mprintf: use snprintf if available

This is the single place in libcurl code where it uses the "native" s(n)printf() function. Used for writing floats. The use has been reviewed and vetted and uses a HUGE target buffer, but switching to snprintf() still makes this safer and removes build-time warnings. Reported-by: Philip Heiduck Fixes #9569 Closes #9570
author: Daniel Stenberg <daniel@haxx.se> 2022-09-22 11:52:08 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2022-09-22 23:06:26 +0200
commit: 935b1bd4544a23a91d68ffb9f86983e92747e9a5 (patch)
tree: b31b3868b60c475dd60bc6d9195ecdf57d9c0614 /lib/mprintf.c
parent: bf1571eb6ff24a8299da7da84408da31f0094f66 (diff)
download: curl-935b1bd4544a23a91d68ffb9f86983e92747e9a5.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/mprintf.c b/lib/mprintf.c
index 6bf55f661..24c1dd555 100644
--- a/lib/mprintf.c
+++ b/lib/mprintf.c
@@ -964,7 +964,11 @@ static int dprintf_formatf(
 #endif
         /* NOTE NOTE NOTE!! Not all sprintf implementations return number of
            output characters */
+#ifdef HAVE_SNPRINTF
+        (snprintf)(work, sizeof(work), formatbuf, p->data.dnum);
+#else
         (sprintf)(work, formatbuf, p->data.dnum);
+#endif
 #ifdef __clang__
 #pragma clang diagnostic pop
 #endif
author	Daniel Stenberg <daniel@haxx.se>	2022-09-22 11:52:08 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2022-09-22 23:06:26 +0200
commit	935b1bd4544a23a91d68ffb9f86983e92747e9a5 (patch)
tree	b31b3868b60c475dd60bc6d9195ecdf57d9c0614 /lib/mprintf.c
parent	bf1571eb6ff24a8299da7da84408da31f0094f66 (diff)
download	curl-935b1bd4544a23a91d68ffb9f86983e92747e9a5.tar.gz