From f24ffddbb915121d70d9cb77761339148fce1eec Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Mon, 8 May 2023 23:33:04 +0200
Subject: Stop using sprintf

Switch remaining users to snprintf.
---
 schematron.c | 11 ++++++-----
 xzlib.c      |  5 +++--
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/schematron.c b/schematron.c
index 35a1447e..5946986f 100644
--- a/schematron.c
+++ b/schematron.c
@@ -1508,11 +1508,12 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
                 int size;
 
                 size = snprintf(NULL, 0, "%0g", eval->floatval);
-                buf = (xmlChar*) malloc(size);
-                /* xmlStrPrintf(buf, size, "%0g", eval->floatval); // doesn't work */
-                sprintf((char*) buf, "%0g", eval->floatval);
-                ret = xmlStrcat(ret, buf);
-                free(buf);
+                buf = (xmlChar *) xmlMalloc(size + 1);
+                if (buf != NULL) {
+                    snprintf((char *) buf, size + 1, "%0g", eval->floatval);
+                    ret = xmlStrcat(ret, buf);
+                    xmlFree(buf);
+                }
                 break;
             }
             case XPATH_STRING:
diff --git a/xzlib.c b/xzlib.c
index 5470c4e8..b5d35da8 100644
--- a/xzlib.c
+++ b/xzlib.c
@@ -216,11 +216,12 @@ xzFile
 __libxml2_xzdopen(int fd, const char *mode)
 {
     char *path;                 /* identifier for error messages */
+    size_t path_size = 7 + 3 * sizeof(int);
     xzFile xz;
 
-    if (fd == -1 || (path = xmlMalloc(7 + 3 * sizeof(int))) == NULL)
+    if (fd == -1 || (path = xmlMalloc(path_size)) == NULL)
         return NULL;
-    sprintf(path, "<fd:%d>", fd);       /* for debugging */
+    snprintf(path, path_size, "<fd:%d>", fd);       /* for debugging */
     xz = xz_open(path, fd, mode);
     xmlFree(path);
     return xz;
-- 
cgit v1.2.1