diff options
author | Daniel Stenberg <daniel@haxx.se> | 2022-09-22 11:52:08 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2022-09-22 23:06:26 +0200 |
commit | 935b1bd4544a23a91d68ffb9f86983e92747e9a5 (patch) | |
tree | b31b3868b60c475dd60bc6d9195ecdf57d9c0614 /lib/mprintf.c | |
parent | bf1571eb6ff24a8299da7da84408da31f0094f66 (diff) | |
download | curl-935b1bd4544a23a91d68ffb9f86983e92747e9a5.tar.gz |
mprintf: use snprintf if available
This is the single place in libcurl code where it uses the "native"
s(n)printf() function. Used for writing floats. The use has been
reviewed and vetted and uses a HUGE target buffer, but switching to
snprintf() still makes this safer and removes build-time warnings.
Reported-by: Philip Heiduck
Fixes #9569
Closes #9570
Diffstat (limited to 'lib/mprintf.c')
-rw-r--r-- | lib/mprintf.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/mprintf.c b/lib/mprintf.c index 6bf55f661..24c1dd555 100644 --- a/lib/mprintf.c +++ b/lib/mprintf.c @@ -964,7 +964,11 @@ static int dprintf_formatf( #endif /* NOTE NOTE NOTE!! Not all sprintf implementations return number of output characters */ +#ifdef HAVE_SNPRINTF + (snprintf)(work, sizeof(work), formatbuf, p->data.dnum); +#else (sprintf)(work, formatbuf, p->data.dnum); +#endif #ifdef __clang__ #pragma clang diagnostic pop #endif |