static void gen_start( const act* action, const gpre_port* port) gen_get_or_put_slice(action, reference, false); } - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, %s, %d, %d, %s%d, %s\n", - names[COLUMN], - ISC_START_AND_SEND, - vector, - request->req_handle, - request_trans(action, request), - port->por_msg_number, - port->por_length, - names[isc_a_pos], port->por_ident, - request->req_request_level); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s, %s, %d, %d, %s%d, %s\n", + names[COLUMN], + ISC_START_AND_SEND, + vector, + request->req_handle, + request_trans(action, request), + port->por_msg_number, + port->por_length, + names[isc_a_pos], port->por_ident, + request->req_request_level); } else - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, %s, %s\n", - names[COLUMN], - ISC_START_REQUEST, - vector, - request->req_handle, - request_trans(action, request), - request->req_request_level); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"%s\" USING %s, %s, %s, %s\n", + names[COLUMN], + ISC_START_REQUEST, + vector, + request->req_handle, + request_trans(action, request), + request->req_request_level); RMC_print_buffer(output_buffer, true); @@ -3645,7 +3660,7 @@ static void gen_t_start( const act* action) const USHORT namelength = static_cast(filename ? strlen(filename) : 0); if (filename) { - sprintf(dbname, "%s%ddb", names[isc_b_pos], db->dbb_id); + snprintf(dbname, sizeof(dbname), "%s%ddb", names[isc_b_pos], db->dbb_id); filename = dbname; } make_ready(db, filename, status_vector(action), 0, namelength); @@ -3715,8 +3730,8 @@ static void gen_tpb(const tpb* tpb_buffer) names[UNDER], length++, ltemp); - sprintf(output_buffer, "%sEnd of data for %s%d\n", - names[COMMENT], names[isc_tpb_pos], tpb_buffer->tpb_ident); + snprintf(output_buffer, sizeof(output_buffer), "%sEnd of data for %s%d\n", + names[COMMENT], names[isc_tpb_pos], tpb_buffer->tpb_ident); RMC_print_buffer(output_buffer, false); } @@ -3867,10 +3882,10 @@ static void make_array_declaration( ref* reference) } TEXT string1[256]; - TEXT* p = string1; const int dimension_size = dimension->dim_upper - dimension->dim_lower + 1; - sprintf(p, "%02d %s%d OCCURS %d TIMES ", - i, names[isc_a_pos], field->fld_array_info->ary_ident, dimension_size); + snprintf(string1, sizeof(string1), "%02d %s%d OCCURS %d TIMES ", + i, names[isc_a_pos], field->fld_array_info->ary_ident, dimension_size); + TEXT* p = string1; while (*p) p++; @@ -3894,16 +3909,16 @@ static void make_array_declaration( ref* reference) if (scale >= -digits && scale <= 0) { if (scale > -digits) - sprintf(p, "9(%d)", digits + scale); + snprintf(p, sizeof(string1) - (p - string1), "9(%d)", digits + scale); while (*p) p++; if (scale) - sprintf(p, "V9(%d)", digits - (digits + scale)); + snprintf(p, sizeof(string1) - (p - string1), "V9(%d)", digits - (digits + scale)); } else if (scale > 0) - sprintf(p, "9(%d)P(%d)", digits, scale); + snprintf(p, sizeof(string1) - (p - string1), "9(%d)P(%d)", digits, scale); else - sprintf(p, "VP(%d)9(%d)", -(scale + digits), digits); + snprintf(p, sizeof(string1) - (p - string1), "VP(%d)9(%d)", -(scale + digits), digits); while (*p) p++; if (field->fld_array_info->ary_dtype == dtype_short) @@ -3919,7 +3934,7 @@ static void make_array_declaration( ref* reference) case dtype_cstring: case dtype_text: case dtype_varying: - sprintf(p, "PIC X(%d).", field->fld_array->fld_length); + snprintf(p, sizeof(string1) - (p - string1), "PIC X(%d).", field->fld_array->fld_length); break; case dtype_date: @@ -3936,13 +3951,14 @@ static void make_array_declaration( ref* reference) break; case dtype_quad: - sprintf(p, "PIC S9(%d)", 19 + field->fld_array->fld_scale); + snprintf(p, sizeof(string1) - (p - string1), "PIC S9(%d)", + 19 + field->fld_array->fld_scale); while (*p) p++; if (field->fld_array->fld_scale < 0) - sprintf(p, "V9(%d)", -field->fld_array->fld_scale); + snprintf(p, sizeof(string1) - (p - string1), "V9(%d)", -field->fld_array->fld_scale); else if (field->fld_array->fld_scale > 0) - sprintf(p, "P(%d)", field->fld_array->fld_scale); + snprintf(p, sizeof(string1) - (p - string1), "P(%d)", field->fld_array->fld_scale); while (*p) p++; strcpy(p, USAGE_BINARY8); @@ -3964,16 +3980,16 @@ static void make_array_declaration( ref* reference) if (scale >= -digits && scale <= 0) { if (scale > -digits) - sprintf(p, "9(%d)", digits + scale); + snprintf(p, sizeof(string1) - (p - string1), "9(%d)", digits + scale); while (*p) p++; if (scale) - sprintf(p, "V9(%d)", digits - (digits + scale)); + snprintf(p, sizeof(string1) - (p - string1), "V9(%d)", digits - (digits + scale)); } else if (scale > 0) - sprintf(p, "9(%d)P(%d)", digits, scale); + snprintf(p, sizeof(string1) - (p - string1), "9(%d)P(%d)", digits, scale); else - sprintf(p, "VP(%d)9(%d)", -(scale + digits), digits); + snprintf(p, sizeof(string1) - (p - string1), "VP(%d)9(%d)", -(scale + digits), digits); while (*p) p++; strcpy(p, (field->fld_array_info->ary_dtype == dtype_real) ? USAGE_BINARY4 : USAGE_BINARY8); @@ -4165,11 +4181,11 @@ static void make_ready(const gpre_dbb* db, if (request) { - sprintf(s1, "%s%dL", names[isc_b_pos], request->req_ident); + snprintf(s1, sizeof(s1), "%s%dL", names[isc_b_pos], request->req_ident); if (request->req_flags & REQ_extend_dpb) - sprintf(s2, "%s%dp", names[isc_b_pos], request->req_ident); + snprintf(s2, sizeof(s2), "%s%dp", names[isc_b_pos], request->req_ident); else - sprintf(s2, "%s%d", names[isc_b_pos], request->req_ident); + snprintf(s2, sizeof(s2), "%s%d", names[isc_b_pos], request->req_ident); // if the dpb needs to be extended at runtime to include items // in host variables, do so here; this assumes that there is @@ -4179,102 +4195,85 @@ static void make_ready(const gpre_dbb* db, { if (request->req_length) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s%d GIVING %s\n", - names[COLUMN], - ISC_BADDRESS, - names[isc_b_pos], - request->req_ident, - s2); - //sprintf(output_buffer, "%sMOVE %s%d to %s\n", + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s%d GIVING %s\n", + names[COLUMN], ISC_BADDRESS, names[isc_b_pos], request->req_ident, s2); + //snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %s%d to %s\n", // names[COLUMN], names[isc_b_pos], request->req_ident, s2); } else - sprintf(output_buffer, "%sMOVE 0 TO %s\n", names[COLUMN], s2); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE 0 TO %s\n", names[COLUMN], + s2); RMC_print_buffer(output_buffer, true); if (db->dbb_r_user) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, 28, %s\n", - names[COLUMN], - ISC_EXPAND_DPB, - s2, - s1, - db->dbb_r_user); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s, 28, %s\n", + names[COLUMN], ISC_EXPAND_DPB, s2, s1, db->dbb_r_user); RMC_print_buffer(output_buffer, true); } if (db->dbb_r_password) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, 29, %s\n", - names[COLUMN], - ISC_EXPAND_DPB, - s2, - s1, - db->dbb_r_password); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s, 29, %s\n", + names[COLUMN], ISC_EXPAND_DPB, s2, s1, db->dbb_r_password); RMC_print_buffer(output_buffer, true); } // Process Role Name, isc_dpb_sql_role_name/60 if (db->dbb_r_sql_role) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, 60, %s\n", - names[COLUMN], - ISC_EXPAND_DPB, - s2, - s1, - db->dbb_r_sql_role); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s, 60, %s\n", + names[COLUMN], ISC_EXPAND_DPB, s2, s1, db->dbb_r_sql_role); RMC_print_buffer(output_buffer, true); } if (db->dbb_r_lc_messages) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %s, 47, %s\n", - names[COLUMN], - ISC_EXPAND_DPB, - s2, - s1, - db->dbb_r_lc_messages); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s, %s, 47, %s\n", + names[COLUMN], ISC_EXPAND_DPB, s2, s1, db->dbb_r_lc_messages); RMC_print_buffer(output_buffer, true); } if (db->dbb_r_lc_ctype) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s %s, 48, %s\n", - names[COLUMN], - ISC_EXPAND_DPB, - s2, - s1, - db->dbb_r_lc_ctype); + snprintf(output_buffer, sizeof(output_buffer), + "%sCALL \"%s\" USING %s %s, 48, %s\n", + names[COLUMN], ISC_EXPAND_DPB, s2, s1, db->dbb_r_lc_ctype); RMC_print_buffer(output_buffer, true); } } if (request->req_flags & REQ_extend_dpb) { - sprintf(s1Tmp, "%s", s1); - sprintf(s2Tmp, "%s", s2); + snprintf(s1Tmp, sizeof(s1Tmp), "%s", s1); + snprintf(s2Tmp, sizeof(s2Tmp), "%s", s2); } else { - sprintf(s2Tmp, "%s", s2); - sprintf(s1Tmp, "%d", request->req_length); + snprintf(s2Tmp, sizeof(s2Tmp), "%s", s2); + snprintf(s1Tmp, sizeof(s1Tmp), "%d", request->req_length); } } TEXT dbname[128]; if (!filename) { - sprintf(dbname, "%s%ddb", names[isc_b_pos], dbisc->dbb_id); + snprintf(dbname, sizeof(dbname), "%s%ddb", names[isc_b_pos], dbisc->dbb_id); filename = dbname; namelength = static_cast(strlen(db->dbb_filename)); } - sprintf(output_buffer, "%sCALL \"%s\" USING %s, %d, %s, %s, %s, %s\n", - names[COLUMN], - ISC_ATTACH_DATABASE, - vector, - namelength, - filename, - db->dbb_name->sym_string, - request ? s1Tmp : OMITTED, request ? s2Tmp : OMITTED); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"%s\" USING %s, %d, %s, %s, %s, %s\n", + names[COLUMN], + ISC_ATTACH_DATABASE, + vector, + namelength, + filename, + db->dbb_name->sym_string, + request ? s1Tmp : OMITTED, request ? s2Tmp : OMITTED); RMC_print_buffer(output_buffer, true); @@ -4285,32 +4284,34 @@ static void make_ready(const gpre_dbb* db, { if (request->req_length) { - sprintf(output_buffer, "%sCALL \"%s\" USING %s%d GIVING %s1\n", - names[COLUMN], - ISC_BADDRESS, - names[isc_b_pos], - request->req_ident, - s2); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"%s\" USING %s%d GIVING %s1\n", + names[COLUMN], + ISC_BADDRESS, + names[isc_b_pos], + request->req_ident, + s2); RMC_print_buffer(output_buffer, true); - sprintf(output_buffer, "%sIF %s NOT = %s1 THEN\n", - names[COLUMN], - s2, - s2); + snprintf(output_buffer, sizeof(output_buffer), "%sIF %s NOT = %s1 THEN\n", + names[COLUMN], + s2, + s2); //"if (%s != %s%d)", s2, names[isc_b_pos], request->req_ident); RMC_print_buffer(output_buffer, true); } - sprintf(output_buffer, "%sCALL \"%s\" USING %s\n", names[COLUMN], ISC_FREE, s2Tmp); + snprintf(output_buffer, sizeof(output_buffer), "%sCALL \"%s\" USING %s\n", names[COLUMN], + ISC_FREE, s2Tmp); RMC_print_buffer(output_buffer, true); if (request->req_length) { - sprintf(output_buffer, "%sEND-IF\n", names[COLUMN]); + snprintf(output_buffer, sizeof(output_buffer), "%sEND-IF\n", names[COLUMN]); RMC_print_buffer(output_buffer, true); } // reset the length of the dpb - sprintf(output_buffer, "%sMOVE %d to %s\n", names[COLUMN], request->req_length, s1); + snprintf(output_buffer, sizeof(output_buffer), "%sMOVE %d to %s\n", names[COLUMN], + request->req_length, s1); RMC_print_buffer(output_buffer, true); } } @@ -4330,7 +4331,7 @@ static void printa(const TEXT* column, bool call, const TEXT* string, ...) strcpy(s, column); strcat(s, string); strcat(s, "\n"); - vsprintf(output_buffer, s, ptr); + vsnprintf(output_buffer, sizeof(output_buffer), s, ptr); va_end(ptr); RMC_print_buffer(output_buffer, call); } @@ -4444,7 +4445,7 @@ static void t_start_auto(const gpre_req* request, const USHORT namelength = static_cast(filename ? strlen(filename) : 0); if (filename) { - sprintf(dbname, "%s%ddb", names[isc_b_pos], db->dbb_id); + snprintf(dbname, sizeof(dbname), "%s%ddb", names[isc_b_pos], db->dbb_id); filename = dbname; } make_ready(db, filename, vector, 0, namelength); diff --git a/src/gpre/obj_cxx.cpp b/src/gpre/obj_cxx.cpp index 8eda92d666f..81973fd2576 100644 --- a/src/gpre/obj_cxx.cpp +++ b/src/gpre/obj_cxx.cpp @@ -859,7 +859,7 @@ static void gen_based( const act* action, int column) default: { TEXT s[MAX_CURSOR_SIZE]; - sprintf(s, "datatype %d unknown\n", field->fld_dtype); + snprintf(s, sizeof(s), "datatype %d unknown\n", field->fld_dtype); CPR_error(s); return; } @@ -969,7 +969,7 @@ static void gen_blob_end( const act* action, USHORT column) args.pat_blob = (const blb*) action->act_object; if (action->act_error) { - sprintf(s1, "%s2", global_status_name); + snprintf(s1, sizeof(s1), "%s2", global_status_name); args.pat_vector1 = s1; } else @@ -1252,12 +1252,12 @@ static void gen_create_database( const act* action, int column) const gpre_req* request = ((const mdbb*) action->act_object)->mdbb_dpb_request; const gpre_dbb* db = request->req_database; - sprintf(s1, "fb_%dl", request->req_ident); - sprintf(trname, "fb_%dt", request->req_ident); + snprintf(s1, sizeof(s1), "fb_%dl", request->req_ident); + snprintf(trname, sizeof(trname), "fb_%dt", request->req_ident); if (request->req_flags & REQ_extend_dpb) { - sprintf(s2, "fb_%dp", request->req_ident); + snprintf(s2, sizeof(s2), "fb_%dp", request->req_ident); if (request->req_length) printa(column, "%s = fb_%d;", s2, request->req_ident); else @@ -1273,7 +1273,7 @@ static void gen_create_database( const act* action, int column) db->dbb_r_lc_ctype ? db->dbb_r_lc_ctype : "(char*) 0"); } else - sprintf(s2, "fb_%d", request->req_ident); + snprintf(s2, sizeof(s2), "fb_%d", request->req_ident); PAT args; args.pat_vector1 = status_vector(action); @@ -2160,7 +2160,7 @@ static void gen_event_wait( const act* action, int column) if (ident < 0) { - sprintf(s, "event handle \"%s\" not found", event_name->sym_string); + snprintf(s, sizeof(s), "event handle \"%s\" not found", event_name->sym_string); CPR_error(s); return; } @@ -2461,7 +2461,7 @@ static void gen_get_or_put_slice(const act* action, const ref* reference, bool g gen_name(s1, reference, true); // blob handle args.pat_string2 = s1; args.pat_value1 = reference->ref_sdl_length; // slice description length - sprintf(s2, "fb_%d", reference->ref_sdl_ident); // slice description + snprintf(s2, sizeof(s2), "fb_%d", reference->ref_sdl_ident); // slice description args.pat_string3 = s2; args.pat_long1 = reference->ref_field->fld_array_info->ary_size; @@ -2472,7 +2472,7 @@ static void gen_get_or_put_slice(const act* action, const ref* reference, bool g args.pat_string5 = reference->ref_value; else { - sprintf(s4, "fb_%d", reference->ref_field->fld_array_info->ary_ident); + snprintf(s4, sizeof(s4), "fb_%d", reference->ref_field->fld_array_info->ary_ident); args.pat_string5 = s4; // array name } @@ -2711,9 +2711,9 @@ static void gen_raw(const UCHAR* blr, int request_length) { const TEXT c = *blr++; if ((c >= 'A' && c <= 'Z') || c == '$' || c == '_') - sprintf(p, "'%c'", c); + snprintf(p, sizeof(buffer) - (p - buffer), "'%c'", c); else - sprintf(p, "%d", c); + snprintf(p, sizeof(buffer) - (p - buffer), "%d", c); while (*p) p++; if (count - 1) @@ -3410,7 +3410,8 @@ static void gen_tpb(const tpb* tpb_buffer, int column) for (length = 0; length < column; length++) *p++ = ' '; - sprintf(p, "fb_tpb_%d [%d] = {", tpb_buffer->tpb_ident, tpb_buffer->tpb_length); + snprintf(p, sizeof(buffer) - (p - buffer), "fb_tpb_%d [%d] = {", tpb_buffer->tpb_ident, + tpb_buffer->tpb_length); while (*p) p++; @@ -3421,9 +3422,9 @@ static void gen_tpb(const tpb* tpb_buffer, int column) { const TEXT c = *text++; if ((c >= 'A' && c <= 'Z') || c == '$' || c == '_') - sprintf(p, "'%c'", c); + snprintf(p, sizeof(buffer) - (p - buffer), "'%c'", c); else - sprintf(p, "%d", c); + snprintf(p, sizeof(buffer) - (p - buffer), "%d", c); while (*p) p++; if (tpb_length) @@ -3818,12 +3819,12 @@ static void make_ready(const gpre_dbb* db, if (request) { - sprintf(s1, "fb_%dl", request->req_ident); + snprintf(s1, sizeof(s1), "fb_%dl", request->req_ident); if (request->req_flags & REQ_extend_dpb) - sprintf(s2, "fb_%dp", request->req_ident); + snprintf(s2, sizeof(s2), "fb_%dp", request->req_ident); else - sprintf(s2, "fb_%d", request->req_ident); + snprintf(s2, sizeof(s2), "fb_%d", request->req_ident); // if the dpb needs to be extended at runtime to include items // in host variables, do so here; this assumes that there is diff --git a/src/gpre/pat.cpp b/src/gpre/pat.cpp index e12ee1a0986..d80b6ccd2b9 100644 --- a/src/gpre/pat.cpp +++ b/src/gpre/pat.cpp @@ -394,7 +394,8 @@ void PATTERN_expand( USHORT column, const TEXT* pattern, PAT* args) break; default: - sprintf(buffer, "Unknown substitution \"%c%c\"", pattern[-2], pattern[-1]); + snprintf(buffer, sizeof(buffer), "Unknown substitution \"%c%c\"", pattern[-2], + pattern[-1]); CPR_error(buffer); continue; } @@ -419,19 +420,21 @@ void PATTERN_expand( USHORT column, const TEXT* pattern, PAT* args) if (sw_ident) { if (long_flag) - sprintf(p, gpreGlob.long_ident_pattern, long_value); + snprintf(p, sizeof(buffer) - (p - buffer), gpreGlob.long_ident_pattern, long_value); else - sprintf(p, gpreGlob.ident_pattern, value); + snprintf(p, sizeof(buffer) - (p - buffer), gpreGlob.ident_pattern, value); } else if (reference) { if (!reference->ref_port) - sprintf(p, gpreGlob.ident_pattern, reference->ref_ident); + snprintf(p, sizeof(buffer) - (p - buffer), gpreGlob.ident_pattern, + reference->ref_ident); else { TEXT temp1[16], temp2[16]; - sprintf(temp1, gpreGlob.ident_pattern, reference->ref_port->por_ident); - sprintf(temp2, gpreGlob.ident_pattern, reference->ref_ident); + snprintf(temp1, sizeof(temp1), gpreGlob.ident_pattern, + reference->ref_port->por_ident); + snprintf(temp2, sizeof(temp2), gpreGlob.ident_pattern, reference->ref_ident); switch (gpreGlob.sw_language) { case lang_fortran: @@ -440,15 +443,16 @@ void PATTERN_expand( USHORT column, const TEXT* pattern, PAT* args) break; default: - sprintf(p, "%s.%s", temp1, temp2); + snprintf(p, sizeof(buffer) - (p - buffer), "%s.%s", temp1, temp2); + break; } } } else if (long_flag) { - sprintf(p, "%" SLONGFORMAT, long_value); + snprintf(p, sizeof(buffer) - (p - buffer), "%" SLONGFORMAT, long_value); } else { - sprintf(p, "%d", value); + snprintf(p, sizeof(buffer) - (p - buffer), "%d", value); } while (*p) diff --git a/src/gpre/sqe.cpp b/src/gpre/sqe.cpp index 559636a1ce4..709129e4423 100644 --- a/src/gpre/sqe.cpp +++ b/src/gpre/sqe.cpp @@ -220,7 +220,6 @@ gpre_nod* SQE_boolean( gpre_req* request, USHORT* paren_count) gpre_ctx* SQE_context(gpre_req* request) { SCHAR r_name[NAME_SIZE], db_name[NAME_SIZE], owner_name[NAME_SIZE]; - SCHAR s[ERROR_LENGTH]; assert_IS_REQ(request); @@ -255,10 +254,11 @@ gpre_ctx* SQE_context(gpre_req* request) } else { + SCHAR s[ERROR_LENGTH]; if (owner_name[0]) - sprintf(s, "table %s.%s not defined", owner_name, r_name); + snprintf(s, sizeof(s), "table %s.%s not defined", owner_name, r_name); else - sprintf(s, "table %s not defined", r_name); + snprintf(s, sizeof(s), "table %s not defined", r_name); PAR_error(s); } @@ -306,8 +306,10 @@ gpre_ctx* SQE_context(gpre_req* request) break; default: error_type = "context"; + break; } + SCHAR s[ERROR_LENGTH]; fb_utils::snprintf(s, sizeof(s), "context %s conflicts with a %s in the same statement", gpreGlob.token_global.tok_string, error_type); PAR_error(s); diff --git a/src/gpre/sql.cpp b/src/gpre/sql.cpp index 5f73dc7eba1..d187e4b39cd 100644 --- a/src/gpre/sql.cpp +++ b/src/gpre/sql.cpp @@ -853,8 +853,6 @@ gpre_prc* SQL_procedure(gpre_req* request, const TEXT* owner_string, bool err_flag) { - SCHAR s[ERROR_LENGTH]; - if (db_string && db_string[0]) { // a database was specified for the procedure @@ -890,8 +888,8 @@ gpre_prc* SQL_procedure(gpre_req* request, if (procedure) { // relation was found in more than one database - - sprintf(s, "PROCEDURE %s is ambiguous", prc_string); + SCHAR s[ERROR_LENGTH]; + snprintf(s, sizeof(s), "PROCEDURE %s is ambiguous", prc_string); PAR_error(s); } else @@ -907,10 +905,11 @@ gpre_prc* SQL_procedure(gpre_req* request, { if (!err_flag) return NULL; + SCHAR s[ERROR_LENGTH]; if (owner_string[0]) - sprintf(s, "PROCEDURE %s.%s not defined", owner_string, prc_string); + snprintf(s, sizeof(s), "PROCEDURE %s.%s not defined", owner_string, prc_string); else - sprintf(s, "PROCEDURE %s not defined", prc_string); + snprintf(s, sizeof(s), "PROCEDURE %s not defined", prc_string); PAR_error(s); } @@ -947,7 +946,6 @@ gpre_rel* SQL_relation(gpre_req* request, request->req_database = (gpre_dbb*) symbol->sym_object; } - SCHAR s[ERROR_LENGTH]; gpre_rel* relation = NULL; if (request->req_database) @@ -966,8 +964,8 @@ gpre_rel* SQL_relation(gpre_req* request, if (relation) { // relation was found in more than one database - - sprintf(s, "TABLE %s is ambiguous", rel_string); + SCHAR s[ERROR_LENGTH]; + snprintf(s, sizeof(s), "TABLE %s is ambiguous", rel_string); PAR_error(s); } else @@ -983,10 +981,11 @@ gpre_rel* SQL_relation(gpre_req* request, { if (!err_flag) return (NULL); + SCHAR s[ERROR_LENGTH]; if (owner_string[0]) - sprintf(s, "TABLE %s.%s not defined", owner_string, rel_string); + snprintf(s, sizeof(s), "TABLE %s.%s not defined", owner_string, rel_string); else - sprintf(s, "TABLE %s not defined", rel_string); + snprintf(s, sizeof(s), "TABLE %s not defined", rel_string); PAR_error(s); } @@ -1988,9 +1987,9 @@ static act* act_create_shadow() if (!length && !file->fil_start) { TEXT err_string[1024]; - sprintf(err_string, - "Preceding file did not specify length, so %s must include starting page number", - file->fil_name); + snprintf(err_string, sizeof(err_string), + "Preceding file did not specify length, so %s must include starting page number", + file->fil_name); PAR_error(err_string); } length = file->fil_length; @@ -3017,8 +3016,8 @@ static act* act_execute() if (gpreGlob.isc_databases && gpreGlob.isc_databases->dbb_next) { TEXT s[ERROR_LENGTH]; - sprintf(s, "Executing dynamic SQL statement in context of database %s", - gpreGlob.isc_databases->dbb_name->sym_string); + snprintf(s, sizeof(s), "Executing dynamic SQL statement in context of database %s", + gpreGlob.isc_databases->dbb_name->sym_string); CPR_warn(s); } dyn* statement = (dyn*) MSC_alloc(DYN_LEN); @@ -3250,7 +3249,6 @@ static act* act_grant_revoke(act_t type) gpre_usn* usernames = 0; gpre_usn* user = 0; USHORT user_dyn = 0; - SCHAR s[ERROR_LENGTH]; while (true) { @@ -3266,7 +3264,8 @@ static act* act_grant_revoke(act_t type) SQL_relation_name(r_name, db_name, owner_name); if (!MET_trigger_exists(request->req_database, r_name)) { - sprintf(s, "TRIGGER %s not defined", r_name); + SCHAR s[ERROR_LENGTH]; + snprintf(s, sizeof(s), "TRIGGER %s not defined", r_name); PAR_error(s); } user_dyn = isc_dyn_grant_trig; @@ -3277,7 +3276,8 @@ static act* act_grant_revoke(act_t type) SQL_relation_name(r_name, db_name, owner_name); if (!MET_get_view_relation(request, r_name, relation_name->str_string, 0)) { - sprintf(s, "VIEW %s not defined on table %s", r_name, relation_name->str_string); + SCHAR s[ERROR_LENGTH]; + snprintf(s, sizeof(s), "VIEW %s not defined on table %s", r_name, relation_name->str_string); PAR_error(s); } user_dyn = isc_dyn_grant_view; @@ -4181,16 +4181,17 @@ static act* act_set_dialect() gpreGlob.sw_ods_version < 10) { char warn_mesg[100]; - sprintf(warn_mesg, "Pre 6.0 database. Cannot use dialect %d, Resetting to %d\n", - dialect, SQL_DIALECT_V5); + snprintf(warn_mesg, sizeof(warn_mesg), + "Pre 6.0 database. Cannot use dialect %d, Resetting to %d\n", dialect, SQL_DIALECT_V5); dialect = SQL_DIALECT_V5; CPR_warn(warn_mesg); } else if (gpreGlob.isc_databases && dialect != gpreGlob.compiletime_db_dialect) { char warn_mesg[100]; - sprintf(warn_mesg, "Client dialect set to %d. Compiletime database dialect is %d\n", - dialect, gpreGlob.compiletime_db_dialect); + snprintf(warn_mesg, sizeof(warn_mesg), + "Client dialect set to %d. Compiletime database dialect is %d\n", + dialect, gpreGlob.compiletime_db_dialect); CPR_warn(warn_mesg); } @@ -6459,15 +6460,16 @@ static USHORT resolve_dtypes(kwwords_t typ, bool sql_date) case 1: return dtype_timestamp; case 2: - sprintf(err_mesg, "Encountered column type DATE which is ambiguous in dialect %d\n", - gpreGlob.sw_sql_dialect); + snprintf(err_mesg, sizeof(err_mesg), + "Encountered column type DATE which is ambiguous in dialect %d\n", + gpreGlob.sw_sql_dialect); PAR_error(err_mesg); return dtype_unknown; // TMN: FIX FIX - // return; + default: - sprintf(err_mesg, - "Encountered column type DATE which is not supported in ods version %d\n", - gpreGlob.sw_ods_version); + snprintf(err_mesg, sizeof(err_mesg), + "Encountered column type DATE which is not supported in ods version %d\n", + gpreGlob.sw_ods_version); PAR_error(err_mesg); } else @@ -6481,8 +6483,9 @@ static USHORT resolve_dtypes(kwwords_t typ, bool sql_date) case 1: return dtype_timestamp; case 2: - sprintf(err_mesg, "Encountered column type DATE which is ambiguous in dialect %d\n", - gpreGlob.sw_sql_dialect); + snprintf(err_mesg, sizeof(err_mesg), + "Encountered column type DATE which is ambiguous in dialect %d\n", + gpreGlob.sw_sql_dialect); PAR_error(err_mesg); return dtype_unknown; // TMN: FIX FIX // return; @@ -6495,8 +6498,8 @@ static USHORT resolve_dtypes(kwwords_t typ, bool sql_date) case KW_TIME: if ((gpreGlob.sw_ods_version < 10) || (gpreGlob.sw_server_version < 6)) { - sprintf(err_mesg, - "Encountered column type TIME which is not supported by pre 6.0 Servers\n"); + snprintf(err_mesg, sizeof(err_mesg), + "Encountered column type TIME which is not supported by pre 6.0 Servers\n"); PAR_error(err_mesg); return dtype_unknown; // TMN: FIX FIX // return; @@ -6507,7 +6510,7 @@ static USHORT resolve_dtypes(kwwords_t typ, bool sql_date) return dtype_timestamp; default: - sprintf(err_mesg, "resolve_dtypes(): Unknown dtype %d\n", typ); + snprintf(err_mesg, sizeof(err_mesg), "resolve_dtypes(): Unknown dtype %d\n", typ); PAR_error(err_mesg); break; } @@ -6827,9 +6830,7 @@ void SQL_resolve_identifier( const TEXT* err_mesg, TEXT* str_in, int in_size) void SQL_dialect1_bad_type(USHORT field_dtype) { - char buffer[200]; - const char* s = "unknown"; - + const char* s; switch (field_dtype) { case dtype_sql_date: @@ -6841,7 +6842,12 @@ void SQL_dialect1_bad_type(USHORT field_dtype) case dtype_int64: s = "64-bit numeric"; break; + default: + s = "unknown"; + break; } - sprintf(buffer, "Client SQL dialect 1 does not support reference to the %s datatype", s); + char buffer[200]; + snprintf(buffer, sizeof(buffer), + "Client SQL dialect 1 does not support reference to the %s datatype", s); PAR_error(buffer); } diff --git a/src/gpre/std/gpre_meta.epp b/src/gpre/std/gpre_meta.epp index 4949a3bff0d..deaf4cf7201 100644 --- a/src/gpre/std/gpre_meta.epp +++ b/src/gpre/std/gpre_meta.epp @@ -259,8 +259,9 @@ bool MET_database(gpre_dbb* database, bool print_version) if (gpreGlob.sw_sql_dialect != gpreGlob.compiletime_db_dialect) { char warn_mesg[100]; - sprintf(warn_mesg, "Pre 6.0 database. Cannot use dialect %d, Resetting to %d\n", - gpreGlob.sw_sql_dialect, gpreGlob.compiletime_db_dialect); + snprintf(warn_mesg, sizeof(warn_mesg), + "Pre 6.0 database. Cannot use dialect %d, Resetting to %d\n", + gpreGlob.sw_sql_dialect, gpreGlob.compiletime_db_dialect); CPR_warn(warn_mesg); } gpreGlob.sw_sql_dialect = gpreGlob.compiletime_db_dialect; @@ -268,8 +269,9 @@ bool MET_database(gpre_dbb* database, bool print_version) else if (gpreGlob.sw_sql_dialect != gpreGlob.compiletime_db_dialect) { char warn_mesg[100]; - sprintf(warn_mesg, "Client dialect set to %d. Compiletime database dialect is %d\n", - gpreGlob.sw_sql_dialect, gpreGlob.compiletime_db_dialect); + snprintf(warn_mesg, sizeof(warn_mesg), + "Client dialect set to %d. Compiletime database dialect is %d\n", + gpreGlob.sw_sql_dialect, gpreGlob.compiletime_db_dialect); CPR_warn(warn_mesg); } @@ -1626,8 +1628,8 @@ void MET_load_hash_table(gpre_dbb* database) else { TEXT buffer[200]; - - sprintf(buffer, "Cannot recognize character set '%s'", database->dbb_c_lc_ctype); + snprintf(buffer, sizeof(buffer), "Cannot recognize character set '%s'", + database->dbb_c_lc_ctype); PAR_error(buffer); } gpreGlob.sw_know_interp = database->dbb_know_subtype != 0; diff --git a/src/intl/utils/dtest.c b/src/intl/utils/dtest.c index a1132703ebf..ab2d30e1eee 100644 --- a/src/intl/utils/dtest.c +++ b/src/intl/utils/dtest.c @@ -89,9 +89,9 @@ int main(int argc, char** argv) Firebird::PathName path; char entry[200]; const int t_type = atoi(vector[i]); - sprintf(module, INTL_MODULE, t_type); + snprintf(module, sizeof(module), INTL_MODULE, t_type); path = fb_utils::getPrefix(Firebird::IConfigManager::FB_DIR_LIB, module); - sprintf(entry, INTL_INIT_ENTRY, t_type); + snprintf(entry, sizeof(entry), INTL_INIT_ENTRY, t_type); printf("path=%s entry=%s\n", path.c_str(), entry); func = (FPTR_INT) ISC_lookup_entrypoint(path.c_str(), entry, NULL); } diff --git a/src/iscguard/cntl_guard.cpp b/src/iscguard/cntl_guard.cpp index a24f992eb8c..06c487908d2 100644 --- a/src/iscguard/cntl_guard.cpp +++ b/src/iscguard/cntl_guard.cpp @@ -147,7 +147,7 @@ void CNTL_shutdown_service(const TEXT* message) const char* strings[2]; char buffer[BUFFER_SMALL]; - sprintf(buffer, "%s error: %lu", service_name->c_str(), GetLastError()); + snprintf(buffer, sizeof(buffer), "%s error: %lu", service_name->c_str(), GetLastError()); HANDLE event_source = RegisterEventSource(NULL, service_name->c_str()); if (event_source) diff --git a/src/iscguard/iscguard.cpp b/src/iscguard/iscguard.cpp index 983a7ba2d05..4bbcf9b3f89 100644 --- a/src/iscguard/iscguard.cpp +++ b/src/iscguard/iscguard.cpp @@ -693,7 +693,8 @@ THREAD_ENTRY_DECLARE start_and_watch_server(THREAD_ENTRY_PARAM) // error creating new process char szMsgString[256]; LoadString(hInstance_gbl, IDS_CANT_START_THREAD, szMsgString, 256); - sprintf(out_buf, "%s : %s errno : %d", path.c_str(), szMsgString, error); + snprintf(out_buf, sizeof(out_buf), "%s : %s errno : %d", path.c_str(), szMsgString, + error); write_log(IDS_CANT_START_THREAD, out_buf); if (service_flag) @@ -721,7 +722,7 @@ THREAD_ENTRY_DECLARE start_and_watch_server(THREAD_ENTRY_PARAM) { char szMsgString[256]; LoadString(hInstance_gbl, IDS_STARTING_GUARD, szMsgString, 256); - sprintf(out_buf, "%s: %s\n", szMsgString, path.c_str()); + snprintf(out_buf, sizeof(out_buf), "%s: %s\n", szMsgString, path.c_str()); write_log(IDS_LOG_START, out_buf); } @@ -758,7 +759,8 @@ THREAD_ENTRY_DECLARE start_and_watch_server(THREAD_ENTRY_PARAM) { char szMsgString[256]; LoadString(hInstance_gbl, IDS_STARTUP_ERROR, szMsgString, 256); - sprintf(out_buf, "%s: %s (%lu)\n", path.c_str(), szMsgString, exit_status); + snprintf(out_buf, sizeof(out_buf), "%s: %s (%lu)\n", path.c_str(), szMsgString, + exit_status); write_log(IDS_STARTUP_ERROR, out_buf); done = true; @@ -767,7 +769,8 @@ THREAD_ENTRY_DECLARE start_and_watch_server(THREAD_ENTRY_PARAM) { char szMsgString[256]; LoadString(hInstance_gbl, IDS_ABNORMAL_TERM, szMsgString, 256); - sprintf(out_buf, "%s: %s (%lu)\n", path.c_str(), szMsgString, exit_status); + snprintf(out_buf, sizeof(out_buf), "%s: %s (%lu)\n", path.c_str(), szMsgString, + exit_status); write_log(IDS_LOG_TERM, out_buf); // switch the icons if the server restarted @@ -782,7 +785,7 @@ THREAD_ENTRY_DECLARE start_and_watch_server(THREAD_ENTRY_PARAM) // Normal shutdown - ie: via ibmgr - don't restart the server char szMsgString[256]; LoadString(hInstance_gbl, IDS_NORMAL_TERM, szMsgString, 256); - sprintf(out_buf, "%s: %s\n", path.c_str(), szMsgString); + snprintf(out_buf, sizeof(out_buf), "%s: %s\n", path.c_str(), szMsgString); write_log(IDS_LOG_STOP, out_buf); done = true; } @@ -1110,8 +1113,9 @@ static void write_log(int log_action, const char* buff) time(<ime); const tm* today = localtime(<ime); - sprintf(tmp->log_time, "%02d:%02d", today->tm_hour, today->tm_min); - sprintf(tmp->log_date, "%02d/%02d/%02d", today->tm_mon + 1, today->tm_mday, today->tm_year % 100); + snprintf(tmp->log_time, sizeof(tmp->log_time), "%02d:%02d", today->tm_hour, today->tm_min); + snprintf(tmp->log_date, sizeof(tmp->log_date), "%02d/%02d/%02d", + today->tm_mon + 1, today->tm_mday, today->tm_year % 100); #else // TMN: Fixed this after bug-report. Should it really force // 24hr format in e.g US, where they use AM/PM wharts? @@ -1124,8 +1128,7 @@ static void write_log(int log_action, const char* buff) if (log_action >= IDS_LOG_START && log_action <= IDS_LOG_TERM) { // Only Windows 95 needs this information since it goes in the property sheet - LoadString(hInstance_gbl, log_action, tmp_buff, sizeof(tmp->log_action)); - sprintf(tmp->log_action, "%s", tmp_buff); + LoadString(hInstance_gbl, log_action, tmp->log_action, sizeof(tmp->log_action)); tmp->next = NULL; log_temp->next = tmp; } @@ -1142,8 +1145,7 @@ static void write_log(int log_action, const char* buff) char* act_buff[1]; act_buff[0] = buffer; - LoadString(hInstance_gbl, log_action + 1, tmp_buff, sizeof(tmp_buff)); - sprintf(act_buff[0], "%s", buff); + LoadString(hInstance_gbl, log_action + 1, act_buff[0], sizeof(buffer)); LPTSTR lpMsgBuf; FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | diff --git a/src/isql/extract.epp b/src/isql/extract.epp index 55af7d18d32..58880e6f884 100644 --- a/src/isql/extract.epp +++ b/src/isql/extract.epp @@ -459,7 +459,8 @@ int EXTRACT_list_table(const SCHAR* relation_name, if (!FLD.RDB$CHARACTER_SET_ID.NULL) char_set_id = FLD.RDB$CHARACTER_SET_ID; - ISQL_get_character_sets(char_set_id, collation, default_char_set_id, Get::CHARSET_ONLY, false, true, char_sets); + ISQL_get_character_sets(char_set_id, collation, default_char_set_id, + Get::CHARSET_ONLY, false, true, char_sets, sizeof(char_sets)); if (char_sets[0]) isqlGlob.prints(char_sets); // CVC: Someone deleted the code that checks intchar when handling collations @@ -483,7 +484,8 @@ int EXTRACT_list_table(const SCHAR* relation_name, { SCHAR collate_name[CHARSET_COLLATE_SIZE]; collate_name[0] = '\0'; - ISQL_get_character_sets(char_set_id, collation, default_char_set_id, Get::COLLATE_ONLY, false, true, collate_name); + ISQL_get_character_sets(char_set_id, collation, default_char_set_id, + Get::COLLATE_ONLY, false, true, collate_name, sizeof(collate_name)); if (collate_name[0]) { @@ -582,7 +584,7 @@ int EXTRACT_list_table(const SCHAR* relation_name, if (!RFR.RDB$COLLATION_ID.NULL) { char_sets[0] = '\0'; - ISQL_get_character_sets(char_set_id, collation, default_char_set_id, Get::COLLATE_ONLY, false, true, char_sets); + ISQL_get_character_sets(char_set_id, collation, default_char_set_id, Get::COLLATE_ONLY, false, true, char_sets, sizeof(char_sets)); if (char_sets[0]) isqlGlob.prints(char_sets); } @@ -705,7 +707,7 @@ static void get_procedure_args(const char* proc_name, SSHORT default_char_set_id * Make sure to pass here only the names of procedures that are global. * **************************************/ - SCHAR char_sets[95]; + SCHAR char_sets[CHARSET_COLLATE_SIZE]; // query to retrieve the parameters. @@ -820,7 +822,7 @@ static void get_procedure_args(const char* proc_name, SSHORT default_char_set_id { char_sets[0] = '\0'; ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, prm_collation_id, default_char_set_id, Get::COLLATE_ONLY, - !prm_null_flag_null && prm_null_flag, true, char_sets); + !prm_null_flag_null && prm_null_flag, true, char_sets, sizeof(char_sets)); if (char_sets[0]) isqlGlob.prints(char_sets); } @@ -876,7 +878,7 @@ static void get_procedure_args(const char* proc_name, SSHORT default_char_set_id FLD.RDB$CHARACTER_SET_ID = 0; ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, collation, default_char_set_id, Get::BOTH, - !prm_null_flag_null && prm_null_flag, true, char_sets); + !prm_null_flag_null && prm_null_flag, true, char_sets, sizeof(char_sets)); if (char_sets[0]) isqlGlob.prints(char_sets); } @@ -926,7 +928,7 @@ static void get_function_args_ods12(const char* func_name, USHORT out_arg, SSHOR * Make sure to pass here only the names of functions that are global. * **************************************/ - SCHAR char_sets[95]; + SCHAR char_sets[CHARSET_COLLATE_SIZE]; // Pass 0 - inputs, pass 1 - return value @@ -1043,8 +1045,9 @@ static void get_function_args_ods12(const char* func_name, USHORT out_arg, SSHOR !prm_collation_id_null) { char_sets[0] = '\0'; - ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, prm_collation_id, default_char_set_id, Get::COLLATE_ONLY, - !prm_null_flag_null && prm_null_flag, true, char_sets); + ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, prm_collation_id, + default_char_set_id, Get::COLLATE_ONLY, + !prm_null_flag_null && prm_null_flag, true, char_sets, sizeof(char_sets)); if (char_sets[0]) isqlGlob.prints(char_sets); } @@ -1099,8 +1102,9 @@ static void get_function_args_ods12(const char* func_name, USHORT out_arg, SSHOR if (FLD.RDB$CHARACTER_SET_ID.NULL) FLD.RDB$CHARACTER_SET_ID = 0; - ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, collation, default_char_set_id, Get::BOTH, - !prm_null_flag_null && prm_null_flag, true, char_sets); + ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, collation, + default_char_set_id, Get::BOTH, + !prm_null_flag_null && prm_null_flag, true, char_sets, sizeof(char_sets)); if (char_sets[0]) isqlGlob.prints(char_sets); @@ -2328,7 +2332,8 @@ static void list_domain_table(const SCHAR* table_name, SSHORT default_char_set_i { char_sets[0] = 0; - ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, FLD.RDB$COLLATION_ID, default_char_set_id, Get::CHARSET_ONLY, false, true, char_sets); + ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, FLD.RDB$COLLATION_ID, + default_char_set_id, Get::CHARSET_ONLY, false, true, char_sets, sizeof(char_sets)); if (char_sets[0]) isqlGlob.prints(char_sets); } @@ -2356,8 +2361,8 @@ static void list_domain_table(const SCHAR* table_name, SSHORT default_char_set_i if (!FLD.RDB$COLLATION_ID.NULL) { char_sets[0] = 0; - ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, FLD.RDB$COLLATION_ID, default_char_set_id, Get::COLLATE_ONLY, - false, true, char_sets); + ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, FLD.RDB$COLLATION_ID, + default_char_set_id, Get::COLLATE_ONLY, false, true, char_sets, sizeof(char_sets)); if (char_sets[0]) isqlGlob.prints(char_sets); @@ -2449,7 +2454,8 @@ static void list_domains(SSHORT default_char_set_id) FLD.RDB$FIELD_SUB_TYPE != fb_text_subtype_text)) { char_sets[0] = 0; - ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, FLD.RDB$COLLATION_ID, default_char_set_id, Get::CHARSET_ONLY, false, true, char_sets); + ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, FLD.RDB$COLLATION_ID, + default_char_set_id, Get::CHARSET_ONLY, false, true, char_sets, sizeof(char_sets)); if (char_sets[0]) isqlGlob.prints(char_sets); } @@ -2473,8 +2479,8 @@ static void list_domains(SSHORT default_char_set_id) if (!FLD.RDB$COLLATION_ID.NULL) { char_sets[0] = 0; - ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, FLD.RDB$COLLATION_ID, default_char_set_id, Get::COLLATE_ONLY, - false, true, char_sets); + ISQL_get_character_sets(FLD.RDB$CHARACTER_SET_ID, FLD.RDB$COLLATION_ID, + default_char_set_id, Get::COLLATE_ONLY, false, true, char_sets, sizeof(char_sets)); if (char_sets[0]) isqlGlob.prints(char_sets); @@ -2618,7 +2624,8 @@ static void listRelationComputed(LegacyTables flag, SSHORT default_char_set_id) char_sets[0] = '\0'; collation = RFR.RDB$COLLATION_ID; char_set_id = FLD.RDB$CHARACTER_SET_ID; - ISQL_get_character_sets(char_set_id, collation, default_char_set_id, Get::COLLATE_ONLY, false, true, char_sets); + ISQL_get_character_sets(char_set_id, collation, default_char_set_id, + Get::COLLATE_ONLY, false, true, char_sets, sizeof(char_sets)); if (char_sets[0]) isqlGlob.prints(char_sets); @@ -2681,7 +2688,8 @@ static void listRelationComputed(LegacyTables flag, SSHORT default_char_set_id) if (char_set_id != default_char_set_id) { // Currently ALTER TABLE syntax doesn't allow collation here. - ISQL_get_character_sets(char_set_id, collation, default_char_set_id, Get::CHARSET_ONLY, false, true, char_sets); + ISQL_get_character_sets(char_set_id, collation, default_char_set_id, + Get::CHARSET_ONLY, false, true, char_sets, sizeof(char_sets)); } if (char_sets[0]) isqlGlob.prints(char_sets); diff --git a/src/isql/isql.epp b/src/isql/isql.epp index dabb7696b75..03f2cfdc129 100644 --- a/src/isql/isql.epp +++ b/src/isql/isql.epp @@ -472,7 +472,7 @@ static processing_state execSetDebugCommand(); static processing_state frontend(const std::string&); static processing_state do_set_command(const TEXT*, bool*); static processing_state get_dialect(const char* const dialect_str, - char* const bad_dialect_buf, bool& bad_dialect); + char* const bad_dialect_buf, size_t sz, bool& bad_dialect); static bool get_numeric(const UCHAR*, USHORT, SSHORT*, SINT64*); static void print_set(const char* str, bool v); static processing_state print_sets(); @@ -1439,7 +1439,7 @@ SSHORT ISQL_get_char_length( void ISQL_get_character_sets(SSHORT char_set_id, SSHORT collation, SSHORT default_char_set_id, Get what, - bool not_null, bool quote, TEXT* string) + bool not_null, bool quote, TEXT* string, size_t sz) { /************************************** * @@ -1500,7 +1500,7 @@ void ISQL_get_character_sets(SSHORT char_set_id, SSHORT collation, // if global default charset has been changed. if (!charsetIsDefault || !collationIsDefault) { - sprintf(string, " CHARACTER SET %s%s", charSetName, notNullStr); + snprintf(string, sz, " CHARACTER SET %s%s", charSetName, notNullStr); return; } break; @@ -1509,7 +1509,7 @@ void ISQL_get_character_sets(SSHORT char_set_id, SSHORT collation, // Default colation is not printed to allow easy global change if (!collationIsDefault) { - sprintf(string, "%s COLLATE %s", notNullStr, collateName); + snprintf(string, sz, "%s COLLATE %s", notNullStr, collateName); return; } break; @@ -1519,9 +1519,10 @@ void ISQL_get_character_sets(SSHORT char_set_id, SSHORT collation, if (!charsetIsDefault || !collationIsDefault) { if (collationIsDefault) // Suppress collation only - sprintf(string, " CHARACTER SET %s%s", charSetName, notNullStr); + snprintf(string, sz, " CHARACTER SET %s%s", charSetName, notNullStr); else - sprintf(string, " CHARACTER SET %s%s COLLATE %s", charSetName, notNullStr, collateName); + snprintf(string, sz, " CHARACTER SET %s%s COLLATE %s", charSetName, notNullStr, + collateName); return; } break; @@ -1530,7 +1531,7 @@ void ISQL_get_character_sets(SSHORT char_set_id, SSHORT collation, // No need to write charset or collation but still must print "NOT NULL" if (not_null) { - sprintf(string, "%s", notNullStr); + snprintf(string, sz, "%s", notNullStr); } END_FOR ON_ERROR @@ -1541,9 +1542,8 @@ void ISQL_get_character_sets(SSHORT char_set_id, SSHORT collation, if (!found) { TEXT Print_buffer[PRINT_BUFFER_LENGTH]; - sprintf(Print_buffer, - "ISQL_get_character_set: charset %d collation %d not found.\n", - char_set_id, collation); + snprintf(Print_buffer, sizeof(Print_buffer), + "ISQL_get_character_set: charset %d collation %d not found.\n", char_set_id, collation); STDERROUT(Print_buffer); } #endif @@ -1832,7 +1832,7 @@ SLONG ISQL_get_index_segments(TEXT* segs, } else { - sprintf (segs, ", %s", SQL_identifier); + snprintf(segs, segs_end - segs + 1, ", %s", SQL_identifier); segs += len + 2; } } @@ -2908,9 +2908,9 @@ static processing_state add_row(const MetaString& tabname) if (dscale > 0) { TEXT err_buf[256]; - sprintf(err_buf, - "input error: input scale %d exceeds the field's scale %d", - -lscale, -scale); + snprintf(err_buf, sizeof(err_buf), + "input error: input scale %d exceeds the field's scale %d", + -lscale, -scale); STDERROUT(err_buf); done = true; } @@ -3731,9 +3731,9 @@ static processing_state bulk_insert_hack(const char* command) if (dscale > 0) { TEXT err_buf[256]; - sprintf(err_buf, - "Input error: input scale %d exceeds the field's scale %d", - -lscale, -scale); + snprintf(err_buf, sizeof(err_buf), + "Input error: input scale %d exceeds the field's scale %d", + -lscale, -scale); STDERROUT(err_buf); done = true; } @@ -3915,7 +3915,7 @@ static processing_state bulk_insert_hack(const char* command) } TEXT errbuf[MSG_LENGTH]; - sprintf(errbuf, "Stopped prematurely due to error in line %d with text:", + snprintf(errbuf, sizeof(errbuf), "Stopped prematurely due to error in line %d with text:", Filelist->Ifp().indev_aux); STDERROUT(errbuf); STDERROUT(lastInputLine); @@ -4163,7 +4163,7 @@ static processing_state copy_table(const MetaString& source, const MetaString& d if (*otherdb) altdb = otherdb; TEXT cmd[MAXPATHLEN * 2 + 20]; - sprintf(cmd, "isql -q %s -i %s", altdb, ftmp.c_str()); + snprintf(cmd, sizeof(cmd), "isql -q %s -i %s", altdb, ftmp.c_str()); if (system(cmd)) { IUTILS_msg_get(COPY_ERR, errbuf, SafeArg() << destination.c_str() << altdb); @@ -5234,7 +5234,7 @@ static processing_state frontend(const std::string& statement) [&](const FrontendParser::SetSqlDialectNode& node) { - return get_dialect(node.arg.c_str(), bad_dialect_buf, bad_dialect); + return get_dialect(node.arg.c_str(), bad_dialect_buf, sizeof(bad_dialect_buf), bad_dialect); }, [](const FrontendParser::SetStatsNode& node) @@ -5380,7 +5380,7 @@ static processing_state do_set_command(const TEXT* parm, bool* global_flag) // ********************* // Validates SET SQL DIALECT command according to the target db. static processing_state get_dialect(const char* const dialect_str, - char* const bad_dialect_buf, bool& bad_dialect) + char* const bad_dialect_buf, size_t sz, bool& bad_dialect) { processing_state ret = SKIP; bool print_warning = false; @@ -5391,8 +5391,7 @@ static processing_state get_dialect(const char* const dialect_str, isqlGlob.SQL_dialect > SQL_DIALECT_V6) { bad_dialect = true; - sprintf(bad_dialect_buf, "%s%s", - "invalid SQL dialect ", dialect_str); + snprintf(bad_dialect_buf, sz, "invalid SQL dialect %s", dialect_str); isqlGlob.SQL_dialect = old_SQL_dialect; // restore SQL dialect ret = ps_ERR; } @@ -5406,25 +5405,18 @@ static processing_state get_dialect(const char* const dialect_str, { if (global_dialect_spoken) { - sprintf(bad_dialect_buf, - "%s%d%s%s%s%d%s", - "ERROR: Database SQL dialect ", - global_dialect_spoken, - " database does not accept Client SQL dialect ", - dialect_str, - " setting. Client SQL dialect still remains ", - old_SQL_dialect, NEWLINE); + snprintf(bad_dialect_buf, sz, + "ERROR: Database SQL dialect %d database does not accept Client " + "SQL dialect %s setting. Client SQL dialect still remains %d\n", + global_dialect_spoken, dialect_str, old_SQL_dialect); } else { - sprintf(bad_dialect_buf, - "%s%s%s%s%s%s", - "ERROR: Pre IB V6 database only speaks ", - "Database SQL dialect 1 and ", - "does not accept Client SQL dialect ", - dialect_str, - " setting. Client SQL dialect still remains 1.", - NEWLINE); + snprintf(bad_dialect_buf, sz, + "ERROR: Pre IB V6 database only speaks Database SQL dialect 1 " + "and does not accept Client SQL dialect %s setting. Client SQL " + "dialect still remains 1.\n", + dialect_str); } isqlGlob.SQL_dialect = old_SQL_dialect; // restore SQL dialect isqlGlob.prints(bad_dialect_buf); @@ -5457,13 +5449,10 @@ static processing_state get_dialect(const char* const dialect_str, } if (print_warning && setValues.Warnings) { - //print_warning = false; - sprintf(bad_dialect_buf, "%s%d%s%d%s%s", - "WARNING: Client SQL dialect has been set to ", - isqlGlob.SQL_dialect, - " when connecting to Database SQL dialect ", - global_dialect_spoken, - " database. ", NEWLINE); + snprintf(bad_dialect_buf, sz, + "WARNING: Client SQL dialect has been set to %d when connecting to " + "Database SQL dialect %d database.\n", + isqlGlob.SQL_dialect, global_dialect_spoken); isqlGlob.prints(bad_dialect_buf); } } @@ -5475,8 +5464,7 @@ static processing_state get_dialect(const char* const dialect_str, // handle non numeric invalid "set sql dialect" case isqlGlob.SQL_dialect = old_SQL_dialect; // restore SQL dialect bad_dialect = true; - sprintf(bad_dialect_buf, "%s%s", "invalid SQL dialect ", - dialect_str); + snprintf(bad_dialect_buf, sz, "invalid SQL dialect %s", dialect_str); ret = ps_ERR; } return ret; @@ -5674,12 +5662,10 @@ void ISQL_get_version(bool call_by_create_db) if (isqlGlob.SQL_dialect > SQL_DIALECT_V5 && setValues.Warnings) { isqlGlob.printf(NEWLINE); - sprintf(bad_dialect_buf, "%s%s%s%d%s%s", - "WARNING: Pre IB V6 database only speaks", - " SQL dialect 1 and ", - "does not accept Client SQL dialect ", - isqlGlob.SQL_dialect, - " . Client SQL dialect is reset to 1.", NEWLINE); + snprintf(bad_dialect_buf, sizeof(bad_dialect_buf), + "WARNING: Pre IB V6 database only speaks SQL dialect 1 and does not accept " + "Client SQL dialect %d . Client SQL dialect is reset to 1.\n", + isqlGlob.SQL_dialect); isqlGlob.prints(bad_dialect_buf); } } @@ -5705,11 +5691,9 @@ void ISQL_get_version(bool call_by_create_db) { print_warning = false; isqlGlob.printf(NEWLINE); - sprintf(bad_dialect_buf, "%s%d%s%d%s%s", - "WARNING: This database speaks SQL dialect ", - global_dialect_spoken, - " but Client SQL dialect was set to ", - isqlGlob.SQL_dialect, " .", NEWLINE); + snprintf(bad_dialect_buf, sizeof(bad_dialect_buf), + "WARNING: This database speaks SQL dialect %d but Client SQL dialect was " + "set to %d .\n", global_dialect_spoken, isqlGlob.SQL_dialect); isqlGlob.prints(bad_dialect_buf); } } @@ -5726,19 +5710,17 @@ void ISQL_get_version(bool call_by_create_db) { isqlGlob.printf(NEWLINE); if (call_by_create_db) - sprintf(bad_dialect_buf, "%s%s%d%s%s", - "WARNING: Pre IB V6 server only speaks SQL dialect 1", - " and does not accept Client SQL dialect ", - isqlGlob.SQL_dialect, - " . Client SQL dialect is reset to 1.", NEWLINE); + snprintf(bad_dialect_buf, sizeof(bad_dialect_buf), + "WARNING: Pre IB V6 server only speaks SQL dialect 1 and does not accept " + "Client SQL dialect %d . Client SQL dialect is reset to 1.\n", + isqlGlob.SQL_dialect); else { //connecting_to_pre_v6_server = true; Not used anywhere. - sprintf(bad_dialect_buf, "%s%s%d%s%s", - "ERROR: Pre IB V6 server only speaks SQL dialect 1", - " and does not accept Client SQL dialect ", - isqlGlob.SQL_dialect, - " . Client SQL dialect is reset to 1.", NEWLINE); + snprintf(bad_dialect_buf, sizeof(bad_dialect_buf), + "ERROR: Pre IB V6 server only speaks SQL dialect 1 and does not accept " + "Client SQL dialect %d . Client SQL dialect is reset to 1.\n", + isqlGlob.SQL_dialect); } isqlGlob.prints(bad_dialect_buf); } @@ -5747,11 +5729,10 @@ void ISQL_get_version(bool call_by_create_db) if (isqlGlob.SQL_dialect == 0) { //connecting_to_pre_v6_server = true; Not used anywhere. - sprintf(bad_dialect_buf, "%s%s%d%s%s", - "ERROR: Pre IB V6 server only speaks SQL dialect 1", - " and does not accept Client SQL dialect ", - isqlGlob.SQL_dialect, - " . Client SQL dialect is reset to 1.", NEWLINE); + snprintf(bad_dialect_buf, sizeof(bad_dialect_buf), + "ERROR: Pre IB V6 server only speaks SQL dialect 1 and does not accept " + "Client SQL dialect %d . Client SQL dialect is reset to 1.\n", + isqlGlob.SQL_dialect); isqlGlob.prints(bad_dialect_buf); } } @@ -7184,7 +7165,10 @@ static bool checkSpecial(TEXT* const p, const int length, const double value) if (setValues.List) { isqlGlob.printf("%s%s", t, NEWLINE); } - sprintf(p, "%*.*s ", length, length, t); + // We're working under the assumption that length is the maximum number of characters to produce, + // and that the available buffer is at least 1 byte longer for nul-termination. + const size_t bufSize = static_cast(length) + 1; + snprintf(p, bufSize, "%*.*s ", length, length, t); return true; } @@ -7202,6 +7186,9 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) * Print an SQL data item as described. * **************************************/ + // We're working under the assumption that length is the maximum number of characters to + // produce, and that the available buffer is at least 1 byte longer for nul-termination. + const size_t bufSize = static_cast(length) + 1; const char* convErr = "Conversion error"; TEXT d[64]; TEXT* p = *s; @@ -7223,9 +7210,9 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) } if (dtype == SQL_TEXT || dtype == SQL_VARYING || dtype == SQL_BOOLEAN) - sprintf(p, "%-*.*s ", length, length, ""); + snprintf(p, bufSize, "%-*.*s ", length, length, ""); else - sprintf(p, "%*.*s ", length, length, ""); + snprintf(p, bufSize, "%*.*s ", length, length, ""); } else if (!strncmp(var->field, "DB_KEY", 6)) { @@ -7240,7 +7227,7 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) } else { - sprintf(d, "%02X", (unsigned int) (UCHAR) *t); + snprintf(d, sizeof(d), "%02X", (unsigned int)(UCHAR)*t); strcat(p, d); } } @@ -7263,9 +7250,9 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) // Print blob-ids only here blobid = var->value.blobid; - sprintf(blobbuf, "%" xLONGFORMAT":%" xLONGFORMAT, blobid->gds_quad_high, - blobid->gds_quad_low); - sprintf(p, "%*s ", MAX(17, length), blobbuf); + snprintf(blobbuf, sizeof(blobbuf), "%" xLONGFORMAT":%" xLONGFORMAT, + blobid->gds_quad_high, blobid->gds_quad_low); + snprintf(p, bufSize, "%*s ", MIN(17, length), blobbuf); break; case SQL_BLOB: @@ -7273,9 +7260,9 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) // Print blob-ids only here blobid = var->value.blobid; - sprintf(blobbuf, "%" xLONGFORMAT":%" xLONGFORMAT, blobid->gds_quad_high, - blobid->gds_quad_low); - sprintf(p, "%*s ", MAX(17, length), blobbuf); + snprintf(blobbuf, sizeof(blobbuf), "%" xLONGFORMAT":%" xLONGFORMAT, + blobid->gds_quad_high, blobid->gds_quad_low); + snprintf(p, bufSize, "%*s ", MIN(17, length), blobbuf); if (setValues.List) { isqlGlob.printf("%s%s", blobbuf, NEWLINE); @@ -7305,7 +7292,7 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) string str_buf; print_item_numeric(value, length, dscale, str_buf.getBuffer(length)); - sprintf(p, "%s ", str_buf.c_str()); + snprintf(p, bufSize, "%s ", str_buf.c_str()); if (setValues.List) { str_buf.ltrim(); // Added 1999-03-23 to left-justify in LIST ON mode @@ -7332,20 +7319,20 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) #if defined(MINGW) if (value == 0) { - sprintf(p, "% #*.*g ", length, (int) MIN(8, (length - 6)) - 1, value); + snprintf(p, bufSize, "% #*.*g ", length, (int) MIN(8, (length - 6)) - 1, value); if (setValues.List) { isqlGlob.printf("%.*g%s", FLOAT_LEN - 6 -1, value, NEWLINE); } } else { - sprintf(p, "% #*.*g ", length, (int) MIN(8, (length - 6)), value); + snprintf(p, bufSize, "% #*.*g ", length, (int) MIN(8, (length - 6)), value); if (setValues.List) { isqlGlob.printf("%.*g%s", FLOAT_LEN - 6, value, NEWLINE); } } #else - sprintf(p, "% #*.*g ", length, (int) MIN(8, (length - 6)), value); + snprintf(p, bufSize, "% #*.*g ", length, (int) MIN(8, (length - 6)), value); if (setValues.List) { isqlGlob.printf("%.*g%s", FLOAT_LEN - 6, value, NEWLINE); } @@ -7397,7 +7384,7 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) precision = -dscale; } - sprintf(p, "%*.*f ", length, precision, value); + snprintf(p, bufSize, "%*.*f ", length, precision, value); if (setValues.List) { isqlGlob.printf("%.*f%s", precision, /*dscale,*/ value, NEWLINE); @@ -7408,20 +7395,22 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) #if defined(MINGW) if (value == 0) { - sprintf(p, "% #*.*g ", length, (int) MIN(16, (length - 7)) - 1, value); + snprintf(p, bufSize, "% #*.*g ", length, + (int) MIN(16, (length - 7)) - 1, value); if (setValues.List) { isqlGlob.printf("%#.*g%s", DOUBLE_LEN - 7 - 1, value, NEWLINE); } } else { - sprintf(p, "% #*.*g ", length, (int) MIN(16, (length - 7)), value); + snprintf(p, bufSize, "% #*.*g ", length, + (int) MIN(16, (length - 7)), value); if (setValues.List) { isqlGlob.printf("%#.*g%s", DOUBLE_LEN - 7, value, NEWLINE); } } #else - sprintf(p, "% #*.*g ", length, (int) MIN(16, (length - 7)), value); + snprintf(p, bufSize, "% #*.*g ", length, (int) MIN(16, (length - 7)), value); if (setValues.List) { isqlGlob.printf("%#.*g%s", DOUBLE_LEN - 7, value, NEWLINE); } @@ -7445,7 +7434,7 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) if (setValues.List) isqlGlob.printf("%*.*s%s", int(sizeof(decStr) - 1), int(sizeof(decStr) - 1), decStr, NEWLINE); else - sprintf(p, "%*.*s ", int(sizeof(decStr) - 1), int(sizeof(decStr) - 1), decStr); + snprintf(p, bufSize, "%*.*s ", int(sizeof(decStr) - 1), int(sizeof(decStr) - 1), decStr); } break; @@ -7467,7 +7456,8 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) decStr, NEWLINE); } else - sprintf(p, "%*.*s ", int(sizeof(decStr) - 1), int(sizeof(decStr) - 1), decStr); + snprintf(p, bufSize, "%*.*s ", int(sizeof(decStr) - 1), int(sizeof(decStr) - 1), + decStr); } break; @@ -7489,7 +7479,8 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) intStr, NEWLINE); } else - sprintf(p, "%*.*s ", int(sizeof(intStr) - 1), int(sizeof(intStr) - 1), intStr); + snprintf(p, bufSize, "%*.*s ", int(sizeof(intStr) - 1), int(sizeof(intStr) - 1), + intStr); } break; @@ -7498,19 +7489,19 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) // See if it is character set OCTETS if (var->charSet == 1) { - const ULONG hex_len = 2 * var->length; - TEXT* buff2 = (TEXT*) ISQL_ALLOC(hex_len + 1); + string hexStr; + hexStr.reserve(2 * static_cast(var->length)); + char hex[3]; // Convert the string to hex digits for (unsigned i = 0; i < var->length; i++) { - sprintf(&buff2[i * 2], "%02X", (UCHAR)str2[i]); + snprintf(hex, sizeof(hex), "%02X", (UCHAR)str2[i]); + hexStr.append(hex); } - buff2[hex_len] = 0; if (setValues.List) { - isqlGlob.printf("%-*s%s", var->length, buff2, NEWLINE); + isqlGlob.printf("%-*s%s", var->length, hexStr.c_str(), NEWLINE); } else - sprintf(p, "%-*s ", length, buff2); - ISQL_FREE(buff2); + snprintf(p, bufSize, "%-*s ", length, hexStr.c_str()); } else if (setValues.List) isqlGlob.printf("%-*.*s%s", var->length, var->length, str2, NEWLINE); @@ -7530,27 +7521,27 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) // If CHARACTER SET OCTETS, print two hex digits per octet if (var->charSet == 1) { - const ULONG hex_len = 2 * avary->vary_length; - char* buff2 = static_cast(ISQL_ALLOC(hex_len + 1)); - char* bp = buff2; - - for (unsigned i = 0; i < avary->vary_length; i++, bp += 2) + string hexStr; + hexStr.reserve(2 * static_cast(avary->vary_length)); + char hex[3]; + for (unsigned i = 0; i < avary->vary_length; i++) { - sprintf(bp, "%02X", - static_cast(avary->vary_string[i])); + snprintf(hex, sizeof(hex), "%02X", + static_cast(avary->vary_string[i])); + hexStr.append(hex); } - buff2[hex_len] = '\0'; // there is an extra byte for terminator if (setValues.List) { - isqlGlob.printf("%s%s", buff2, NEWLINE); + isqlGlob.printf("%s%s", hexStr.c_str(), NEWLINE); } else { // Truncate if necessary - sprintf(p, "%-*.*s ", length, static_cast(MIN(length, hex_len)), buff2); + snprintf(p, bufSize, "%-*.*s ", length, + static_cast(MIN(length, hexStr.length())), + hexStr.c_str()); } - ISQL_FREE(buff2); } else if (setValues.List) isqlGlob.printf("%-*.*s%s", avary->vary_length, avary->vary_length, avary->vary_string, NEWLINE); @@ -7569,26 +7560,22 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) if (isqlGlob.SQL_dialect > SQL_DIALECT_V5) { - sprintf(d, "%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d.%4.4" ULONGFORMAT, - times.tm_year + 1900, (times.tm_mon + 1), - times.tm_mday, times.tm_hour, times.tm_min, - times.tm_sec, - fractions); + snprintf(d, sizeof(d), "%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d.%4.4" ULONGFORMAT, + times.tm_year + 1900, (times.tm_mon + 1), times.tm_mday, + times.tm_hour, times.tm_min, times.tm_sec, fractions); } else { if (setValues.Time_display) - sprintf(d, "%2.2d-%s-%4.4d %2.2d:%2.2d:%2.2d.%4.4" ULONGFORMAT, - times.tm_mday, alpha_months[times.tm_mon], - times.tm_year + 1900, times.tm_hour, times.tm_min, - times.tm_sec, - fractions); + snprintf(d, sizeof(d), "%2.2d-%s-%4.4d %2.2d:%2.2d:%2.2d.%4.4" ULONGFORMAT, + times.tm_mday, alpha_months[times.tm_mon], times.tm_year + 1900, + times.tm_hour, times.tm_min, times.tm_sec, fractions); else - sprintf(d, "%2.2d-%s-%4.4d", times.tm_mday, - alpha_months[times.tm_mon], times.tm_year + 1900); + snprintf(d, sizeof(d), "%2.2d-%s-%4.4d", + times.tm_mday, alpha_months[times.tm_mon], times.tm_year + 1900); } - sprintf(p, "%-*.*s ", length, length, d); + snprintf(p, bufSize, "%-*.*s ", length, length, d); if (setValues.List) isqlGlob.printf("%s%s", d, NEWLINE); @@ -7616,10 +7603,10 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) if (ISQL_errmsg(fbStatus)) return ps_ERR; - sprintf(d, "%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d.%4.4d %s", - year, month, day, hours, minutes, seconds, fractions, timeZone); + snprintf(d, sizeof(d), "%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d.%4.4d %s", + year, month, day, hours, minutes, seconds, fractions, timeZone); - sprintf(p, "%-*.*s ", length, length, d); + snprintf(p, bufSize, "%-*.*s ", length, length, d); if (setValues.List) isqlGlob.printf("%s%s", d, NEWLINE); @@ -7632,11 +7619,10 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) isc_decode_sql_time(var->value.asTime, ×); ULONG fractions = (*var->value.asTime) % ISC_TIME_SECONDS_PRECISION; - sprintf(d, "%2.2d:%2.2d:%2.2d.%4.4" ULONGFORMAT, - times.tm_hour, times.tm_min, times.tm_sec, - fractions); + snprintf(d, sizeof(s), "%2.2d:%2.2d:%2.2d.%4.4" ULONGFORMAT, + times.tm_hour, times.tm_min, times.tm_sec, fractions); - sprintf(p, "%-*.*s ", length, length, d); + snprintf(p, bufSize, "%-*.*s ", length, length, d); if (setValues.List) isqlGlob.printf("%s%s", d, NEWLINE); @@ -7664,9 +7650,10 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) if (ISQL_errmsg(fbStatus)) return ps_ERR; - sprintf(d, "%2.2d:%2.2d:%2.2d.%4.4d %s", hours, minutes, seconds, fractions, timeZone); + snprintf(d, sizeof(d), "%2.2d:%2.2d:%2.2d.%4.4d %s", + hours, minutes, seconds, fractions, timeZone); - sprintf(p, "%-*.*s ", length, length, d); + snprintf(p, bufSize, "%-*.*s ", length, length, d); if (setValues.List) isqlGlob.printf("%s%s", d, NEWLINE); @@ -7676,10 +7663,10 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) case SQL_TYPE_DATE: isc_decode_sql_date(var->value.asDate, ×); - sprintf(d, "%4.4d-%2.2d-%2.2d", times.tm_year + 1900, - (times.tm_mon + 1), times.tm_mday); + snprintf(d, sizeof(d), "%4.4d-%2.2d-%2.2d", + times.tm_year + 1900, (times.tm_mon + 1), times.tm_mday); - sprintf(p, "%-*.*s ", length, length, d); + snprintf(p, bufSize, "%-*.*s ", length, length, d); if (setValues.List) { isqlGlob.printf("%s%s", d, NEWLINE); } @@ -7687,14 +7674,14 @@ static unsigned print_item(TEXT** s, const IsqlVar* var, const unsigned length) case SQL_BOOLEAN: strcpy(d, (*var->value.asBoolean ? "" : "")); - sprintf(p, "%-*.*s ", length, length, d); + snprintf(p, bufSize, "%-*.*s ", length, length, d); if (setValues.List) isqlGlob.printf("%s%s", d, NEWLINE); break; default: - sprintf(d, "Unknown type: %d", dtype); - sprintf(p, "%-*s ", length, d); + snprintf(d, sizeof(d), "Unknown type: %d", dtype); + snprintf(p, bufSize, "%-*s ", length, d); if (setValues.List) { isqlGlob.printf("%s%s", d, NEWLINE); } @@ -7842,12 +7829,15 @@ static void print_item_numeric(SINT64 value, int length, int scale, TEXT* buf) * decimal point '.' for scale notation * **************************************/ + // We're working under the assumption that length is the maximum number of characters to + // produce, and that the available buffer is at least 1 byte longer for nul-termination. + const size_t bufSize = static_cast(length) + 1; // Handle special case of no negative scale, no '.' required! if (scale >= 0) { if (scale > 0) value *= (SINT64) pow(10.0, (double) scale); - sprintf(buf, "%*" SQUADFORMAT, length, value); + snprintf(buf, bufSize, "%*" SQUADFORMAT, length, value); return; } @@ -7855,7 +7845,7 @@ static void print_item_numeric(SINT64 value, int length, int scale, TEXT* buf) // Use one less space than allowed, to leave room for '.' length--; - sprintf(buf, "%*" SQUADFORMAT, length, value); + snprintf(buf, bufSize, "%*" SQUADFORMAT, length, value); // start from LSByte towards MSByte int from = length - 1; diff --git a/src/isql/isql_proto.h b/src/isql/isql_proto.h index 6bf042a7734..5157ba9649c 100644 --- a/src/isql/isql_proto.h +++ b/src/isql/isql_proto.h @@ -51,7 +51,7 @@ enum class Get void ISQL_get_character_sets( SSHORT char_set_id, SSHORT collation, SSHORT default_char_set_id, Get what, - bool not_null, bool quote, TEXT* string); + bool not_null, bool quote, TEXT* string, size_t sz); SSHORT ISQL_get_default_char_set_id(); void ISQL_get_default_source(const TEXT*, TEXT*, ISC_QUAD*); SSHORT ISQL_get_field_length(const TEXT*); diff --git a/src/isql/show.epp b/src/isql/show.epp index ab1c6d62891..473bcaa71ad 100644 --- a/src/isql/show.epp +++ b/src/isql/show.epp @@ -755,50 +755,55 @@ static const char* granted_by(char* buffer, const char* grantor, bool nullGranto } -static void set_grantee(int user_type, const char* SQL_identifier, char* user_string) +static void set_grantee(int user_type, const char* SQL_identifier, char* const user_string, size_t sz) { + const char* format; switch (user_type) { case obj_view: - sprintf(user_string, "VIEW %s", SQL_identifier); + format = "VIEW %s"; break; case obj_trigger: - sprintf(user_string, "TRIGGER %s", SQL_identifier); + format = "TRIGGER %s"; break; case obj_procedure: - sprintf(user_string, "PROCEDURE %s", SQL_identifier); + format = "PROCEDURE %s"; break; case obj_udf: - sprintf(user_string, "FUNCTION %s", SQL_identifier); + format = "FUNCTION %s"; break; case obj_user: if (strcmp(SQL_identifier, "PUBLIC")) - sprintf(user_string, "USER %s", SQL_identifier); + format = "USER %s"; else - strcpy(user_string, SQL_identifier); + format = "%s"; break; case obj_user_group: - sprintf(user_string, "GROUP %s", SQL_identifier); + format = "GROUP %s"; break; case obj_sql_role: - sprintf(user_string, "ROLE %s", SQL_identifier); + format = "ROLE %s"; break; case obj_package_header: - sprintf(user_string, "PACKAGE %s", SQL_identifier); + format = "PACKAGE %s"; break; case obj_privilege: FOR T IN RDB$TYPES WITH T.RDB$FIELD_NAME EQ 'RDB$SYSTEM_PRIVILEGES' AND T.RDB$TYPE EQ atoi(SQL_identifier) { - sprintf(user_string, "SYSTEM PRIVILEGE %s", fb_utils::exact_name(T.RDB$TYPE_NAME)); + snprintf(user_string, sz, "SYSTEM PRIVILEGE %s", fb_utils::exact_name(T.RDB$TYPE_NAME)); + return; } END_FOR + // In case none was found + format = ""; break; default: - strcpy(user_string, SQL_identifier); + format = "%s"; break; } + snprintf(user_string, sz, format, SQL_identifier); } @@ -997,7 +1002,7 @@ processing_state SHOW_grants2 (const SCHAR* object, break; } - set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string, sizeof(user_string)); // Only the first character is used for permissions const char c = PRV.RDB$PRIVILEGE[0]; @@ -1122,7 +1127,7 @@ processing_state SHOW_grants2 (const SCHAR* object, break; } - set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string, sizeof(user_string)); if (PRV.RDB$GRANT_OPTION) strcpy(with_option, " WITH GRANT OPTION"); @@ -1262,7 +1267,7 @@ processing_state SHOW_grants2 (const SCHAR* object, break; } - set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string, sizeof(user_string)); if (PRV.RDB$GRANT_OPTION) strcpy(with_option, " WITH GRANT OPTION"); @@ -1340,7 +1345,7 @@ processing_state SHOW_grants2 (const SCHAR* object, break; } - set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string, sizeof(user_string)); if (PRV.RDB$GRANT_OPTION) strcpy(with_option, " WITH GRANT OPTION"); @@ -1414,7 +1419,7 @@ processing_state SHOW_grants2 (const SCHAR* object, break; } - set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string, sizeof(user_string)); if (PRV.RDB$GRANT_OPTION) strcpy(with_option, " WITH GRANT OPTION"); @@ -1488,7 +1493,7 @@ processing_state SHOW_grants2 (const SCHAR* object, break; } - set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string, sizeof(user_string)); if (PRV.RDB$GRANT_OPTION) strcpy(with_option, " WITH GRANT OPTION"); @@ -1563,7 +1568,7 @@ processing_state SHOW_grants2 (const SCHAR* object, break; } - set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string, sizeof(user_string)); if (PRV.RDB$GRANT_OPTION) strcpy(with_option, " WITH GRANT OPTION"); @@ -1637,7 +1642,7 @@ processing_state SHOW_grants2 (const SCHAR* object, break; } - set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string, sizeof(user_string)); if (PRV.RDB$GRANT_OPTION) strcpy(with_option, " WITH GRANT OPTION"); @@ -1711,7 +1716,7 @@ processing_state SHOW_grants2 (const SCHAR* object, break; } - set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string, sizeof(user_string)); if (PRV.RDB$GRANT_OPTION) strcpy(with_option, " WITH GRANT OPTION"); @@ -1812,7 +1817,7 @@ processing_state SHOW_grants2 (const SCHAR* object, break; } - set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string); + set_grantee(PRV.RDB$USER_TYPE, SQL_identifier, user_string, sizeof(user_string)); strcpy(obj_string, getDdlObjectName(PRV.RDB$OBJECT_TYPE)); @@ -1858,7 +1863,7 @@ processing_state SHOW_grants2 (const SCHAR* object, break; } - set_grantee(PRV.SEC$USER_TYPE, SQL_identifier, user_string); + set_grantee(PRV.SEC$USER_TYPE, SQL_identifier, user_string, sizeof(user_string)); isqlGlob.printf("GRANT CREATE DATABASE TO %s%s%s", user_string, terminator, NEWLINE); @@ -2944,9 +2949,8 @@ static void show_charsets(SSHORT char_set_id, SSHORT collation) if (!found) { TEXT Print_buffer[PRINT_BUFFER_LENGTH]; - sprintf(Print_buffer, - "ISQL_get_character_set: charset %d collation %d not found.\n", - char_set_id, collation); + snprintf(Print_buffer, sizeof(Print_buffer), + "ISQL_get_character_set: charset %d collation %d not found.\n", char_set_id, collation); STDERROUT(Print_buffer); } #endif @@ -6339,12 +6343,12 @@ static processing_state show_trigger(const SCHAR* object, bool show_source, bool if (isTriggerName) { - sprintf(triggerName, "%s", object); + snprintf(triggerName, sizeof(triggerName), "%s", object); relationName[0] = '\0'; } else { - sprintf(relationName, "%s", object); + snprintf(relationName, sizeof(relationName), "%s", object); triggerName[0] = '\0'; } diff --git a/src/jrd/Database.cpp b/src/jrd/Database.cpp index f5ebd7502e2..c6583468130 100644 --- a/src/jrd/Database.cpp +++ b/src/jrd/Database.cpp @@ -143,11 +143,12 @@ namespace Jrd UCharBuffer buffer; os_utils::getUniqueFileId(pageSpace->file->fil_desc, buffer); - auto ptr = dbb_file_id.getBuffer(2 * buffer.getCount()); + dbb_file_id.reserve(2 * static_cast(buffer.getCount())); + char hex[3]; for (const auto val : buffer) { - sprintf(ptr, "%02x", (int) val); - ptr += 2; + snprintf(hex, sizeof(hex), "%02x", static_cast(val)); + dbb_file_id.append(hex); } } diff --git a/src/jrd/InitCDSLib.cpp b/src/jrd/InitCDSLib.cpp index a03f4cd79c2..dd27722a90d 100644 --- a/src/jrd/InitCDSLib.cpp +++ b/src/jrd/InitCDSLib.cpp @@ -64,35 +64,37 @@ InitCDS::~InitCDS() { cds::gc::dhp::smr::destruct(true); - char str[512]; - // CDS_ENABLE_HPSTAT is not defined by default. // Rebuild of libcds after change is required. #ifdef CDS_ENABLE_HPSTAT - cds::gc::DHP::stat const& st = cds::gc::DHP::postmortem_statistics(); - - sprintf(str, "DHP statistics:\n" - " thread count = %llu\n" - " guard allocated = %llu\n" - " guard freed = %llu\n" - " retired data count = %llu\n" - " free data count = %llu\n" - " HP blocks allocated = %llu\n" - " retired blocks allocated = %llu\n" - " hp array extend() calls = %llu\n" - " retired array extend() = %llu\n" - " scan() call count = %llu\n" - " help_scan() call count = %llu\n" - "\n", - st.thread_rec_count, - st.guard_allocated, st.guard_freed, - st.retired_count, st.free_count, - st.hp_block_count, st.retired_block_count, - st.hp_extend_count, st.retired_extend_count, - st.scan_count, st.help_scan_count - ); - gds__log(str); + { + char str[512]; + cds::gc::DHP::stat const& st = cds::gc::DHP::postmortem_statistics(); + + snprintf(str, sizeof(str), + "DHP statistics:\n" + " thread count = %llu\n" + " guard allocated = %llu\n" + " guard freed = %llu\n" + " retired data count = %llu\n" + " free data count = %llu\n" + " HP blocks allocated = %llu\n" + " retired blocks allocated = %llu\n" + " hp array extend() calls = %llu\n" + " retired array extend() = %llu\n" + " scan() call count = %llu\n" + " help_scan() call count = %llu\n" + "\n", + st.thread_rec_count, + st.guard_allocated, st.guard_freed, + st.retired_count, st.free_count, + st.hp_block_count, st.retired_block_count, + st.hp_extend_count, st.retired_extend_count, + st.scan_count, st.help_scan_count + ); + gds__log(str); + } #endif cds::Terminate(); @@ -107,19 +109,23 @@ InitCDS::~InitCDS() MemoryPool::deletePool(m_pool); #ifdef DEBUG_CDS_MEMORY - sprintf(str, "DHP pool stats:\n" - " usage = %llu\n" - " mapping = %llu\n" - " max usage = %llu\n" - " max mapping = %llu\n" - "\n", - m_stats.getCurrentUsage(), - m_stats.getCurrentMapping(), - m_stats.getMaximumUsage(), - m_stats.getMaximumMapping() - ); - - gds__log(str); + { + char str[512]; + snprintf(str, sizeof(str), + "DHP pool stats:\n" + " usage = %llu\n" + " mapping = %llu\n" + " max usage = %llu\n" + " max mapping = %llu\n" + "\n", + m_stats.getCurrentUsage(), + m_stats.getCurrentMapping(), + m_stats.getMaximumUsage(), + m_stats.getMaximumMapping() + ); + + gds__log(str); + } #endif } diff --git a/src/jrd/SysFunction.cpp b/src/jrd/SysFunction.cpp index 047e82def98..7deecf0ef94 100644 --- a/src/jrd/SysFunction.cpp +++ b/src/jrd/SysFunction.cpp @@ -6769,7 +6769,7 @@ dsc* evlUuidToChar(thread_db* tdbb, const SysFunction* function, const NestValue } UCHAR buffer[GUID_BUFF_SIZE]; - sprintf(reinterpret_cast(buffer), + snprintf(reinterpret_cast(buffer), sizeof(buffer), Uuid::STR_FORMAT, data[0], data[1], data[2], data[3], data[4], data[5], data[6], data[7], data[8], data[9], diff --git a/src/jrd/SystemTriggers.epp b/src/jrd/SystemTriggers.epp index fc3d3d407f9..8eaea545c07 100644 --- a/src/jrd/SystemTriggers.epp +++ b/src/jrd/SystemTriggers.epp @@ -1153,7 +1153,8 @@ void beforeInsertUserPrivilege(thread_db* tdbb, Record* record) { MODIFY REL { - sprintf(REL.RDB$SECURITY_CLASS, "%s%" SQUADFORMAT, SQL_SECCLASS_PREFIX, + snprintf(REL.RDB$SECURITY_CLASS, sizeof(REL.RDB$SECURITY_CLASS), + "%s%" SQUADFORMAT, SQL_SECCLASS_PREFIX, DPM_gen_id(tdbb, MET_lookup_generator(tdbb, SQL_SECCLASS_GENERATOR), false, 1)); REL.RDB$SECURITY_CLASS.NULL = FALSE; } @@ -1178,7 +1179,8 @@ void beforeInsertUserPrivilege(thread_db* tdbb, Record* record) { MODIFY RFL6 { - sprintf(RFL6.RDB$SECURITY_CLASS, "%s%" SQUADFORMAT, SQL_FLD_SECCLASS_PREFIX, + snprintf(RFL6.RDB$SECURITY_CLASS, sizeof(RFL6.RDB$SECURITY_CLASS), + "%s%" SQUADFORMAT, SQL_FLD_SECCLASS_PREFIX, DPM_gen_id(tdbb, MET_lookup_generator(tdbb, SQL_SECCLASS_GENERATOR), false, 1)); RFL6.RDB$SECURITY_CLASS.NULL = TRUE; } @@ -1207,7 +1209,8 @@ void beforeInsertUserPrivilege(thread_db* tdbb, Record* record) { MODIFY PRC { - sprintf(PRC.RDB$SECURITY_CLASS, "%s%" SQUADFORMAT, SQL_SECCLASS_PREFIX, + snprintf(PRC.RDB$SECURITY_CLASS, sizeof(PRC.RDB$SECURITY_CLASS), + "%s%" SQUADFORMAT, SQL_SECCLASS_PREFIX, DPM_gen_id(tdbb, MET_lookup_generator(tdbb, SQL_SECCLASS_GENERATOR), false, 1)); PRC.RDB$SECURITY_CLASS.NULL = FALSE; } @@ -1235,7 +1238,8 @@ void beforeInsertUserPrivilege(thread_db* tdbb, Record* record) { MODIFY FUN { - sprintf(FUN.RDB$SECURITY_CLASS, "%s%" SQUADFORMAT, SQL_SECCLASS_PREFIX, + snprintf(FUN.RDB$SECURITY_CLASS, sizeof(FUN.RDB$SECURITY_CLASS), + "%s%" SQUADFORMAT, SQL_SECCLASS_PREFIX, DPM_gen_id(tdbb, MET_lookup_generator(tdbb, SQL_SECCLASS_GENERATOR), false, 1)); FUN.RDB$SECURITY_CLASS.NULL = FALSE; } @@ -1262,7 +1266,8 @@ void beforeInsertUserPrivilege(thread_db* tdbb, Record* record) { MODIFY PKG { - sprintf(PKG.RDB$SECURITY_CLASS, "%s%" SQUADFORMAT, SQL_SECCLASS_PREFIX, + snprintf(PKG.RDB$SECURITY_CLASS, sizeof(PKG.RDB$SECURITY_CLASS), + "%s%" SQUADFORMAT, SQL_SECCLASS_PREFIX, DPM_gen_id(tdbb, MET_lookup_generator(tdbb, SQL_SECCLASS_GENERATOR), false, 1)); PKG.RDB$SECURITY_CLASS.NULL = FALSE; } diff --git a/src/jrd/btr.cpp b/src/jrd/btr.cpp index 53b19a778e9..28e924d5aa5 100644 --- a/src/jrd/btr.cpp +++ b/src/jrd/btr.cpp @@ -3836,7 +3836,7 @@ static ULONG fast_load(thread_db* tdbb, bucket->btr_jump_count = 0; #ifdef DEBUG_BTR_PAGES - sprintf(debugtext, "\t new page (%d)", windows[0].win_page); + snprintf(debugtext, sizeof(debugtext), "\t new page (%d)", windows[0].win_page); gds__log(debugtext); #endif @@ -3971,7 +3971,7 @@ static ULONG fast_load(thread_db* tdbb, split->btr_jump_count = 0; #ifdef DEBUG_BTR_PAGES - sprintf(debugtext, "\t new page (%d), left page (%d)", + snprintf(debugtext, sizeof(debugtext), "\t new page (%d), left page (%d)", split_window.win_page, split->btr_left_sibling); gds__log(debugtext); #endif @@ -3995,7 +3995,8 @@ static ULONG fast_load(thread_db* tdbb, CCH_RELEASE(tdbb, &leafLevel->window); #ifdef DEBUG_BTR_PAGES - sprintf(debugtext, "\t release page (%d), left page (%d), right page (%d)", + snprintf(debugtext, sizeof(debugtext), + "\t release page (%d), left page (%d), right page (%d)", leafLevel->window.win_page, ((btr*) leafLevel->window.win_buffer)->btr_left_sibling, ((btr*) leafLevel->window.win_buffer)->btr_sibling); @@ -4191,7 +4192,7 @@ static ULONG fast_load(thread_db* tdbb, bucket->btr_jump_count = 0; #ifdef DEBUG_BTR_PAGES - sprintf(debugtext, "\t new page (%d)", window->win_page); + snprintf(debugtext, sizeof(debugtext), "\t new page (%d)", window->win_page); gds__log(debugtext); #endif @@ -4286,7 +4287,7 @@ static ULONG fast_load(thread_db* tdbb, split->btr_jump_count = 0; #ifdef DEBUG_BTR_PAGES - sprintf(debugtext, "\t new page (%d), left page (%d)", + snprintf(debugtext, sizeof(debugtext), "\t new page (%d), left page (%d)", split_window.win_page, split->btr_left_sibling); gds__log(debugtext); #endif @@ -4310,7 +4311,8 @@ static ULONG fast_load(thread_db* tdbb, CCH_RELEASE(tdbb, window); #ifdef DEBUG_BTR_PAGES - sprintf(debugtext, "\t release page (%d), left page (%d), right page (%d)", + snprintf(debugtext, sizeof(debugtext), + "\t release page (%d), left page (%d), right page (%d)", window->win_page, ((btr*)window->win_buffer)->btr_left_sibling, ((btr*)window->win_buffer)->btr_sibling); @@ -4446,7 +4448,8 @@ static ULONG fast_load(thread_db* tdbb, CCH_RELEASE(tdbb, &currLevel->window); #ifdef DEBUG_BTR_PAGES - sprintf(debugtext, "\t release page (%d), left page (%d), right page (%d)", + snprintf(debugtext, sizeof(debugtext), + "\t release page (%d), left page (%d), right page (%d)", currLevel->window.win_page, ((btr*) currLevel->window.win_buffer)->btr_left_sibling, ((btr*) currLevel->window.win_buffer)->btr_sibling); diff --git a/src/jrd/cch.cpp b/src/jrd/cch.cpp index 020cf242998..dc4e00d0ac7 100644 --- a/src/jrd/cch.cpp +++ b/src/jrd/cch.cpp @@ -5516,7 +5516,8 @@ class InitPool #ifdef DEBUG_CDS_MEMORY char str[256]; - sprintf(str, "CCH list's common pool stats:\n" + snprintf(str, sizeof(str), + "CCH list's common pool stats:\n" " usage = %llu\n" " mapping = %llu\n" " max usage = %llu\n" diff --git a/src/jrd/err.cpp b/src/jrd/err.cpp index 726aaccdc3c..45b493a2077 100644 --- a/src/jrd/err.cpp +++ b/src/jrd/err.cpp @@ -154,7 +154,7 @@ void ERR_error(int number) TEXT errmsg[MAX_ERRMSG_LEN + 1]; if (gds__msg_lookup(0, FB_IMPL_MSG_FACILITY_JRD_BUGCHK, number, sizeof(errmsg), errmsg, NULL) < 1) - sprintf(errmsg, "error code %d", number); + snprintf(errmsg, sizeof(errmsg), "error code %d", number); ERR_post(Arg::Gds(isc_random) << Arg::Str(errmsg)); } diff --git a/src/jrd/event.cpp b/src/jrd/event.cpp index 1e3c7467cbd..fc0df13a238 100644 --- a/src/jrd/event.cpp +++ b/src/jrd/event.cpp @@ -1109,8 +1109,7 @@ void EventManager::mutex_bugcheck(const TEXT* string, int mutex_state) * **************************************/ TEXT msg[BUFFER_TINY]; - - sprintf(msg, "EVENT: %s error, status = %d", string, mutex_state); + snprintf(msg, sizeof(msg), "EVENT: %s error, status = %d", string, mutex_state); fb_utils::logAndDie(msg); } diff --git a/src/jrd/filters.cpp b/src/jrd/filters.cpp index 2c2b26a2467..a33581aca14 100644 --- a/src/jrd/filters.cpp +++ b/src/jrd/filters.cpp @@ -182,7 +182,7 @@ ISC_STATUS filter_acl(USHORT action, BlobControl* control) if (!status) { - sprintf(line, "ACL version %d", (int) *p++); + snprintf(line, sizeof(line), "ACL version %d", (int) *p++); string_put(control, line); TEXT* out = line; @@ -198,32 +198,32 @@ ISC_STATUS filter_acl(USHORT action, BlobControl* control) while ((c = *p++) != 0) { all_wild = false; - sprintf(out, "%s%.*s, ", acl_ids[c], *p, p + 1); + snprintf(out, sizeof(line) - (out - line), "%s%.*s, ", acl_ids[c], *p, p + 1); p += *p + 1; while (*out) ++out; } if (all_wild) { - sprintf(out, "all users: %s, ", WILD_CARD_UIC); + snprintf(out, sizeof(line) - (out - line), "all users: %s, ", WILD_CARD_UIC); while (*out) ++out; } break; case ACL_priv_list: - sprintf(out, "privileges: ("); + snprintf(out, sizeof(line) - (out - line), "privileges: ("); while (*out) ++out; if ((c = *p++) != 0) { - sprintf(out, "%s", acl_privs[c]); + snprintf(out, sizeof(line) - (out - line), "%s", acl_privs[c]); while (*out) ++out; while ((c = *p++) != 0) { - sprintf(out, ", %s", acl_privs[c]); + snprintf(out, sizeof(line) - (out - line), ", %s", acl_privs[c]); while (*out) ++out; } @@ -481,71 +481,71 @@ ISC_STATUS filter_runtime(USHORT action, BlobControl* control) switch ((rsr_t) buff[0]) { case RSR_field_name: - sprintf(line, " name: %s", p); + snprintf(line, sizeof(line), " name: %s", p); break; case RSR_field_id: - sprintf(line, "Field id: %d", n); + snprintf(line, sizeof(line), "Field id: %d", n); break; case RSR_dimensions: - sprintf(line, "Array dimensions: %d", n); + snprintf(line, sizeof(line), "Array dimensions: %d", n); break; case RSR_array_desc: - sprintf(line, "Array descriptor"); + snprintf(line, sizeof(line), "Array descriptor"); break; case RSR_view_context: - sprintf(line, " view_context: %d", n); + snprintf(line, sizeof(line), " view_context: %d", n); break; case RSR_base_field: - sprintf(line, " base_field: %s", p); + snprintf(line, sizeof(line), " base_field: %s", p); break; case RSR_computed_blr: - sprintf(line, " computed_blr:"); + snprintf(line, sizeof(line), " computed_blr:"); blr = true; break; case RSR_missing_value: - sprintf(line, " missing_value:"); + snprintf(line, sizeof(line), " missing_value:"); blr = true; break; case RSR_default_value: - sprintf(line, " default_value:"); + snprintf(line, sizeof(line), " default_value:"); blr = true; break; case RSR_validation_blr: - sprintf(line, " validation_blr:"); + snprintf(line, sizeof(line), " validation_blr:"); blr = true; break; case RSR_security_class: - sprintf(line, " security_class: %s", p); + snprintf(line, sizeof(line), " security_class: %s", p); break; case RSR_trigger_name: - sprintf(line, " trigger_name: %s", p); + snprintf(line, sizeof(line), " trigger_name: %s", p); break; case RSR_field_not_null: - sprintf(line, " field_not_null"); + snprintf(line, sizeof(line), " field_not_null"); break; case RSR_field_generator_name: - sprintf(line, " field_generator_name: %s", p); + snprintf(line, sizeof(line), " field_generator_name: %s", p); break; case RSR_field_identity_type: - sprintf(line, "Field identity type: %d", n); + snprintf(line, sizeof(line), "Field identity type: %d", n); break; default: - sprintf(line, "*** unknown verb %d ***", (int) buff[0]); + snprintf(line, sizeof(line), "*** unknown verb %d ***", (int) buff[0]); } USHORT strLen = static_cast(strlen(line)); @@ -1174,7 +1174,7 @@ ISC_STATUS filter_trans(USHORT action, BlobControl* control) if (!status) { TEXT line[BUFFER_SMALL]; - sprintf(line, "Transaction description version: %d", (int) *p++); + snprintf(line, sizeof(line), "Transaction description version: %d", (int) *p++); string_put(control, line); TEXT* out = line; const UCHAR* const end = temp + length; @@ -1185,7 +1185,8 @@ ISC_STATUS filter_trans(USHORT action, BlobControl* control) length = *p++; if (p + length > end) { - sprintf(out, "item %d with inconsistent length", (int) p[-1]); + snprintf(out, sizeof(line) - (out - line), "item %d with inconsistent length", + (int) p[-1]); string_put(control, line); goto break_out; } @@ -1193,23 +1194,24 @@ ISC_STATUS filter_trans(USHORT action, BlobControl* control) switch (c) { case TDR_HOST_SITE: - sprintf(out, "Host site: %.*s", length, p); + snprintf(out, sizeof(line) - (out - line), "Host site: %.*s", length, p); break; case TDR_DATABASE_PATH: - sprintf(out, "Database path: %.*s", length, p); + snprintf(out, sizeof(line) - (out - line), "Database path: %.*s", length, p); break; case TDR_REMOTE_SITE: - sprintf(out, " Remote site: %.*s", length, p); + snprintf(out, sizeof(line) - (out - line), " Remote site: %.*s", length, p); break; case TDR_TRANSACTION_ID: - sprintf(out, " Transaction id: %" SQUADFORMAT, isc_portable_integer(p, length)); + snprintf(out, sizeof(line) - (out - line), " Transaction id: %" SQUADFORMAT, + isc_portable_integer(p, length)); break; default: - sprintf(out, "item %d not understood", (int) p[-1]); + snprintf(out, sizeof(line) - (out - line), "item %d not understood", (int) p[-1]); string_put(control, line); goto break_out; } @@ -1286,8 +1288,7 @@ static void dump_blr(void* arg, SSHORT /*offset*/, const char* line) } // Pad out to indent length with spaces - memset(temp, ' ', data_len); - sprintf(temp + data_len, "%s", line); + snprintf(temp, l + 1, "%-*s%s", data_len, "", line); string_put(control, temp); if (temp != buffer) diff --git a/src/jrd/grant.epp b/src/jrd/grant.epp index aabe8453cf8..a6d4ffc6571 100644 --- a/src/jrd/grant.epp +++ b/src/jrd/grant.epp @@ -778,9 +778,10 @@ static SecurityClass::flags_t save_field_privileges(thread_db* tdbb, MODIFY RFR while (!unique) { - sprintf(RFR.RDB$SECURITY_CLASS, "%s%" SQUADFORMAT, SQL_FLD_SECCLASS_PREFIX, + snprintf(RFR.RDB$SECURITY_CLASS, sizeof(RFR.RDB$SECURITY_CLASS), + "%s%" SQUADFORMAT, SQL_FLD_SECCLASS_PREFIX, DPM_gen_id(tdbb, MET_lookup_generator(tdbb, SQL_SECCLASS_GENERATOR), - false, 1)); + false, 1)); unique = true; FOR (REQUEST_HANDLE request3) diff --git a/src/jrd/lck.cpp b/src/jrd/lck.cpp index aecd56df94d..8a3baf6bf8d 100644 --- a/src/jrd/lck.cpp +++ b/src/jrd/lck.cpp @@ -884,9 +884,8 @@ static void bug_lck(const TEXT* string) * and get out. * **************************************/ - TEXT s[128]; - - sprintf(s, "Fatal lock interface error: %.96s", string); + TEXT s[BUFFER_TINY]; + snprintf(s, sizeof(s), "Fatal lock interface error: %s", string); gds__log(s); ERR_post(Arg::Gds(isc_db_corrupt) << Arg::Str(string)); } diff --git a/src/jrd/met.epp b/src/jrd/met.epp index 8d5efc9f1b0..537160d5bc1 100644 --- a/src/jrd/met.epp +++ b/src/jrd/met.epp @@ -481,10 +481,14 @@ void MET_verify_cache(thread_db* tdbb) !(routine->flags & Routine::FLAG_OBSOLETE) && */ routine->useCount < routine->intUseCount) { - char buffer[1024], *buf = buffer; - buf += sprintf(buf, "Procedure %d:%s is not properly counted (use count=%d, prc use=%d). Used by: \n", + string output; + output.reserve(BUFFER_MEDIUM); + char buffer[BUFFER_MEDIUM]; + snprintf(buffer, sizeof(buffer), + "Procedure %d:%s is not properly counted (use count=%d, prc use=%d). Used by:\n", routine->getId(), routine->getName().toString().c_str(), routine->useCount, routine->intUseCount); + output.append(buffer); for (jrd_prc** iter2 = att->att_procedures.begin(); iter2 != att->att_procedures.end(); ++iter2) { @@ -505,10 +509,9 @@ void MET_verify_cache(thread_db* tdbb) if (resource.rsc_routine == routine) { - // Do not enable this code in production builds unless - // the possible B.O. is fixed here. - buf += sprintf(buf, "%d:%s\n", routine2->getId(), + snprintf(buffer, sizeof(buffer), "%d:%s\n", routine2->getId(), routine2->getName().toString().c_str()); + output.append(buffer); } } } @@ -533,16 +536,15 @@ void MET_verify_cache(thread_db* tdbb) if (resource.rsc_routine == routine) { - // Do not enable this code in production builds unless - // the possible B.O. is fixed here. - buf += sprintf(buf, "%d:%s\n", routine2->getId(), + snprintf(buffer, sizeof(buffer), "%d:%s\n", routine2->getId(), routine2->getName().toString().c_str()); + output.append(buffer); } } } } - gds__log(buffer); + gds__log(output.c_str()); fb_assert(false); } } @@ -556,10 +558,14 @@ void MET_verify_cache(thread_db* tdbb) !(routine->flags & Routine::FLAG_OBSOLETE) && */ routine->useCount < routine->intUseCount) { - char buffer[1024], *buf = buffer; - buf += sprintf(buf, "Function %d:%s is not properly counted (use count=%d, func use=%d). Used by: \n", + string output; + output.reserve(BUFFER_LARGE); + char buffer[BUFFER_MEDIUM]; + snprintf(buffer, sizeof(buffer), + "Function %d:%s is not properly counted (use count=%d, func use=%d). Used by:\n", routine->getId(), routine->getName().toString().c_str(), routine->useCount, routine->intUseCount); + output.append(buffer); for (jrd_prc** iter2 = att->att_procedures.begin(); iter2 != att->att_procedures.end(); ++iter2) { @@ -580,10 +586,9 @@ void MET_verify_cache(thread_db* tdbb) if (resource.rsc_routine == routine) { - // Do not enable this code in production builds unless - // the possible B.O. is fixed here. - buf += sprintf(buf, "%d:%s\n", routine2->getId(), + snprintf(buffer, sizeof(buffer), "%d:%s\n", routine2->getId(), routine2->getName().toString().c_str()); + output.append(buffer); } } } @@ -608,16 +613,15 @@ void MET_verify_cache(thread_db* tdbb) if (resource.rsc_routine == routine) { - // Do not enable this code in production builds unless - // the possible B.O. is fixed here. - buf += sprintf(buf, "%d:%s\n", routine2->getId(), + snprintf(buffer, sizeof(buffer), "%d:%s\n", routine2->getId(), routine2->getName().toString().c_str()); + output.append(buffer); } } } } - gds__log(buffer); + gds__log(output.c_str()); fb_assert(false); } } diff --git a/src/jrd/mov.cpp b/src/jrd/mov.cpp index 3f03c8f79cd..fb9a77113a0 100644 --- a/src/jrd/mov.cpp +++ b/src/jrd/mov.cpp @@ -525,19 +525,19 @@ DescPrinter::DescPrinter(thread_db* tdbb, const dsc* desc, FB_SIZE_T mLen, USHOR if (isBinary) { - string hex; - FB_SIZE_T len = value.length(); const bool cut = (len > (maxLen - 3) / 2); // 3 is a length of enclosing symbols: x' and ' if (cut) len = (maxLen - 5) / 2; // 5 is a length of enclosing symbols: x' and ... - char* s = hex.getBuffer(2 * len); // each raw byte represented by 2 chars in string + string hex; + hex.reserve(2 * len); // each raw byte represented by 2 chars in string + char s[3]; for (FB_SIZE_T i = 0; i < len; i++) { - sprintf(s, "%02X", (int)(unsigned char) str[i]); - s += 2; + snprintf(s, sizeof(s), "%02X", (int)(unsigned char) str[i]); + hex.append(s); } value = "x'" + hex + (cut ? "..." : "'"); } diff --git a/src/jrd/par.cpp b/src/jrd/par.cpp index ef08ba112b2..b67d0660492 100644 --- a/src/jrd/par.cpp +++ b/src/jrd/par.cpp @@ -1416,7 +1416,7 @@ SortNode* PAR_sort(thread_db* tdbb, CompilerScratch* csb, UCHAR expectedBlr, if (blrOp != expectedBlr) { char s[20]; - sprintf(s, "blr code %d", expectedBlr); + snprintf(s, sizeof(s), "blr code %d", expectedBlr); PAR_syntax_error(csb, s); } diff --git a/src/jrd/replication/Applier.cpp b/src/jrd/replication/Applier.cpp index c9fae3bf2ea..2ee79db570f 100644 --- a/src/jrd/replication/Applier.cpp +++ b/src/jrd/replication/Applier.cpp @@ -1404,7 +1404,7 @@ void Applier::logConflict(const char* msg, ...) va_list ptr; va_start(ptr, msg); - vsprintf(buffer, msg, ptr); + vsnprintf(buffer, sizeof(buffer), msg, ptr); va_end(ptr); logReplicaWarning(m_database, buffer); diff --git a/src/jrd/replication/Utils.cpp b/src/jrd/replication/Utils.cpp index 7f9ff6fe853..1c3f36fc3bc 100644 --- a/src/jrd/replication/Utils.cpp +++ b/src/jrd/replication/Utils.cpp @@ -223,7 +223,7 @@ namespace Replication va_list ptr; va_start(ptr, msg); - vsprintf(buffer, msg, ptr); + vsnprintf(buffer, sizeof(buffer), msg, ptr); va_end(ptr); Arg::StatusVector error; diff --git a/src/jrd/tra.cpp b/src/jrd/tra.cpp index 08ca415d6ed..e8d2c9e5e10 100644 --- a/src/jrd/tra.cpp +++ b/src/jrd/tra.cpp @@ -990,8 +990,8 @@ void TRA_post_resources(thread_db* tdbb, jrd_tra* transaction, ResourceList& res rsc->rsc_routine->addRef(); #ifdef DEBUG_PROCS { - char buffer[256]; - sprintf(buffer, + char buffer[BUFFER_MEDIUM]; + snprintf(buffer, sizeof(buffer), "Called from TRA_post_resources():\n\t Incrementing use count of %s\n", rsc->rsc_routine->prc_name->c_str()); JRD_print_procedure_info(tdbb, buffer); diff --git a/src/jrd/trace/TraceConfigStorage.cpp b/src/jrd/trace/TraceConfigStorage.cpp index 9027db21e8e..be4f180ae0a 100644 --- a/src/jrd/trace/TraceConfigStorage.cpp +++ b/src/jrd/trace/TraceConfigStorage.cpp @@ -177,9 +177,7 @@ void ConfigStorage::shutdown() void ConfigStorage::mutexBug(int state, const char* string) { TEXT msg[BUFFER_TINY]; - - // While string is kept below length 70, all is well. - sprintf(msg, "ConfigStorage: mutex %s error, status = %d", string, state); + snprintf(msg, sizeof(msg), "ConfigStorage: mutex %s error, status = %d", string, state); fb_utils::logAndDie(msg); } diff --git a/src/jrd/trace/TraceLog.cpp b/src/jrd/trace/TraceLog.cpp index 6484cdc7853..755bcef87da 100644 --- a/src/jrd/trace/TraceLog.cpp +++ b/src/jrd/trace/TraceLog.cpp @@ -299,9 +299,7 @@ void TraceLog::setFullMsg(const char* str) void TraceLog::mutexBug(int state, const char* string) { TEXT msg[BUFFER_TINY]; - - // While string is kept below length 70, all is well. - sprintf(msg, "TraceLog: mutex %s error, status = %d", string, state); + snprintf(msg, sizeof(msg), "TraceLog: mutex %s error, status = %d", string, state); fb_utils::logAndDie(msg); } diff --git a/src/lock/lock.cpp b/src/lock/lock.cpp index 2230c6b478b..e6bcc0444f3 100644 --- a/src/lock/lock.cpp +++ b/src/lock/lock.cpp @@ -1544,7 +1544,7 @@ void LockManager::bug_assert(const TEXT* string, ULONG line) TEXT buffer[MAXPATHLEN + 100]; lhb LOCK_header_copy; - sprintf((char*) buffer, "%s %" ULONGFORMAT": lock assertion failure: %.60s\n", + snprintf(buffer, sizeof(buffer), "%s %" ULONGFORMAT": lock assertion failure: %s\n", __FILE__, line, string); // Copy the shared memory so we can examine its state when we crashed @@ -1569,9 +1569,9 @@ void LockManager::bug(CheckStatusWrapper* statusVector, const TEXT* string) TEXT s[2 * MAXPATHLEN]; #ifdef WIN_NT - sprintf(s, "Fatal lock manager error: %s, errno: %ld", string, ERRNO); + snprintf(s, sizeof(s), "Fatal lock manager error: %s, errno: %ld", string, ERRNO); #else - sprintf(s, "Fatal lock manager error: %s, errno: %d", string, ERRNO); + snprintf(s, sizeof(s), "Fatal lock manager error: %s, errno: %d", string, ERRNO); #endif #if !(defined WIN_NT) @@ -2101,19 +2101,19 @@ lrq* LockManager::get_request(SRQ_PTR offset) * Locate and validate user supplied request offset. * **************************************/ - TEXT s[BUFFER_TINY]; - lrq* request = (lrq*) SRQ_ABS_PTR(offset); if (offset == -1 || request->lrq_type != type_lrq) { - sprintf(s, "invalid lock id (%" SLONGFORMAT")", offset); + TEXT s[BUFFER_TINY]; + snprintf(s, sizeof(s), "invalid lock id (%" SLONGFORMAT")", offset); bug(NULL, s); } const lbl* lock = (lbl*) SRQ_ABS_PTR(request->lrq_lock); if (lock->lbl_type != type_lbl) { - sprintf(s, "invalid lock (%" SLONGFORMAT")", offset); + TEXT s[BUFFER_TINY]; + snprintf(s, sizeof(s), "invalid lock (%" SLONGFORMAT")", offset); bug(NULL, s); } diff --git a/src/lock/print.cpp b/src/lock/print.cpp index fcfc8215687..99484845dea 100644 --- a/src/lock/print.cpp +++ b/src/lock/print.cpp @@ -197,9 +197,10 @@ class HtmlLink HtmlLink(const TEXT* prefix, const SLONG value) { if (sw_html_format && value && prefix) - sprintf(strBuffer, "%6" SLONGFORMAT"", prefix, value, value); + snprintf(strBuffer, sizeof(strBuffer), + "%6" SLONGFORMAT "", prefix, value, value); else - sprintf(strBuffer, "%6" SLONGFORMAT, value); + snprintf(strBuffer, sizeof(strBuffer), "%6" SLONGFORMAT, value); } operator const TEXT*() { @@ -534,7 +535,7 @@ int CLIB_ROUTINE main( int argc, char *argv[]) for (FB_SIZE_T i = 0; i < buffer.getCount(); i++) { char hex[3]; - sprintf(hex, "%02x", (int) buffer[i]); + snprintf(hex, sizeof(hex), "%02x", (int) buffer[i]); file_id.append(hex); } @@ -1324,7 +1325,7 @@ static void prt_lock(OUTFILE outfile, const lhb* LOCK_header, const lbl* lock, U else { char buf[6] = ""; - int n = sprintf(buf, "<%d>", c); + int n = snprintf(buf, sizeof(buf), "<%d>", c); if (n < 1 || p + n >= end_temp) { while (p < end_temp) diff --git a/src/remote/server/os/win32/cntl.cpp b/src/remote/server/os/win32/cntl.cpp index 0ebc14d24fa..0eb614bd215 100644 --- a/src/remote/server/os/win32/cntl.cpp +++ b/src/remote/server/os/win32/cntl.cpp @@ -136,7 +136,7 @@ void CNTL_shutdown_service( const TEXT* message) const char* strings[2]; char buffer[BUFFER_LARGE]; - sprintf(buffer, "%s error: %lu", service_name->c_str(), GetLastError()); + snprintf(buffer, sizeof(buffer), "%s error: %lu", service_name->c_str(), GetLastError()); HANDLE event_source = RegisterEventSource(NULL, service_name->c_str()); if (event_source) diff --git a/src/remote/server/os/win32/property.cpp b/src/remote/server/os/win32/property.cpp index 00ff4cf690b..4930975dc45 100644 --- a/src/remote/server/os/win32/property.cpp +++ b/src/remote/server/os/win32/property.cpp @@ -51,7 +51,7 @@ #include "../common/StatusHolder.h" #include "../jrd/jrd_proto.h" // gds__log() -#include // sprintf() +#include // snprintf() using namespace Firebird; @@ -277,12 +277,12 @@ static void RefreshUserCount(HWND hDlg) ULONG num_att, num_dbs, num_svc; SRVR_enum_attachments(num_att, num_dbs, num_svc); - char szText[BUFFER_MEDIUM]; - sprintf(szText, "%d", num_att); + char szText[20]; + snprintf(szText, sizeof(szText), "%d", num_att); SetDlgItemText(hDlg, IDC_STAT2, szText); - sprintf(szText, "%d", num_dbs); + snprintf(szText, sizeof(szText), "%d", num_dbs); SetDlgItemText(hDlg, IDC_STAT3, szText); - sprintf(szText, "%d", num_svc); + snprintf(szText, sizeof(szText), "%d", num_svc); SetDlgItemText(hDlg, IDC_STAT4, szText); SetCursor(hOldCursor); diff --git a/src/remote/server/os/win32/window.cpp b/src/remote/server/os/win32/window.cpp index b20caf10c69..8813a4975c3 100644 --- a/src/remote/server/os/win32/window.cpp +++ b/src/remote/server/os/win32/window.cpp @@ -411,12 +411,12 @@ BOOL CanEndServer(HWND hWnd) if (usNumAtt) { LoadString(hInstance, IDS_QUIT1, szMsgString1, sizeof(szMsgString1)); - sprintf(szMsgString2, szMsgString1, usNumAtt); + snprintf(szMsgString2, sizeof(szMsgString2), szMsgString1, usNumAtt); } else { LoadString(hInstance, IDS_QUIT2, szMsgString1, sizeof(szMsgString1)); - sprintf(szMsgString2, szMsgString1, usNumSvc); + snprintf(szMsgString2, sizeof(szMsgString2), szMsgString1, usNumSvc); } return (MessageBox(hWnd, szMsgString2, APP_LABEL, MB_ICONQUESTION | MB_OKCANCEL) == IDOK); diff --git a/src/utilities/analyse.cpp b/src/utilities/analyse.cpp index 9aa0ed99d50..3d9b120bbeb 100644 --- a/src/utilities/analyse.cpp +++ b/src/utilities/analyse.cpp @@ -193,7 +193,7 @@ void main( int argc, char **argv) { if (*r > 1 || *w > 1) { - sprintf(string, " Read: %d, write: %d", *r, *w); + snprintf(string, sizeof(string), " Read: %d, write: %d", *r, *w); if (page = db_read(n)) analyse(n, string, page, 0); } diff --git a/src/utilities/drop.cpp b/src/utilities/drop.cpp index 3b8fbc8435c..1f4b13e571c 100644 --- a/src/utilities/drop.cpp +++ b/src/utilities/drop.cpp @@ -171,9 +171,9 @@ static SLONG get_key(const TEXT* filename) TEXT expanded_filename[128], hostname[64]; #ifdef NOHOSTNAME - strcpy(expanded_filename, filename); + strncpy(expanded_filename, filename, std::min(sizeof(expanded_filename), strlen(filename))); #else - sprintf(expanded_filename, filename, ISC_get_host(hostname, sizeof(hostname))); + snprintf(expanded_filename, sizeof(expanded_filename), filename, ISC_get_host(hostname, sizeof(hostname))); #endif // Produce shared memory key for file diff --git a/src/utilities/gstat/dba.epp b/src/utilities/gstat/dba.epp index bcfd1086e75..1edc96512e7 100644 --- a/src/utilities/gstat/dba.epp +++ b/src/utilities/gstat/dba.epp @@ -958,8 +958,6 @@ int gstat(Firebird::UtilSvc* uSvc) // Print results - UCHAR buf[BUFFER_SMALL], buf2[BUFFER_SMALL]; - for (const dba_rel* relation = tddba->relations; relation; relation = relation->rel_next) { if (relation->rel_id == -1) { @@ -980,35 +978,25 @@ int gstat(Firebird::UtilSvc* uSvc) double average = relation->rel_records ? (double) relation->rel_record_space / relation->rel_records : 0.0; - sprintf((char*) buf, "%.2f", average); - uSvc->printf(false, " Average record length: %s, total records: %" UQUADFORMAT "\n", - buf, relation->rel_records); - // dba_print(false, 18, SafeArg() << buf << relation->rel_records); - // msg 18: " Average record length: %s, total records: %ld + uSvc->printf(false, " Average record length: %.2f, total records: %" UQUADFORMAT "\n", + average, relation->rel_records); average = relation->rel_versions ? (double) relation->rel_version_space / relation->rel_versions : 0.0; - sprintf((char*) buf, "%.2f", average); - uSvc->printf(false, " Average version length: %s, total versions: %" UQUADFORMAT ", max versions: %" UQUADFORMAT "\n", - buf, relation->rel_versions, relation->rel_max_versions); - // dba_print(false, 19, SafeArg() << buf << relation->rel_versions << - // relation->rel_max_versions); - // msg 19: " Average version length: %s, total versions: %ld, max versions: %ld + uSvc->printf(false, " Average version length: %.2f, total versions: %" UQUADFORMAT ", max versions: %" UQUADFORMAT "\n", + average, relation->rel_versions, relation->rel_max_versions); average = relation->rel_fragments ? (double) relation->rel_fragment_space / relation->rel_fragments : 0.0; - sprintf((char*) buf, "%.2f", average); - uSvc->printf(false, " Average fragment length: %s, total fragments: %" UQUADFORMAT ", max fragments: %" UQUADFORMAT "\n", - buf, relation->rel_fragments, relation->rel_max_fragments); + uSvc->printf(false, " Average fragment length: %.2f, total fragments: %" UQUADFORMAT ", max fragments: %" UQUADFORMAT "\n", + average, relation->rel_fragments, relation->rel_max_fragments); average = relation->rel_records ? (double) relation->rel_format_space / relation->rel_records : 0.0; - sprintf((char*) buf, "%.2f", average); - average = relation->rel_record_space ? + double average2 = relation->rel_record_space ? (double) relation->rel_format_space / relation->rel_record_space : 0.0; - sprintf((char*) buf2, "%.2f", average); - uSvc->printf(false, " Average unpacked length: %s, compression ratio: %s\n", - buf, buf2); + uSvc->printf(false, " Average unpacked length: %.2f, compression ratio: %.2f\n", + average, average2); } @@ -1018,10 +1006,8 @@ int gstat(Firebird::UtilSvc* uSvc) const double average = (relation->rel_data_pages) ? (double) relation->rel_total_space * 100 / ((double) relation->rel_data_pages * (tddba->page_size - DPG_SIZE)) : 0.0; - sprintf((char*) buf, "%.0f%%", average); - //dba_print(false, 12, SafeArg() << relation->rel_data_pages << relation->rel_slots << buf); - // msg 12: " Data pages: %ld, data page slots: %ld, average fill: %s - uSvc->printf(false, " Data pages: %ld, average fill: %s\n", relation->rel_data_pages, buf); + uSvc->printf(false, " Data pages: %ld, average fill: %.0f%%\n", + relation->rel_data_pages, average); dba_print(false, 46, SafeArg() << relation->rel_primary_pages << relation->rel_data_pages - relation->rel_primary_pages << @@ -1088,36 +1074,34 @@ int gstat(Firebird::UtilSvc* uSvc) { dba_print(false, 14, SafeArg() << index->idx_name << index->idx_id); // msg 14: " Index %s (%d)" - //dba_print(false, 15, SafeArg() << index->idx_depth << index->idx_leaf_buckets << index->idx_nodes); - // msg 15: \tDepth: %d, leaf buckets: %ld, nodes: %ld + uSvc->printf(false, "\tRoot page: %d, depth: %d, leaf buckets: %ld, nodes: %" UQUADFORMAT "\n", index->idx_root, index->idx_depth, index->idx_leaf_buckets, index->idx_nodes); + double average = (index->idx_nodes) ? (double) index->idx_total_length / index->idx_nodes : 0.0; - sprintf((char*) buf, "%.2f", average); - // dba_print(false, 16, SafeArg() << buf << index->idx_total_duplicates << index->idx_max_duplicates); - // msg 16: \tAverage data length: %s, total dup: %ld, max dup: %ld" - uSvc->printf(false, "\tAverage node length: %s, total dup: %" UQUADFORMAT ", max dup: %" UQUADFORMAT "\n", - buf, index->idx_total_duplicates, index->idx_max_duplicates); + uSvc->printf(false, "\tAverage node length: %.2f, total dup: %" UQUADFORMAT ", max dup: %" UQUADFORMAT "\n", + average, index->idx_total_duplicates, index->idx_max_duplicates); + average = (index->idx_nodes) ? (double) index->idx_packed_length / index->idx_nodes : 0.0; - sprintf((char*) buf, "%.2f", average); - average = index->idx_packed_length ? + double average2 = index->idx_packed_length ? (double) index->idx_unpacked_length / index->idx_packed_length : 0.0; - sprintf((char*) buf2, "%.2f", average); - uSvc->printf(false, "\tAverage key length: %s, compression ratio: %s\n", buf, buf2); + uSvc->printf(false, "\tAverage key length: %.2f, compression ratio: %.2f\n", average, + average2); + average = (index->idx_nodes) ? (double) index->idx_prefix_length / index->idx_nodes : 0.0; - sprintf((char*) buf, "%.2f", average); - average = (index->idx_nodes) ? + average2 = (index->idx_nodes) ? (double) index->idx_data_length / index->idx_nodes : 0.0; - sprintf((char*) buf2, "%.2f", average); - uSvc->printf(false, "\tAverage prefix length: %s, average data length: %s\n", buf, buf2); + uSvc->printf(false, "\tAverage prefix length: %.2f, average data length: %.2f\n", average, + average2); + average = (index->idx_nodes) ? (double) index->idx_diff_pages / index->idx_nodes : 0.0; - sprintf((char*) buf, "%.2f", average); - uSvc->printf(false, "\tClustering factor: %" UQUADFORMAT ", ratio: %s\n", - index->idx_diff_pages, buf); + uSvc->printf(false, "\tClustering factor: %" UQUADFORMAT ", ratio: %.2f\n", + index->idx_diff_pages, average); + dba_print(false, 17); // msg 17: \tFill distribution: print_distribution("\t ", index->idx_fill_distribution); @@ -1804,7 +1788,7 @@ static void db_error( SLONG status) sizeof(s), NULL)) { - sprintf(s, "unknown Windows NT error %ld", status); + snprintf(s, sizeof(s), "unknown Windows NT error %ld", status); } if (!tddba->uSvc->isService()) diff --git a/src/utilities/install/services.cpp b/src/utilities/install/services.cpp index 04abff3e491..54ab60417c9 100644 --- a/src/utilities/install/services.cpp +++ b/src/utilities/install/services.cpp @@ -72,7 +72,7 @@ USHORT SERVICES_install(SC_HANDLE manager, char path_name[MAX_PATH * 2]; const char* path_format = (strchr(exe_name, ' ') ? "\"%s\"" : "%s"); - sprintf(path_name, path_format, exe_name); + snprintf(path_name, sizeof(path_name), path_format, exe_name); if (switches) { diff --git a/src/utilities/nbackup/nbackup.cpp b/src/utilities/nbackup/nbackup.cpp index 22bc03b0c3f..29b3731e458 100644 --- a/src/utilities/nbackup/nbackup.cpp +++ b/src/utilities/nbackup/nbackup.cpp @@ -1233,14 +1233,16 @@ void NBackup::backup_database(int level, const string& guidStr, const PathName& char str[200]; if (level > 0) { - sprintf(str, "SELECT RDB$GUID, RDB$SCN FROM RDB$BACKUP_HISTORY " + snprintf(str, sizeof(str), + "SELECT RDB$GUID, RDB$SCN FROM RDB$BACKUP_HISTORY " "WHERE RDB$BACKUP_ID = " "(SELECT MAX(RDB$BACKUP_ID) FROM RDB$BACKUP_HISTORY " "WHERE RDB$BACKUP_LEVEL = %d)", level - 1); } else { - sprintf(str, "SELECT RDB$GUID, RDB$SCN FROM RDB$BACKUP_HISTORY " + snprintf(str, sizeof(str), + "SELECT RDB$GUID, RDB$SCN FROM RDB$BACKUP_HISTORY " "WHERE RDB$GUID = '%s'", guidStr.c_str()); } if (isc_dsql_prepare(status, &trans, &stmt, 0, str, 1, NULL)) diff --git a/src/utilities/ntrace/PluginLogWriter.cpp b/src/utilities/ntrace/PluginLogWriter.cpp index 4a3a057f589..d96b2f926c4 100644 --- a/src/utilities/ntrace/PluginLogWriter.cpp +++ b/src/utilities/ntrace/PluginLogWriter.cpp @@ -267,8 +267,7 @@ void PluginLogWriter::checkErrno(const char* operation) void PluginLogWriter::mutexBug(int state, const TEXT* string) { TEXT msg[BUFFER_TINY]; - - sprintf(msg, "PluginLogWriter: mutex %s error, status = %d", string, state); + snprintf(msg, sizeof(msg), "PluginLogWriter: mutex %s error, status = %d", string, state); fb_utils::logAndDie(msg); } diff --git a/src/utilities/rebuild/rebuild.cpp b/src/utilities/rebuild/rebuild.cpp index 48dbd97967f..9dbbf55006d 100644 --- a/src/utilities/rebuild/rebuild.cpp +++ b/src/utilities/rebuild/rebuild.cpp @@ -433,9 +433,9 @@ static void checksum( rbdb* rbdb, ULONG lower, ULONG upper, bool sw_fix) if (sw_fix) page->pag_checksum = new_checksum; if (new_checksum == old_checksum) - sprintf(s, "checksum %5d is OK", old_checksum); + snprintf(s, sizeof(s), "checksum %5d is OK", old_checksum); else - sprintf(s, "stored checksum %5d\tcomputed checksum %5d\t%s", + snprintf(s, sizeof(s), "stored checksum %5d\tcomputed checksum %5d\t%s", old_checksum, new_checksum, sw_fix ? "fixed" : ""); printf("page %9d\t%s\n", page_number, s); } diff --git a/src/yvalve/gds.cpp b/src/yvalve/gds.cpp index 5b946f67aea..e0b92d7c6df 100644 --- a/src/yvalve/gds.cpp +++ b/src/yvalve/gds.cpp @@ -967,8 +967,8 @@ static SLONG safe_interpret(char* const s, const FB_SIZE_T bufsize, { if (legacy && strchr(messages[i].code_text, '%')) { - sprintf(s, messages[i].code_text, - args[0], args[1], args[2], args[3], args[4]); + snprintf(s, bufsize, messages[i].code_text, + args[0], args[1], args[2], args[3], args[4]); } else MsgFormat::MsgPrint(s, bufsize, messages[i].code_text, safe); @@ -978,7 +978,7 @@ static SLONG safe_interpret(char* const s, const FB_SIZE_T bufsize, } if (!found) { - sprintf(s, "unknown ISC error %" SLONGFORMAT, (SLONG) code); // TXNN + snprintf(s, bufsize, "unknown ISC error %" SLONGFORMAT, (SLONG) code); // TXNN } } } @@ -1003,11 +1003,11 @@ static SLONG safe_interpret(char* const s, const FB_SIZE_T bufsize, break; case isc_arg_dos: - sprintf(s, "unknown dos error %" SLONGFORMAT, (SLONG) code); // TXNN + snprintf(s, bufsize, "unknown dos error %" SLONGFORMAT, (SLONG) code); // TXNN break; case isc_arg_next_mach: - sprintf(s, "next/mach error %" SLONGFORMAT, (SLONG) code); // AP + snprintf(s, bufsize, "next/mach error %" SLONGFORMAT, (SLONG) code); // AP break; case isc_arg_win32: @@ -1019,7 +1019,7 @@ static SLONG safe_interpret(char* const s, const FB_SIZE_T bufsize, s, bufsize, NULL)) #endif { - sprintf(s, "unknown Win32 error %" SLONGFORMAT, (SLONG) code); // TXNN + snprintf(s, bufsize, "unknown Win32 error %" SLONGFORMAT, (SLONG) code); // TXNN } break; @@ -2782,7 +2782,7 @@ void API_ROUTINE isc_print_sqlerror(SSHORT sqlcode, const ISC_STATUS* status) **************************************/ TEXT error_buffer[192]; - sprintf(error_buffer, "SQLCODE: %d\nSQL ERROR:\n", sqlcode); + snprintf(error_buffer, sizeof(error_buffer), "SQLCODE: %d\nSQL ERROR:\n", sqlcode); TEXT* p = error_buffer; while (*p) p++; diff --git a/src/yvalve/perf.cpp b/src/yvalve/perf.cpp index 55fc2deea84..97f32772749 100644 --- a/src/yvalve/perf.cpp +++ b/src/yvalve/perf.cpp @@ -108,117 +108,10 @@ template static int perf_format(const P* before, const P* after, const SCHAR* string, SCHAR* buffer, SSHORT* buf_len) { -/************************************** - * - * P E R F _ f o r m a t - * - ************************************** - * - * Functional description - * Format a buffer with statistical stuff under control of formatting - * string. Substitute in appropriate stuff. Return the length of the - * formatting output. - * - **************************************/ - SCHAR c; - SLONG buffer_length = buf_len ? *buf_len : 0; - SCHAR* p = buffer; - - if (buffer_length < 0) - { - buffer_length = 0; - } - - while ((c = *string++) && c != '$') - { - if (c != '!') - *p++ = c; - else - { - SINT64 delta; - switch (c = *string++) - { - case 'r': - delta = after->perf_reads - before->perf_reads; - break; - case 'w': - delta = after->perf_writes - before->perf_writes; - break; - case 'f': - delta = after->perf_fetches - before->perf_fetches; - break; - case 'm': - delta = after->perf_marks - before->perf_marks; - break; - case 'd': - delta = after->perf_current_memory - before->perf_current_memory; - break; - case 'p': - delta = after->perf_page_size; - break; - case 'b': - delta = after->perf_buffers; - break; - case 'c': - delta = after->perf_current_memory; - break; - case 'x': - delta = after->perf_max_memory; - break; - case 'e': - delta = after->perf_elapsed - before->perf_elapsed; - break; - case 'u': - delta = after->perf_times.tms_utime - before->perf_times.tms_utime; - break; - case 's': - delta = after->perf_times.tms_stime - before->perf_times.tms_stime; - break; - default: - sprintf(p, "?%c?", c); - while (*p) - p++; - } - - switch (c) - { - case 'r': - case 'w': - case 'f': - case 'm': - case 'd': - case 'p': - case 'b': - case 'c': - case 'x': - sprintf(p, "%" SQUADFORMAT, delta); - while (*p) - p++; - break; - - case 'u': - case 's': - sprintf(p, "%" SQUADFORMAT".%.2" SQUADFORMAT, delta / TICK, (delta % TICK) * 100 / TICK); - while (*p) - p++; - break; - - case 'e': - sprintf(p, "%" SQUADFORMAT".%.2" SQUADFORMAT, delta / 100, delta % 100); - while (*p) - p++; - break; - } - } - } - - *p = 0; - const int length = static_cast(p - buffer); - if (buffer_length && (buffer_length -= length) >= 0) { - memset(p, ' ', static_cast(buffer_length)); - } - - return length; + // This method was prone to buffer overflow and is no longer used in the current implementation. + // This stub is left in place as it may get called by older (2.5 or older) ISQL clients loading + // this fbclient.dll. + return 0; }