diff --git a/examples/C/bufr_read_scatterometer.c b/examples/C/bufr_read_scatterometer.c index 0709dfc43..42313ed52 100644 --- a/examples/C/bufr_read_scatterometer.c +++ b/examples/C/bufr_read_scatterometer.c @@ -71,7 +71,7 @@ int main(int argc, char* argv[]) printf("Number of values: %ld\n", numObs); /* Get latitude */ - sprintf(key_name, "latitude"); + snprintf(key_name, sizeof(key_name), "latitude"); /* Check the size (including all the subsets) */ CODES_CHECK(codes_get_size(h, key_name, &len), 0); @@ -88,7 +88,7 @@ int main(int argc, char* argv[]) CODES_CHECK(codes_get_double_array(h, key_name, lat, &len), 0); /* Get longitude */ - sprintf(key_name, "longitude"); + snprintf(key_name, sizeof(key_name), "longitude"); /* Check the size (including all the subsets) */ CODES_CHECK(codes_get_size(h, key_name, &len), 0); @@ -102,7 +102,7 @@ int main(int argc, char* argv[]) CODES_CHECK(codes_get_double_array(h, key_name, lon, &len), 0); /* Get backScatter for beam two. We use an access by condition for this key. */ - sprintf(key_name, "/beamIdentifier=2/backscatter"); + snprintf(key_name, sizeof(key_name), "/beamIdentifier=2/backscatter"); /* Check the size (including all the subsets) */ CODES_CHECK(codes_get_size(h, key_name, &len), 0); diff --git a/examples/C/bufr_read_temp.c b/examples/C/bufr_read_temp.c index 32eab7e39..86e84e999 100644 --- a/examples/C/bufr_read_temp.c +++ b/examples/C/bufr_read_temp.c @@ -81,7 +81,7 @@ int main(int argc, char* argv[]) /* we find out the number of temperature significant levels by * counting how many pressure values we have on these levels.*/ - sprintf(key_name, "/verticalSoundingSignificance=4/pressure"); + snprintf(key_name, sizeof(key_name), "/verticalSoundingSignificance=4/pressure"); CODES_CHECK(codes_get_size(h, key_name, &sigt_len), 0); printf("Number of T significant levels: %lu\n", (unsigned long)sigt_len); @@ -94,12 +94,12 @@ int main(int argc, char* argv[]) sigt_td = (double*)malloc(sigt_len * sizeof(double)); /* get pressure */ - sprintf(key_name, "/verticalSoundingSignificance=4/pressure"); + snprintf(key_name, sizeof(key_name), "/verticalSoundingSignificance=4/pressure"); len = sigt_len; CODES_CHECK(codes_get_double_array(h, key_name, sigt_pres, &len), 0); /* get geopotential */ - sprintf(key_name, "/verticalSoundingSignificance=4/nonCoordinateGeopotential"); + snprintf(key_name, sizeof(key_name), "/verticalSoundingSignificance=4/nonCoordinateGeopotential"); /* check the size */ CODES_CHECK(codes_get_size(h, key_name, &len), 0); @@ -120,7 +120,7 @@ int main(int argc, char* argv[]) } /* get the values */ - sprintf(key_name, "/verticalSoundingSignificance=4/airTemperature"); + snprintf(key_name, sizeof(key_name), "/verticalSoundingSignificance=4/airTemperature"); CODES_CHECK(codes_get_double_array(h, key_name, sigt_t, &len), 0); /* get dew point */ @@ -131,7 +131,7 @@ int main(int argc, char* argv[]) } /* get the values */ - sprintf(key_name, "/verticalSoundingSignificance=4/dewpointTemperature"); + snprintf(key_name, sizeof(key_name), "/verticalSoundingSignificance=4/dewpointTemperature"); CODES_CHECK(codes_get_double_array(h, key_name, sigt_td, &len), 0); /* print the values */ diff --git a/examples/C/bufr_read_tempf.c b/examples/C/bufr_read_tempf.c index 378ea0a8d..b8ab06b3c 100644 --- a/examples/C/bufr_read_tempf.c +++ b/examples/C/bufr_read_tempf.c @@ -112,7 +112,7 @@ int main(int argc, char* argv[]) CODES_CHECK(codes_get_long(h, "blockNumber", &blockNumber), 0); CODES_CHECK(codes_get_long(h, "stationNumber", &stationNumber), 0); if (blockNumber < 99 && stationNumber < 1000) - sprintf(statid, "%ld%ld", blockNumber, stationNumber); + snprintf(statid, sizeof(statid), "%ld%ld", blockNumber, stationNumber); CODES_CHECK(codes_get_long(h, "year", &year), 0); CODES_CHECK(codes_get_long(h, "month", &month), 0); CODES_CHECK(codes_get_long(h, "day", &day), 0); diff --git a/examples/C/bufr_subset.c b/examples/C/bufr_subset.c index 191dedc42..66bf695b4 100644 --- a/examples/C/bufr_subset.c +++ b/examples/C/bufr_subset.c @@ -60,28 +60,28 @@ int main(int argc, char* argv[]) /* loop over the subsets */ for (i = 1; i <= numberOfSubsets; i++) { - sprintf(key, "/subsetNumber=%d/blockNumber", i); + snprintf(key, sizeof(key), "/subsetNumber=%d/blockNumber", i); printf(" subsetNumber=%d", i); /* read and print some data values */ CODES_CHECK(codes_get_long(h, key, &longVal), 0); printf(" blockNumber=%ld", longVal); - sprintf(key, "/subsetNumber=%d/stationNumber", i); + snprintf(key, sizeof(key), "/subsetNumber=%d/stationNumber", i); CODES_CHECK(codes_get_long(h, key, &longVal), 0); printf(" stationNumber=%ld", longVal); - sprintf(key, "/subsetNumber=%d/stationOrSiteName->units", i); + snprintf(key, sizeof(key), "/subsetNumber=%d/stationOrSiteName->units", i); CODES_CHECK(codes_get_length(h, key, &stringLen), 0); assert(stringLen == 10); /* should be "CCITT IA5" */ - sprintf(key, "/subsetNumber=%d/stationOrSiteName", i); + snprintf(key, sizeof(key), "/subsetNumber=%d/stationOrSiteName", i); CODES_CHECK(codes_get_length(h, key, &stringLen), 0); CODES_CHECK(codes_get_string(h, key, stringVal, &stringLen), 0); assert(stringLen > 0 && stringLen < 17); printf(" stationOrSiteName=\"%s\"", stringVal); - sprintf(key, "/subsetNumber=%d/airTemperature", i); + snprintf(key, sizeof(key), "/subsetNumber=%d/airTemperature", i); CODES_CHECK(codes_get_double(h, key, &doubleVal), 0); printf(" airTemperature=%g\n", doubleVal); assert(doubleVal > 265 && doubleVal < 278); diff --git a/src/action_class_close.c b/src/action_class_close.c index e3afcd060..75d201635 100644 --- a/src/action_class_close.c +++ b/src/action_class_close.c @@ -73,7 +73,6 @@ static void init_class(grib_action_class* c) grib_action* grib_action_create_close(grib_context* context, char* filename) { char buf[1024]; - grib_action_close* a; grib_action_class* c = grib_action_class_close; grib_action* act = (grib_action*)grib_context_malloc_clear_persistent(context, c->size); @@ -85,7 +84,7 @@ grib_action* grib_action_create_close(grib_context* context, char* filename) a->filename = grib_context_strdup_persistent(context, filename); - sprintf(buf, "close_%p", (void*)a->filename); + snprintf(buf, 1024, "close_%p", (void*)a->filename); act->name = grib_context_strdup_persistent(context, buf); diff --git a/src/action_class_concept.c b/src/action_class_concept.c index b28fee027..2c2938e68 100644 --- a/src/action_class_concept.c +++ b/src/action_class_concept.c @@ -230,6 +230,8 @@ static grib_concept_value* get_concept_impl(grib_handle* h, grib_action_concept* char key[4096] = {0,}; char* full = 0; int id; + const size_t bufLen = sizeof(buf); + const size_t keyLen = sizeof(key); grib_context* context = ((grib_action*)self)->context; grib_concept_value* c = NULL; @@ -240,7 +242,7 @@ static grib_concept_value* get_concept_impl(grib_handle* h, grib_action_concept* Assert(self->masterDir); grib_get_string(h, self->masterDir, masterDir, &lenMasterDir); - sprintf(buf, "%s/%s", masterDir, self->basename); + snprintf(buf, bufLen, "%s/%s", masterDir, self->basename); grib_recompose_name(h, NULL, buf, master, 1); @@ -248,11 +250,11 @@ static grib_concept_value* get_concept_impl(grib_handle* h, grib_action_concept* char localDir[1024] = {0,}; size_t lenLocalDir = 1024; grib_get_string(h, self->localDir, localDir, &lenLocalDir); - sprintf(buf, "%s/%s", localDir, self->basename); + snprintf(buf, bufLen, "%s/%s", localDir, self->basename); grib_recompose_name(h, NULL, buf, local, 1); } - sprintf(key, "%s%s", master, local); + snprintf(key, keyLen, "%s%s", master, local); id = grib_itrie_get_id(h->context->concepts_index, key); if ((c = h->context->concepts[id]) != NULL) @@ -328,7 +330,7 @@ static int concept_condition_expression_true(grib_handle* h, grib_concept_condit ok = (grib_get_long(h, c->name, &lval) == GRIB_SUCCESS) && (lval == lres); if (ok) - sprintf(exprVal, "%ld", lres); + snprintf(exprVal, 64, "%ld", lres); break; case GRIB_TYPE_DOUBLE: { @@ -338,7 +340,7 @@ static int concept_condition_expression_true(grib_handle* h, grib_concept_condit ok = (grib_get_double(h, c->name, &dval) == GRIB_SUCCESS) && (dval == dres); if (ok) - sprintf(exprVal, "%g", dres); + snprintf(exprVal, 64, "%g", dres); break; } @@ -353,7 +355,7 @@ static int concept_condition_expression_true(grib_handle* h, grib_concept_condit ((cval = grib_expression_evaluate_string(h, c->expression, tmp, &size, &err)) != NULL) && (err == 0) && (strcmp(buf, cval) == 0); if (ok) - sprintf(exprVal, "%s", cval); + snprintf(exprVal, 1024, "%s", cval); break; } @@ -399,7 +401,7 @@ int get_concept_condition_string(grib_handle* h, const char* key, const char* va const char* condition_name = concept_condition->name; Assert(expression); if (concept_condition_expression_true(h, concept_condition, exprVal) && strcmp(condition_name, "one") != 0) { - length += sprintf(result + length, "%s%s=%s", + length += snprintf(result + length, 2048, "%s%s=%s", (length == 0 ? "" : ","), condition_name, exprVal); } concept_condition = concept_condition->next; diff --git a/src/action_class_hash_array.c b/src/action_class_hash_array.c index 60c05cf99..557b2242c 100644 --- a/src/action_class_hash_array.c +++ b/src/action_class_hash_array.c @@ -242,7 +242,7 @@ static grib_hash_array_value* get_hash_array_impl(grib_handle* h, grib_action* a Assert(self->masterDir); grib_get_string(h, self->masterDir, masterDir, &lenMasterDir); - sprintf(buf, "%s/%s", masterDir, self->basename); + snprintf(buf, 4096, "%s/%s", masterDir, self->basename); err = grib_recompose_name(h, NULL, buf, master, 1); if (err) { @@ -253,17 +253,17 @@ static grib_hash_array_value* get_hash_array_impl(grib_handle* h, grib_action* a if (self->localDir) { grib_get_string(h, self->localDir, localDir, &lenLocalDir); - sprintf(buf, "%s/%s", localDir, self->basename); + snprintf(buf, 4096, "%s/%s", localDir, self->basename); grib_recompose_name(h, NULL, buf, local, 1); } if (self->ecmfDir) { grib_get_string(h, self->ecmfDir, ecmfDir, &lenEcmfDir); - sprintf(buf, "%s/%s", ecmfDir, self->basename); + snprintf(buf, 4096, "%s/%s", ecmfDir, self->basename); grib_recompose_name(h, NULL, buf, ecmf, 1); } - sprintf(key, "%s%s%s", master, local, ecmf); + snprintf(key, 4096, "%s%s%s", master, local, ecmf); id = grib_itrie_get_id(h->context->hash_array_index, key); if ((c = h->context->hash_array[id]) != NULL) diff --git a/src/action_class_if.c b/src/action_class_if.c index af63e217b..5728579fd 100644 --- a/src/action_class_if.c +++ b/src/action_class_if.c @@ -97,6 +97,7 @@ grib_action* grib_action_create_if(grib_context* context, int lineno, char* file_being_parsed) { char name[1024]; + const size_t nameLen = sizeof(name); grib_action_if* a; grib_action_class* c = grib_action_class_if; grib_action* act = (grib_action*)grib_context_malloc_clear_persistent(context, c->size); @@ -112,9 +113,9 @@ grib_action* grib_action_create_if(grib_context* context, a->transient = transient; if (transient) - sprintf(name, "__if%p", (void*)a); + snprintf(name, nameLen, "__if%p", (void*)a); else - sprintf(name, "_if%p", (void*)a); + snprintf(name, nameLen, "_if%p", (void*)a); act->name = grib_context_strdup_persistent(context, name); act->debug_info = NULL; @@ -122,7 +123,8 @@ grib_action* grib_action_create_if(grib_context* context, /* Construct debug information showing definition file and line */ /* number of IF statement */ char debug_info[1024]; - sprintf(debug_info, "File=%s line=%d", file_being_parsed, lineno); + const size_t infoLen = sizeof(debug_info); + snprintf(debug_info, infoLen, "File=%s line=%d", file_being_parsed, lineno); act->debug_info = grib_context_strdup_persistent(context, debug_info); } diff --git a/src/action_class_noop.c b/src/action_class_noop.c index 2ee753751..1b76204fa 100644 --- a/src/action_class_noop.c +++ b/src/action_class_noop.c @@ -85,7 +85,7 @@ grib_action* grib_action_create_noop(grib_context* context, const char* fname) a = (grib_action_noop*)act; act->context = context; - sprintf(buf, "_noop%p", (void*)a); + snprintf(buf, 1024, "_noop%p", (void*)a); act->name = grib_context_strdup_persistent(context, buf); diff --git a/src/action_class_print.c b/src/action_class_print.c index 14ce99907..4185ef8a3 100644 --- a/src/action_class_print.c +++ b/src/action_class_print.c @@ -79,7 +79,6 @@ static void init_class(grib_action_class* c) grib_action* grib_action_create_print(grib_context* context, const char* name, char* outname) { char buf[1024]; - grib_action_print* a; grib_action_class* c = grib_action_class_print; grib_action* act = (grib_action*)grib_context_malloc_clear_persistent(context, c->size); @@ -105,7 +104,7 @@ grib_action* grib_action_create_print(grib_context* context, const char* name, c fclose(out); } - sprintf(buf, "print%p", (void*)a->name); + snprintf(buf, 1024, "print%p", (void*)a->name); act->name = grib_context_strdup_persistent(context, buf); diff --git a/src/action_class_section.c b/src/action_class_section.c index e16378ac3..0782f4b01 100644 --- a/src/action_class_section.c +++ b/src/action_class_section.c @@ -108,7 +108,7 @@ static int notify_change(grib_action* act, grib_accessor* notified, if (h->context->debug > 0) { char debug_str[1024] = {0,}; if (act->debug_info) { - sprintf(debug_str, " (%s)", act->debug_info); + snprintf(debug_str, 1024, " (%s)", act->debug_info); } grib_context_log(h->context, GRIB_LOG_DEBUG, "------------- SECTION action %s (%s) is triggered by [%s]%s", diff --git a/src/action_class_set.c b/src/action_class_set.c index f133c96ff..f459b1132 100644 --- a/src/action_class_set.c +++ b/src/action_class_set.c @@ -82,7 +82,6 @@ grib_action* grib_action_create_set(grib_context* context, const char* name, grib_expression* expression, int nofail) { char buf[1024]; - grib_action_set* a; grib_action_class* c = grib_action_class_set; grib_action* act = (grib_action*)grib_context_malloc_clear_persistent(context, c->size); @@ -96,8 +95,7 @@ grib_action* grib_action_create_set(grib_context* context, a->name = grib_context_strdup_persistent(context, name); a->nofail = nofail; - - sprintf(buf, "set%p", (void*)expression); + snprintf(buf, 1024, "set%p", (void*)expression); act->name = grib_context_strdup_persistent(context, buf); diff --git a/src/action_class_set_darray.c b/src/action_class_set_darray.c index b739c5f3f..d03a6b3d8 100644 --- a/src/action_class_set_darray.c +++ b/src/action_class_set_darray.c @@ -81,7 +81,6 @@ grib_action* grib_action_create_set_darray(grib_context* context, grib_darray* darray) { char buf[1024]; - grib_action_set_darray* a; grib_action_class* c = grib_action_class_set_darray; grib_action* act = (grib_action*)grib_context_malloc_clear_persistent(context, c->size); @@ -94,8 +93,7 @@ grib_action* grib_action_create_set_darray(grib_context* context, a->darray = darray; a->name = grib_context_strdup_persistent(context, name); - - sprintf(buf, "set_darray%p", (void*)darray); + snprintf(buf, 1024, "set_darray%p", (void*)darray); act->name = grib_context_strdup_persistent(context, buf); diff --git a/src/action_class_set_iarray.c b/src/action_class_set_iarray.c index 444aae488..52d19de04 100644 --- a/src/action_class_set_iarray.c +++ b/src/action_class_set_iarray.c @@ -81,7 +81,6 @@ grib_action* grib_action_create_set_iarray(grib_context* context, grib_iarray* iarray) { char buf[1024]; - grib_action_set_iarray* a; grib_action_class* c = grib_action_class_set_iarray; grib_action* act = (grib_action*)grib_context_malloc_clear_persistent(context, c->size); @@ -94,8 +93,7 @@ grib_action* grib_action_create_set_iarray(grib_context* context, a->iarray = iarray; a->name = grib_context_strdup_persistent(context, name); - - sprintf(buf, "set_iarray%p", (void*)iarray); + snprintf(buf, 1024, "set_iarray%p", (void*)iarray); act->name = grib_context_strdup_persistent(context, buf); diff --git a/src/action_class_set_missing.c b/src/action_class_set_missing.c index 1f33b24ed..7ea93d180 100644 --- a/src/action_class_set_missing.c +++ b/src/action_class_set_missing.c @@ -89,7 +89,7 @@ grib_action* grib_action_create_set_missing(grib_context* context, a->name = grib_context_strdup_persistent(context, name); - sprintf(buf, "set_missing_%s", name); + snprintf(buf, sizeof(buf), "set_missing_%s", name); act->name = grib_context_strdup_persistent(context, buf); diff --git a/src/action_class_set_sarray.c b/src/action_class_set_sarray.c index 3ae50cea2..bca8388a4 100644 --- a/src/action_class_set_sarray.c +++ b/src/action_class_set_sarray.c @@ -94,8 +94,7 @@ grib_action* grib_action_create_set_sarray(grib_context* context, a->sarray = sarray; a->name = grib_context_strdup_persistent(context, name); - - sprintf(buf, "set_sarray%p", (void*)sarray); + snprintf(buf, 1024, "set_sarray%p", (void*)sarray); act->name = grib_context_strdup_persistent(context, buf); diff --git a/src/action_class_switch.c b/src/action_class_switch.c index d4bfece6a..163a2b102 100644 --- a/src/action_class_switch.c +++ b/src/action_class_switch.c @@ -92,6 +92,7 @@ grib_action* grib_action_create_switch(grib_context* context, grib_action* Default) { char name[1024]; + const size_t nameLen = sizeof(name); grib_action_switch* a; grib_action_class* c = grib_action_class_switch; grib_action* act = (grib_action*)grib_context_malloc_clear_persistent(context, c->size); @@ -105,7 +106,7 @@ grib_action* grib_action_create_switch(grib_context* context, a->Case = Case; a->Default = Default; - sprintf(name, "_switch%p", (void*)a); + snprintf(name, nameLen, "_switch%p", (void*)a); act->name = grib_context_strdup_persistent(context, name); diff --git a/src/action_class_trigger.c b/src/action_class_trigger.c index 0e2bb20ad..5debbf38a 100644 --- a/src/action_class_trigger.c +++ b/src/action_class_trigger.c @@ -90,12 +90,13 @@ static void init_class(grib_action_class* c) grib_action* grib_action_create_trigger(grib_context* context, grib_arguments* args, grib_action* block) { char name[1024]; + const size_t nameLen = sizeof(name); grib_action_trigger* a = 0; grib_action_class* c = grib_action_class_trigger; grib_action* act = (grib_action*)grib_context_malloc_clear_persistent(context, c->size); - sprintf(name, "_trigger%p", (void*)act); + snprintf(name, nameLen, "_trigger%p", (void*)act); act->name = grib_context_strdup_persistent(context, name); act->op = grib_context_strdup_persistent(context, "section"); diff --git a/src/action_class_when.c b/src/action_class_when.c index 9059bd9f1..bb80e8da7 100644 --- a/src/action_class_when.c +++ b/src/action_class_when.c @@ -92,6 +92,7 @@ grib_action* grib_action_create_when(grib_context* context, grib_action* block_true, grib_action* block_false) { char name[1024]; + const size_t nameLen = sizeof(name); grib_action_when* a; grib_action_class* c = grib_action_class_when; @@ -106,7 +107,7 @@ grib_action* grib_action_create_when(grib_context* context, a->block_true = block_true; a->block_false = block_false; - sprintf(name, "_when%p", (void*)expression); + snprintf(name, nameLen, "_when%p", (void*)expression); act->name = grib_context_strdup_persistent(context, name); diff --git a/src/action_class_while.c b/src/action_class_while.c index c479e1ee5..4e4348a91 100644 --- a/src/action_class_while.c +++ b/src/action_class_while.c @@ -138,6 +138,7 @@ static int create_accessor(grib_section* p, grib_action* act, grib_loader* h) grib_action* grib_action_create_while(grib_context* context, grib_expression* expression, grib_action* block) { char name[80]; + const size_t nameLen = sizeof(name); grib_action_while* a; grib_action_class* c = grib_action_class_while; grib_action* act = (grib_action*)grib_context_malloc_clear_persistent(context, c->size); @@ -147,7 +148,7 @@ grib_action* grib_action_create_while(grib_context* context, grib_expression* ex act->next = NULL; - sprintf(name, "_while%p", (void*)a); + snprintf(name, nameLen, "_while%p", (void*)a); act->name = grib_context_strdup_persistent(context, name); act->op = grib_context_strdup_persistent(context, "section"); a->expression = expression; diff --git a/src/action_class_write.c b/src/action_class_write.c index 94271e252..6311a9bbb 100644 --- a/src/action_class_write.c +++ b/src/action_class_write.c @@ -82,7 +82,6 @@ static void init_class(grib_action_class* c) grib_action* grib_action_create_write(grib_context* context, const char* name, int append, int padtomultiple) { char buf[1024]; - grib_action_write* a = NULL; grib_action_class* c = grib_action_class_write; grib_action* act = (grib_action*)grib_context_malloc_clear_persistent(context, c->size); @@ -94,7 +93,7 @@ grib_action* grib_action_create_write(grib_context* context, const char* name, i a->name = grib_context_strdup_persistent(context, name); - sprintf(buf, "write%p", (void*)a->name); + snprintf(buf, 1024, "write%p", (void*)a->name); act->name = grib_context_strdup_persistent(context, buf); a->append = append; diff --git a/src/bufr_keys_iterator.c b/src/bufr_keys_iterator.c index 2dd2d492a..ed4219820 100644 --- a/src/bufr_keys_iterator.c +++ b/src/bufr_keys_iterator.c @@ -128,9 +128,10 @@ static int next_attribute(bufr_keys_iterator* kiter) if (kiter->attributes[kiter->i_curr_attribute]) { if (!kiter->prefix) { - kiter->prefix = (char*)grib_context_malloc_clear(kiter->current->context, strlen(kiter->current->name) + 10); + const size_t prefixLenMax = strlen(kiter->current->name) + 10; + kiter->prefix = (char*)grib_context_malloc_clear(kiter->current->context, prefixLenMax); r = (int*)grib_trie_get(kiter->seen, kiter->current->name); - sprintf(kiter->prefix, "#%d#%s", *r, kiter->current->name); + snprintf(kiter->prefix, prefixLenMax, "#%d#%s", *r, kiter->current->name); } kiter->i_curr_attribute++; return 1; @@ -210,11 +211,12 @@ char* codes_bufr_keys_iterator_get_name(const bufr_keys_iterator* ckiter) strcat(ret, kiter->attributes[iattribute]->name); } else { - ret = (char*)grib_context_malloc_clear(c, strlen(kiter->current->name) + 10); + const size_t retMaxLen = strlen(kiter->current->name) + 10; + ret = (char*)grib_context_malloc_clear(c, retMaxLen); if (kiter->current->flags & GRIB_ACCESSOR_FLAG_BUFR_DATA) { r = (int*)grib_trie_get(kiter->seen, kiter->current->name); - sprintf(ret, "#%d#%s", *r, kiter->current->name); + snprintf(ret, retMaxLen, "#%d#%s", *r, kiter->current->name); } else { strcpy(ret, kiter->current->name); diff --git a/src/bufr_util.c b/src/bufr_util.c index 7bd7a8612..23682bef8 100644 --- a/src/bufr_util.c +++ b/src/bufr_util.c @@ -48,8 +48,9 @@ int compute_bufr_key_rank(grib_handle* h, grib_string_list* keys, const char* ke /* This is the first and only instance of the key */ /* So we check if there is a second one of this key, */ /* If not, then rank is zero i.e. this is the only instance */ - char* s = (char*)grib_context_malloc_clear(c, strlen(key) + 5); - sprintf(s, "#2#%s", key); + size_t slen = strlen(key) + 5; + char* s = (char*)grib_context_malloc_clear(c, slen); + snprintf(s, slen, "#2#%s", key); if (grib_get_size(h, s, &size) == GRIB_NOT_FOUND) theRank = 0; grib_context_free(c, s); @@ -791,8 +792,8 @@ static char* codes_bufr_header_get_centre_name(long edition, long centre_code) FILE *f = NULL; const char* defs_path = grib_definition_path(NULL); - if (edition == 3) sprintf(full_path, "%s/common/c-1.table", defs_path); - else if (edition == 4) sprintf(full_path, "%s/common/c-11.table", defs_path); + if (edition == 3) snprintf(full_path, 2014, "%s/common/c-1.table", defs_path); + else if (edition == 4) snprintf(full_path, 2014, "%s/common/c-11.table", defs_path); else return NULL; f = codes_fopen(full_path, "r"); @@ -853,73 +854,73 @@ int codes_bufr_header_get_string(codes_bufr_header* bh, const char* key, char* v Assert(!(bh->ecmwfLocalSectionPresent && !bh->localSectionPresent)); if (strcmp(key, "message_offset") == 0) - *len = sprintf(val, "%lu", bh->message_offset); + *len = snprintf(val, 32, "%lu", bh->message_offset); else if (strcmp(key, "offset") == 0) - *len = sprintf(val, "%lu", bh->message_offset); + *len = snprintf(val, 32, "%lu", bh->message_offset); else if (strcmp(key, "message_size") == 0) - *len = sprintf(val, "%lu", bh->message_size); + *len = snprintf(val, 32, "%lu", bh->message_size); else if (strcmp(key, "totalLength") == 0) - *len = sprintf(val, "%lu", bh->message_size); + *len = snprintf(val, 32, "%lu", bh->message_size); else if (strcmp(key, "edition") == 0) - *len = sprintf(val, "%ld", bh->edition); + *len = snprintf(val, 32, "%ld", bh->edition); else if (strcmp(key, "masterTableNumber") == 0) - *len = sprintf(val, "%ld", bh->masterTableNumber); + *len = snprintf(val, 32, "%ld", bh->masterTableNumber); else if (strcmp(key, "bufrHeaderSubCentre") == 0) - *len = sprintf(val, "%ld", bh->bufrHeaderSubCentre); + *len = snprintf(val, 32, "%ld", bh->bufrHeaderSubCentre); else if (strcmp(key, "bufrHeaderCentre") == 0) - *len = sprintf(val, "%ld", bh->bufrHeaderCentre); + *len = snprintf(val, 32, "%ld", bh->bufrHeaderCentre); else if (strcmp(key, "centre") == 0) { const char* centre_str = codes_bufr_header_get_centre_name(bh->edition, bh->bufrHeaderCentre); if (centre_str) - *len = sprintf(val, "%s", centre_str); + *len = snprintf(val, 32, "%s", centre_str); else - *len = sprintf(val, "%ld", bh->bufrHeaderCentre); + *len = snprintf(val, 32, "%ld", bh->bufrHeaderCentre); } else if (strcmp(key, "updateSequenceNumber") == 0) - *len = sprintf(val, "%ld", bh->updateSequenceNumber); + *len = snprintf(val, 32, "%ld", bh->updateSequenceNumber); else if (strcmp(key, "dataCategory") == 0) - *len = sprintf(val, "%ld", bh->dataCategory); + *len = snprintf(val, 32, "%ld", bh->dataCategory); else if (strcmp(key, "dataSubCategory") == 0) - *len = sprintf(val, "%ld", bh->dataSubCategory); + *len = snprintf(val, 32, "%ld", bh->dataSubCategory); else if (strcmp(key, "masterTablesVersionNumber") == 0) - *len = sprintf(val, "%ld", bh->masterTablesVersionNumber); + *len = snprintf(val, 32, "%ld", bh->masterTablesVersionNumber); else if (strcmp(key, "localTablesVersionNumber") == 0) - *len = sprintf(val, "%ld", bh->localTablesVersionNumber); + *len = snprintf(val, 32, "%ld", bh->localTablesVersionNumber); else if (strcmp(key, "typicalYear") == 0) - *len = sprintf(val, "%ld", bh->typicalYear); + *len = snprintf(val, 32, "%ld", bh->typicalYear); else if (strcmp(key, "typicalMonth") == 0) - *len = sprintf(val, "%ld", bh->typicalMonth); + *len = snprintf(val, 32, "%ld", bh->typicalMonth); else if (strcmp(key, "typicalDay") == 0) - *len = sprintf(val, "%ld", bh->typicalDay); + *len = snprintf(val, 32, "%ld", bh->typicalDay); else if (strcmp(key, "typicalHour") == 0) - *len = sprintf(val, "%ld", bh->typicalHour); + *len = snprintf(val, 32, "%ld", bh->typicalHour); else if (strcmp(key, "typicalMinute") == 0) - *len = sprintf(val, "%ld", bh->typicalMinute); + *len = snprintf(val, 32, "%ld", bh->typicalMinute); else if (strcmp(key, "typicalSecond") == 0) - *len = sprintf(val, "%ld", bh->typicalSecond); + *len = snprintf(val, 32, "%ld", bh->typicalSecond); else if (strcmp(key, "typicalDate") == 0) - *len = sprintf(val, "%06ld", bh->typicalDate); + *len = snprintf(val, 32, "%06ld", bh->typicalDate); else if (strcmp(key, "typicalTime") == 0) - *len = sprintf(val, "%06ld", bh->typicalTime); + *len = snprintf(val, 32, "%06ld", bh->typicalTime); else if (strcmp(key, "internationalDataSubCategory") == 0) - *len = sprintf(val, "%ld", bh->internationalDataSubCategory); + *len = snprintf(val, 32, "%ld", bh->internationalDataSubCategory); else if (strcmp(key, "localSectionPresent") == 0) - *len = sprintf(val, "%ld", bh->localSectionPresent); + *len = snprintf(val, 32, "%ld", bh->localSectionPresent); else if (strcmp(key, "ecmwfLocalSectionPresent") == 0) - *len = sprintf(val, "%ld", bh->ecmwfLocalSectionPresent); + *len = snprintf(val, 32, "%ld", bh->ecmwfLocalSectionPresent); /* Local ECMWF keys. Can be absent so must return NOT_FOUND */ else if (strcmp(key, "rdbType") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->rdbType); + *len = snprintf(val, 32, "%ld", bh->rdbType); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "oldSubtype") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->oldSubtype); + *len = snprintf(val, 32, "%ld", bh->oldSubtype); else strcpy(val, NOT_FOUND); } @@ -927,183 +928,183 @@ int codes_bufr_header_get_string(codes_bufr_header* bh, const char* key, char* v if (!isEcmwfLocal || strlen(bh->ident) == 0) strcpy(val, NOT_FOUND); else - *len = sprintf(val, "%s", bh->ident); + *len = snprintf(val, 32, "%s", bh->ident); } else if (strcmp(key, "localYear") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->localYear); + *len = snprintf(val, 32, "%ld", bh->localYear); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "localMonth") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->localMonth); + *len = snprintf(val, 32, "%ld", bh->localMonth); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "localDay") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->localDay); + *len = snprintf(val, 32, "%ld", bh->localDay); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "localHour") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->localHour); + *len = snprintf(val, 32, "%ld", bh->localHour); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "localMinute") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->localMinute); + *len = snprintf(val, 32, "%ld", bh->localMinute); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "localSecond") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->localSecond); + *len = snprintf(val, 32, "%ld", bh->localSecond); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "rdbtimeDay") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->rdbtimeDay); + *len = snprintf(val, 32, "%ld", bh->rdbtimeDay); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "rdbtimeHour") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->rdbtimeHour); + *len = snprintf(val, 32, "%ld", bh->rdbtimeHour); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "rdbtimeMinute") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->rdbtimeMinute); + *len = snprintf(val, 32, "%ld", bh->rdbtimeMinute); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "rdbtimeSecond") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->rdbtimeSecond); + *len = snprintf(val, 32, "%ld", bh->rdbtimeSecond); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "rectimeDay") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->rectimeDay); + *len = snprintf(val, 32, "%ld", bh->rectimeDay); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "rectimeHour") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->rectimeHour); + *len = snprintf(val, 32, "%ld", bh->rectimeHour); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "rectimeMinute") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->rectimeMinute); + *len = snprintf(val, 32, "%ld", bh->rectimeMinute); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "rectimeSecond") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->rectimeSecond); + *len = snprintf(val, 32, "%ld", bh->rectimeSecond); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "restricted") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->restricted); + *len = snprintf(val, 32, "%ld", bh->restricted); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "isSatellite") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->isSatellite); + *len = snprintf(val, 32, "%ld", bh->isSatellite); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "localLongitude1") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%g", bh->localLongitude1); + *len = snprintf(val, 32, "%g", bh->localLongitude1); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "localLatitude1") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%g", bh->localLatitude1); + *len = snprintf(val, 32, "%g", bh->localLatitude1); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "localLongitude2") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%g", bh->localLongitude2); + *len = snprintf(val, 32, "%g", bh->localLongitude2); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "localLatitude2") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%g", bh->localLatitude2); + *len = snprintf(val, 32, "%g", bh->localLatitude2); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "localLatitude") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%g", bh->localLatitude); + *len = snprintf(val, 32, "%g", bh->localLatitude); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "localLongitude") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%g", bh->localLongitude); + *len = snprintf(val, 32, "%g", bh->localLongitude); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "qualityControl") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->qualityControl); + *len = snprintf(val, 32, "%ld", bh->qualityControl); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "newSubtype") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->newSubtype); + *len = snprintf(val, 32, "%ld", bh->newSubtype); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "rdbSubtype") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->rdbSubtype); + *len = snprintf(val, 32, "%ld", bh->rdbSubtype); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "daLoop") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->daLoop); + *len = snprintf(val, 32, "%ld", bh->daLoop); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "localNumberOfObservations") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->localNumberOfObservations); + *len = snprintf(val, 32, "%ld", bh->localNumberOfObservations); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "satelliteID") == 0) { if (isEcmwfLocal) - *len = sprintf(val, "%ld", bh->satelliteID); + *len = snprintf(val, 32, "%ld", bh->satelliteID); else strcpy(val, NOT_FOUND); } else if (strcmp(key, "numberOfSubsets") == 0) - *len = sprintf(val, "%lu", bh->numberOfSubsets); + *len = snprintf(val, 32, "%lu", bh->numberOfSubsets); else if (strcmp(key, "observedData") == 0) - *len = sprintf(val, "%ld", bh->observedData); + *len = snprintf(val, 32, "%ld", bh->observedData); else if (strcmp(key, "compressedData") == 0) - *len = sprintf(val, "%ld", bh->compressedData); + *len = snprintf(val, 32, "%ld", bh->compressedData); else return GRIB_NOT_FOUND; diff --git a/src/grib_accessor_class_apply_operators.c b/src/grib_accessor_class_apply_operators.c index 16ad4161d..f270b320d 100644 --- a/src/grib_accessor_class_apply_operators.c +++ b/src/grib_accessor_class_apply_operators.c @@ -634,7 +634,7 @@ static void long_to_string(grib_context* c, long* v, size_t len, char** val) size_t i; char tmp[1024] = {0,}; for (i = 0; i < len; i++) { - sprintf(tmp, "%ld", v[i]); + snprintf(tmp, sizeof(tmp), "%ld", v[i]); val[i] = grib_context_strdup(c, tmp); } } @@ -644,7 +644,7 @@ static void double_to_string(grib_context* c, double* v, size_t len, char** val) size_t i; char tmp[1024] = {0,}; for (i = 0; i < len; i++) { - sprintf(tmp, "%g", v[i]); + snprintf(tmp, sizeof(tmp), "%g", v[i]); val[i] = grib_context_strdup(c, tmp); } } diff --git a/src/grib_accessor_class_bitmap.c b/src/grib_accessor_class_bitmap.c index 4eb8d568d..922634318 100644 --- a/src/grib_accessor_class_bitmap.c +++ b/src/grib_accessor_class_bitmap.c @@ -209,7 +209,7 @@ static void dump(grib_accessor* a, grib_dumper* dumper) grib_value_count(a, &len); - sprintf(label, "Bitmap of %ld values", len); + snprintf(label, 1024, "Bitmap of %ld values", len); grib_dump_bytes(dumper, a, label); } diff --git a/src/grib_accessor_class_bits.c b/src/grib_accessor_class_bits.c index 1b2b28ce8..0257f5792 100644 --- a/src/grib_accessor_class_bits.c +++ b/src/grib_accessor_class_bits.c @@ -344,13 +344,13 @@ static int unpack_string(grib_accessor* a, char* v, size_t* len) switch (get_native_type(a)) { case GRIB_TYPE_LONG: ret = unpack_long(a, &lval, &llen); - sprintf(v, "%ld", lval); + snprintf(v, 64, "%ld", lval); *len = strlen(v); break; case GRIB_TYPE_DOUBLE: ret = unpack_double(a, &dval, &llen); - sprintf(v, "%g", dval); + snprintf(v, 64, "%g", dval); *len = strlen(v); break; diff --git a/src/grib_accessor_class_bufr_data_array.c b/src/grib_accessor_class_bufr_data_array.c index 89ca6918a..f2c32fc66 100644 --- a/src/grib_accessor_class_bufr_data_array.c +++ b/src/grib_accessor_class_bufr_data_array.c @@ -2032,7 +2032,7 @@ static grib_accessor* create_accessor_from_descriptor(const grib_accessor* a, gr return NULL; grib_accessor_add_attribute(elementAccessor, attribute, 0); - sprintf(code, "%06ld", self->expanded->v[idx]->code); + snprintf(code, sizeof(code), "%06ld", self->expanded->v[idx]->code); temp_str = grib_context_strdup(a->context, code); attribute = create_attribute_variable("code", section, GRIB_TYPE_STRING, temp_str, 0, 0, flags); if (!attribute) @@ -2092,7 +2092,7 @@ static grib_accessor* create_accessor_from_descriptor(const grib_accessor* a, gr return NULL; grib_accessor_add_attribute(elementAccessor, attribute, 0); - sprintf(code, "%06ld", self->expanded->v[idx]->code); + snprintf(code, sizeof(code), "%06ld", self->expanded->v[idx]->code); attribute = create_attribute_variable("code", section, GRIB_TYPE_STRING, code, 0, 0, flags); if (!attribute) return NULL; @@ -2118,7 +2118,7 @@ static grib_accessor* create_accessor_from_descriptor(const grib_accessor* a, gr return NULL; grib_accessor_add_attribute(elementAccessor, attribute, 0); - sprintf(code, "%06ld", self->expanded->v[idx]->code); + snprintf(code, sizeof(code), "%06ld", self->expanded->v[idx]->code); attribute = create_attribute_variable("code", section, GRIB_TYPE_STRING, code, 0, 0, flags); if (!attribute) return NULL; diff --git a/src/grib_accessor_class_bufr_data_element.c b/src/grib_accessor_class_bufr_data_element.c index a88924c45..37dc46303 100644 --- a/src/grib_accessor_class_bufr_data_element.c +++ b/src/grib_accessor_class_bufr_data_element.c @@ -361,7 +361,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) char sval[32] = {0,}; err = unpack_double(a, &dval, &dlen); if (err) return err; - sprintf(sval, "%g", dval); + snprintf(sval, sizeof(sval), "%g", dval); slen = strlen(sval); if (*len < slen) return GRIB_ARRAY_TOO_SMALL; diff --git a/src/grib_accessor_class_bufr_elements_table.c b/src/grib_accessor_class_bufr_elements_table.c index d1df8bdd1..41dc8f4ec 100644 --- a/src/grib_accessor_class_bufr_elements_table.c +++ b/src/grib_accessor_class_bufr_elements_table.c @@ -216,7 +216,7 @@ static grib_trie* load_bufr_elements_table(grib_accessor* a, int* err) if (*masterDir != 0) { char name[4096] = {0,}; - sprintf(name, "%s/%s", masterDir, self->dictionary); + snprintf(name, 4096, "%s/%s", masterDir, self->dictionary); grib_recompose_name(h, NULL, name, masterRecomposed, 0); filename = grib_context_full_defs_path(c, masterRecomposed); } @@ -226,13 +226,13 @@ static grib_trie* load_bufr_elements_table(grib_accessor* a, int* err) if (*localDir != 0) { char localName[2048] = {0,}; - sprintf(localName, "%s/%s", localDir, self->dictionary); + snprintf(localName, 2048, "%s/%s", localDir, self->dictionary); grib_recompose_name(h, NULL, localName, localRecomposed, 0); localFilename = grib_context_full_defs_path(c, localRecomposed); - sprintf(dictName, "%s:%s", localFilename, filename); + snprintf(dictName, 1024, "%s:%s", localFilename, filename); } else { - sprintf(dictName, "%s", filename); + snprintf(dictName, 1024, "%s", filename); } if (!filename) { @@ -344,12 +344,13 @@ static int bufr_get_from_table(grib_accessor* a, bufr_descriptor* v) int ret = 0; char** list = 0; char code[7] = { 0 }; + const size_t codeLen = sizeof(code); grib_trie* table = load_bufr_elements_table(a, &ret); if (ret) return ret; - sprintf(code, "%06ld", v->code); + snprintf(code, codeLen, "%06ld", v->code); list = (char**)grib_trie_get(table, code); if (!list) diff --git a/src/grib_accessor_class_bufr_extract_area_subsets.c b/src/grib_accessor_class_bufr_extract_area_subsets.c index 46bdf2b18..14d74cafd 100644 --- a/src/grib_accessor_class_bufr_extract_area_subsets.c +++ b/src/grib_accessor_class_bufr_extract_area_subsets.c @@ -219,11 +219,11 @@ static int select_area(grib_accessor* a) ret = grib_get_long(h, self->extractAreaLongitudeRank, &lonRank); if (ret) return ret; - sprintf(lonstr, "#%ld#longitude", lonRank); + snprintf(lonstr, sizeof(lonstr), "#%ld#longitude", lonRank); ret = grib_get_long(h, self->extractAreaLatitudeRank, &latRank); if (ret) return ret; - sprintf(latstr, "#%ld#latitude", latRank); + snprintf(latstr, sizeof(latstr), "#%ld#latitude", latRank); } /* Latitudes */ @@ -244,7 +244,7 @@ static int select_area(grib_accessor* a) else { size_t values_len = 0; for (i = 0; i < numberOfSubsets; ++i) { - sprintf(latstr, "#%ld#latitude", i + 1); + snprintf(latstr, sizeof(latstr), "#%ld#latitude", i + 1); ret = grib_get_size(h, latstr, &values_len); if (ret) return ret; @@ -274,7 +274,7 @@ static int select_area(grib_accessor* a) else { size_t values_len = 0; for (i = 0; i < numberOfSubsets; ++i) { - sprintf(lonstr, "#%ld#longitude", i + 1); + snprintf(lonstr, sizeof(lonstr), "#%ld#longitude", i + 1); ret = grib_get_size(h, lonstr, &values_len); if (ret) return ret; diff --git a/src/grib_accessor_class_bufr_extract_datetime_subsets.c b/src/grib_accessor_class_bufr_extract_datetime_subsets.c index 2658fce54..aed1e56ce 100644 --- a/src/grib_accessor_class_bufr_extract_datetime_subsets.c +++ b/src/grib_accessor_class_bufr_extract_datetime_subsets.c @@ -212,7 +212,7 @@ static int build_long_array(grib_context* c, grib_handle* h, int compressed, size_t values_len = 0; for (i = 0; i < numberOfSubsets; ++i) { long lVal = 0; - sprintf(keystr, "#%ld#%s", i + 1, key); + snprintf(keystr, sizeof(keystr), "#%ld#%s", i + 1, key); err = grib_get_size(h, keystr, &values_len); if (err) return err; @@ -271,32 +271,32 @@ static int select_datetime(grib_accessor* a) ret = grib_get_long(h, "extractDateTimeYearRank", &yearRank); if (ret) return ret; - sprintf(yearstr, "#%ld#year", yearRank); + snprintf(yearstr, sizeof(yearstr), "#%ld#year", yearRank); ret = grib_get_long(h, "extractDateTimeMonthRank", &monthRank); if (ret) return ret; - sprintf(monthstr, "#%ld#month", monthRank); + snprintf(monthstr, sizeof(monthstr), "#%ld#month", monthRank); ret = grib_get_long(h, "extractDateTimeDayRank", &dayRank); if (ret) return ret; - sprintf(daystr, "#%ld#day", dayRank); + snprintf(daystr, sizeof(daystr), "#%ld#day", dayRank); ret = grib_get_long(h, "extractDateTimeHourRank", &hourRank); if (ret) return ret; - sprintf(hourstr, "#%ld#hour", hourRank); + snprintf(hourstr, sizeof(hourstr), "#%ld#hour", hourRank); ret = grib_get_long(h, "extractDateTimeMinuteRank", &minuteRank); if (ret) return ret; - sprintf(minutestr, "#%ld#minute", minuteRank); + snprintf(minutestr, sizeof(minutestr), "#%ld#minute", minuteRank); ret = grib_get_long(h, "extractDateTimeSecondRank", &secondRank); if (ret) return ret; - sprintf(secondstr, "#%ld#second", secondRank); + snprintf(secondstr, sizeof(secondstr), "#%ld#second", secondRank); } /* YEAR */ @@ -348,7 +348,7 @@ static int select_datetime(grib_accessor* a) /* uncompressed */ size_t values_len = 0; for (i = 0; i < numberOfSubsets; ++i) { - sprintf(secondstr, "#%ld#second", i + 1); + snprintf(secondstr, sizeof(secondstr), "#%ld#second", i + 1); ret = grib_get_size(h, secondstr, &values_len); if (ret) { /* no 'second' key */ @@ -383,7 +383,8 @@ static int select_datetime(grib_accessor* a) ret = grib_get_long(h, "extractDateTimeSecondStart", &secondStart); if (ret) secondStart = 0; - sprintf(start_str, "%04ld/%02ld/%02ld %02ld:%02ld:%02ld", yearStart, monthStart, dayStart, hourStart, minuteStart, secondStart); + snprintf(start_str, sizeof(start_str), "%04ld/%02ld/%02ld %02ld:%02ld:%02ld", + yearStart, monthStart, dayStart, hourStart, minuteStart, secondStart); if (c->debug) fprintf(stderr, "ECCODES DEBUG bufr_extract_datetime_subsets: start =%s\n", start_str); julianStart = date_to_julian(yearStart, monthStart, dayStart, hourStart, minuteStart, secondStart); if (julianStart == -1) { @@ -409,7 +410,8 @@ static int select_datetime(grib_accessor* a) ret = grib_get_long(h, "extractDateTimeSecondEnd", &secondEnd); if (ret) secondEnd = 0; - sprintf(end_str, "%04ld/%02ld/%02ld %02ld:%02ld:%02ld", yearEnd, monthEnd, dayEnd, hourEnd, minuteEnd, secondEnd); + snprintf(end_str, sizeof(end_str), "%04ld/%02ld/%02ld %02ld:%02ld:%02ld", + yearEnd, monthEnd, dayEnd, hourEnd, minuteEnd, secondEnd); if (c->debug) fprintf(stderr, "ECCODES DEBUG bufr_extract_datetime_subsets: end =%s\n", end_str); julianEnd = date_to_julian(yearEnd, monthEnd, dayEnd, hourEnd, minuteEnd, secondEnd); if (julianEnd == -1) { @@ -427,7 +429,8 @@ static int select_datetime(grib_accessor* a) fprintf(stderr, "ECCODES WARNING: bufr_extract_datetime_subsets: Key '%s' is missing! Using zero instead\n", secondstr); second[i] = 0; } - sprintf(datetime_str, "%04ld/%02ld/%02ld %02ld:%02ld:%.3f", year[i], month[i], day[i], hour[i], minute[i], second[i]); + snprintf(datetime_str, sizeof(datetime_str), "%04ld/%02ld/%02ld %02ld:%02ld:%.3f", + year[i], month[i], day[i], hour[i], minute[i], second[i]); if (c->debug) fprintf(stderr, "ECCODES DEBUG bufr_extract_datetime_subsets: datetime=%s\n", datetime_str); julianDT = date_to_julian(year[i], month[i], day[i], hour[i], minute[i], second[i]); if (julianDT == -1) { diff --git a/src/grib_accessor_class_bufrdc_expanded_descriptors.c b/src/grib_accessor_class_bufrdc_expanded_descriptors.c index 9b8acd7a4..b284da343 100644 --- a/src/grib_accessor_class_bufrdc_expanded_descriptors.c +++ b/src/grib_accessor_class_bufrdc_expanded_descriptors.c @@ -221,7 +221,7 @@ static int unpack_string_array(grib_accessor* a, char** buffer, size_t* len) unpack_long(a, v, &size); for (i = 0; i < size; i++) { - sprintf(buf, "%06ld", v[i]); + snprintf(buf, sizeof(buf), "%06ld", v[i]); buffer[i] = grib_context_strdup(c, buf); } *len = l; diff --git a/src/grib_accessor_class_bytes.c b/src/grib_accessor_class_bytes.c index 3f26acef3..5ecf84ad0 100644 --- a/src/grib_accessor_class_bytes.c +++ b/src/grib_accessor_class_bytes.c @@ -171,7 +171,7 @@ static int unpack_string(grib_accessor* a, char* v, size_t* len) p = grib_handle_of_accessor(a)->buffer->data + grib_byte_offset(a); for (i = 0; i < length; i++) { - sprintf(s, "%02x", *(p++)); + snprintf(s, INT_MAX, "%02x", *(p++)); s += 2; } diff --git a/src/grib_accessor_class_codetable.c b/src/grib_accessor_class_codetable.c index ef3b716c2..356758a23 100644 --- a/src/grib_accessor_class_codetable.c +++ b/src/grib_accessor_class_codetable.c @@ -322,7 +322,7 @@ static grib_codetable* load_table(grib_accessor_codetable* self) if (*masterDir != 0) { char name[2048] = {0,}; - sprintf(name, "%s/%s", masterDir, self->tablename); + snprintf(name, sizeof(name), "%s/%s", masterDir, self->tablename); grib_recompose_name(h, NULL, name, recomposed, 0); filename = grib_context_full_defs_path(c, recomposed); } @@ -333,7 +333,7 @@ static grib_codetable* load_table(grib_accessor_codetable* self) if (*localDir != 0) { char localName[2048] = {0,}; - sprintf(localName, "%s/%s", localDir, self->tablename); + snprintf(localName, sizeof(localName), "%s/%s", localDir, self->tablename); grib_recompose_name(h, NULL, localName, localRecomposed, 0); localFilename = grib_context_full_defs_path(c, localRecomposed); } @@ -581,7 +581,7 @@ static void dump(grib_accessor* a, grib_dumper* dumper) if (b == value) strcpy(comment, table->entries[value].title); else - sprintf(comment, "%s", table->entries[value].title); + snprintf(comment, sizeof(comment), "%s", table->entries[value].title); if (table->entries[value].units != NULL && grib_inline_strcmp(table->entries[value].units, "unknown")) { strcat(comment, " ("); @@ -635,7 +635,7 @@ static int unpack_string(grib_accessor* a, char* buffer, size_t* len) } else { #if 1 - sprintf(tmp, "%d", (int)value); + snprintf(tmp, sizeof(tmp), "%d", (int)value); #else return GRIB_DECODING_ERROR; #endif diff --git a/src/grib_accessor_class_codetable_title.c b/src/grib_accessor_class_codetable_title.c index 175e4f904..648c5db7e 100644 --- a/src/grib_accessor_class_codetable_title.c +++ b/src/grib_accessor_class_codetable_title.c @@ -184,7 +184,7 @@ static int unpack_string(grib_accessor* a, char* buffer, size_t* len) } else { #if 1 - sprintf(tmp, "%d", (int)value); + snprintf(tmp, sizeof(tmp), "%d", (int)value); #else return GRIB_DECODING_ERROR; #endif diff --git a/src/grib_accessor_class_codetable_units.c b/src/grib_accessor_class_codetable_units.c index a6abb8d33..1f40b46ad 100644 --- a/src/grib_accessor_class_codetable_units.c +++ b/src/grib_accessor_class_codetable_units.c @@ -182,7 +182,7 @@ static int unpack_string(grib_accessor* a, char* buffer, size_t* len) strcpy(tmp, table->entries[value].units); } else { - sprintf(tmp, "%d", (int)value); + snprintf(tmp, sizeof(tmp), "%d", (int)value); } l = strlen(tmp) + 1; diff --git a/src/grib_accessor_class_concept.c b/src/grib_accessor_class_concept.c index dbafe00b4..9fb598f3b 100644 --- a/src/grib_accessor_class_concept.c +++ b/src/grib_accessor_class_concept.c @@ -435,7 +435,7 @@ static int pack_long(grib_accessor* a, const long* val, size_t* len) { char buf[80]; size_t s; - sprintf(buf, "%ld", *val); + snprintf(buf, sizeof(buf), "%ld", *val); #if 0 if(*len > 1) return GRIB_NOT_IMPLEMENTED; diff --git a/src/grib_accessor_class_dictionary.c b/src/grib_accessor_class_dictionary.c index 4651ed321..93da5e4de 100644 --- a/src/grib_accessor_class_dictionary.c +++ b/src/grib_accessor_class_dictionary.c @@ -186,7 +186,7 @@ static grib_trie* load_dictionary(grib_context* c, grib_accessor* a, int* err) if (*masterDir != 0) { char name[2048] = {0,}; char recomposed[2048] = {0,}; - sprintf(name, "%s/%s", masterDir, self->dictionary); + snprintf(name, sizeof(name), "%s/%s", masterDir, self->dictionary); grib_recompose_name(h, NULL, name, recomposed, 0); filename = grib_context_full_defs_path(c, recomposed); } @@ -197,13 +197,13 @@ static grib_trie* load_dictionary(grib_context* c, grib_accessor* a, int* err) if (*localDir != 0) { char localName[2048] = {0,}; char localRecomposed[1024] = {0,}; - sprintf(localName, "%s/%s", localDir, self->dictionary); + snprintf(localName, sizeof(localName), "%s/%s", localDir, self->dictionary); grib_recompose_name(h, NULL, localName, localRecomposed, 0); localFilename = grib_context_full_defs_path(c, localRecomposed); - sprintf(dictName, "%s:%s", localFilename, filename); + snprintf(dictName, sizeof(dictName), "%s:%s", localFilename, filename); } else { - sprintf(dictName, "%s", filename); + snprintf(dictName, sizeof(dictName), "%s", filename); } if (!filename) { diff --git a/src/grib_accessor_class_double.c b/src/grib_accessor_class_double.c index d451be5b1..e9a3430b2 100644 --- a/src/grib_accessor_class_double.c +++ b/src/grib_accessor_class_double.c @@ -149,9 +149,9 @@ static int unpack_string(grib_accessor* a, char* v, size_t* len) grib_unpack_double(a, &val, &l); if ((val == GRIB_MISSING_DOUBLE) && ((a->flags & GRIB_ACCESSOR_FLAG_CAN_BE_MISSING) != 0)) - sprintf(repres, "MISSING"); + snprintf(repres, sizeof(repres), "MISSING"); else - sprintf(repres, "%g", val); + snprintf(repres, sizeof(repres), "%g", val); l = strlen(repres) + 1; diff --git a/src/grib_accessor_class_expanded_descriptors.c b/src/grib_accessor_class_expanded_descriptors.c index 4410a43d7..556afdf15 100644 --- a/src/grib_accessor_class_expanded_descriptors.c +++ b/src/grib_accessor_class_expanded_descriptors.c @@ -672,7 +672,7 @@ static int expand(grib_accessor* a) if (err) return err; - sprintf(key, "%ld_%ld_%ld_%ld_%ld", centre, masterTablesVersionNumber, localTablesVersionNumber, masterTablesNumber, u[0]); + snprintf(key, sizeof(key), "%ld_%ld_%ld_%ld_%ld", centre, masterTablesVersionNumber, localTablesVersionNumber, masterTablesNumber, u[0]); expanded = grib_context_expanded_descriptors_list_get(c, key, u, unexpandedSize); if (expanded) { self->expanded = expanded; diff --git a/src/grib_accessor_class_g1area.c b/src/grib_accessor_class_g1area.c index 22abf5657..13448c6e0 100644 --- a/src/grib_accessor_class_g1area.c +++ b/src/grib_accessor_class_g1area.c @@ -240,7 +240,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) return GRIB_BUFFER_TOO_SMALL; } - sprintf(val, "N:%3.5f W:%3.5f S:%3.5f E:%3.5f", ((float)laf), ((float)lof), ((float)lal), ((float)lol)); + snprintf(val, 1024, "N:%3.5f W:%3.5f S:%3.5f E:%3.5f", ((float)laf), ((float)lof), ((float)lal), ((float)lol)); len[0] = strlen(val); return GRIB_SUCCESS; diff --git a/src/grib_accessor_class_g1date.c b/src/grib_accessor_class_g1date.c index 2acb6491e..425c8a3ed 100644 --- a/src/grib_accessor_class_g1date.c +++ b/src/grib_accessor_class_g1date.c @@ -288,12 +288,12 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) strcpy(tmp, months[month - 1]); } else if (year == 255 && month >= 1 && month <= 12) { - sprintf(tmp, "%s-%02ld", months[month - 1], day); - /* sprintf(tmp,"%02ld-%02ld",month,day); */ + snprintf(tmp, sizeof(tmp), "%s-%02ld", months[month - 1], day); + /* snprintf(tmp,sizeof(tmp),"%02ld-%02ld",month,day); */ } else { long x = ((century - 1) * 100 + year) * 10000 + month * 100 + day; - sprintf(tmp, "%ld", x); + snprintf(tmp, sizeof(tmp), "%ld", x); } l = strlen(tmp) + 1; diff --git a/src/grib_accessor_class_g1day_of_the_year_date.c b/src/grib_accessor_class_g1day_of_the_year_date.c index 795133b80..7b27ca10a 100644 --- a/src/grib_accessor_class_g1day_of_the_year_date.c +++ b/src/grib_accessor_class_g1day_of_the_year_date.c @@ -176,7 +176,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) fullyear = ((century - 1) * 100 + year); fake_day_of_year = ((month - 1) * 30) + day; - sprintf(tmp, "%04ld-%03ld", fullyear, fake_day_of_year); + snprintf(tmp, sizeof(tmp), "%04ld-%03ld", fullyear, fake_day_of_year); l = strlen(tmp) + 1; if (*len < l) { diff --git a/src/grib_accessor_class_g1fcperiod.c b/src/grib_accessor_class_g1fcperiod.c index 8a58208a4..85ccc337f 100644 --- a/src/grib_accessor_class_g1fcperiod.c +++ b/src/grib_accessor_class_g1fcperiod.c @@ -145,13 +145,14 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) { long start = 0, theEnd = 0; char tmp[1024]; + const size_t tmpLen = sizeof(tmp); int err = grib_g1_step_get_steps(a, &start, &theEnd); size_t l = 0; if (err) return err; - sprintf(tmp, "%ld-%ld", start / 24, theEnd / 24); + snprintf(tmp, tmpLen, "%ld-%ld", start / 24, theEnd / 24); /*printf("---- FCPERIOD %s [start:%g, end:%g]",tmp,start,end);*/ l = strlen(tmp) + 1; diff --git a/src/grib_accessor_class_g1step_range.c b/src/grib_accessor_class_g1step_range.c index 0d4911914..b015e6c64 100644 --- a/src/grib_accessor_class_g1step_range.c +++ b/src/grib_accessor_class_g1step_range.c @@ -279,7 +279,7 @@ int grib_g1_step_get_steps(grib_accessor* a, long* start, long* theEnd) return err; } else - sprintf(stepType, "unknown"); + snprintf(stepType, sizeof(stepType), "unknown"); *start = p1; *theEnd = p2; @@ -345,7 +345,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) if (self->step_unit != NULL) grib_get_string(hand, self->step_unit, step_unit_string, &step_unit_string_len); else - sprintf(step_unit_string, "h"); + snprintf(step_unit_string, sizeof(step_unit_string), "h"); if (self->error_on_units) { grib_get_long_internal(hand, self->unit, &unit); @@ -370,7 +370,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) return err; } else - sprintf(stepType, "unknown"); + snprintf(stepType, sizeof(stepType), "unknown"); /* Patch for old forecast probabilities */ if (self->patch_fp_precip) { @@ -378,13 +378,13 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) } if (strcmp(stepType, "instant") == 0) { - sprintf(buf, "%ld", start); + snprintf(buf, sizeof(buf), "%ld", start); } else if ((strcmp(stepType, "avgfc") == 0) || (strcmp(stepType, "avgua") == 0) || (strcmp(stepType, "avgia") == 0) || (strcmp(stepType, "varins") == 0)) { - sprintf(buf, "%ld", start); + snprintf(buf, sizeof(buf), "%ld", start); } else if ( (strcmp(stepType, "accum") == 0) || @@ -399,10 +399,10 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) (strcmp(stepType, "varas") == 0) || (strcmp(stepType, "varad") == 0)) { if (start == theEnd) { - sprintf(buf, "%ld", theEnd); + snprintf(buf, sizeof(buf), "%ld", theEnd); } else { - sprintf(buf, "%ld-%ld", start, theEnd); + snprintf(buf, sizeof(buf), "%ld-%ld", start, theEnd); } } else { @@ -496,7 +496,7 @@ static int pack_string(grib_accessor* a, const char* val, size_t* len) return ret; } else - sprintf(stepType, "unknown"); + snprintf(stepType, sizeof(stepType), "unknown"); if ((ret = grib_set_long_internal(h, "timeRangeIndicatorFromStepRange", -1))) return ret; @@ -673,7 +673,7 @@ static int pack_long(grib_accessor* a, const long* val, size_t* len) return err; } else - sprintf(stepType, "unknown"); + snprintf(stepType, sizeof(stepType), "unknown"); if (self->step_unit != NULL && (err = grib_get_long_internal(grib_handle_of_accessor(a), self->step_unit, &step_unit))) return err; @@ -681,7 +681,7 @@ static int pack_long(grib_accessor* a, const long* val, size_t* len) switch (self->pack_index) { case -1: self->pack_index = -1; - sprintf(buff, "%ld", *val); + snprintf(buff, sizeof(buff), "%ld", *val); return pack_string(a, buff, &bufflen); case 0: self->pack_index = -1; @@ -691,14 +691,14 @@ static int pack_long(grib_accessor* a, const long* val, size_t* len) while (*p != '-' && *p != '\0') p++; if (*p == '-') { - sprintf(buff, "%ld-%s", *val, ++p); + snprintf(buff, sizeof(buff), "%ld-%s", *val, ++p); } else { if (strcmp(stepType, "instant") && strcmp(stepType, "avgd")) { - sprintf(buff, "%ld-%s", *val, sval); + snprintf(buff, sizeof(buff), "%ld-%s", *val, sval); } else { - sprintf(buff, "%ld", *val); + snprintf(buff, sizeof(buff), "%ld", *val); } } return pack_string(a, buff, &bufflen); @@ -711,14 +711,14 @@ static int pack_long(grib_accessor* a, const long* val, size_t* len) p++; if (*p == '-') { *p = '\0'; - sprintf(buff, "%s-%ld", sval, *val); + snprintf(buff, sizeof(buff), "%s-%ld", sval, *val); } else { if (strcmp(stepType, "instant") && strcmp(stepType, "avgd")) { - sprintf(buff, "%s-%ld", sval, *val); + snprintf(buff, sizeof(buff), "%s-%ld", sval, *val); } else { - sprintf(buff, "%ld", *val); + snprintf(buff, sizeof(buff), "%ld", *val); } } return pack_string(a, buff, &bufflen); diff --git a/src/grib_accessor_class_g2step_range.c b/src/grib_accessor_class_g2step_range.c index d16fb5e46..70f26fc2e 100644 --- a/src/grib_accessor_class_g2step_range.c +++ b/src/grib_accessor_class_g2step_range.c @@ -171,7 +171,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) return ret; if (self->endStep == NULL) { - sprintf(buf, "%ld", start); + snprintf(buf, sizeof(buf), "%ld", start); } else { ret = grib_get_long_internal(h, self->endStep, &theEnd); @@ -179,10 +179,10 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) return ret; if (start == theEnd) { - sprintf(buf, "%ld", theEnd); + snprintf(buf, sizeof(buf), "%ld", theEnd); } else { - sprintf(buf, "%ld-%ld", start, theEnd); + snprintf(buf, sizeof(buf), "%ld-%ld", start, theEnd); } } @@ -241,7 +241,7 @@ static int pack_long(grib_accessor* a, const long* val, size_t* len) char buff[100]; size_t bufflen = 100; - sprintf(buff, "%ld", *val); + snprintf(buff, sizeof(buff), "%ld", *val); return pack_string(a, buff, &bufflen); } diff --git a/src/grib_accessor_class_gaussian_grid_name.c b/src/grib_accessor_class_gaussian_grid_name.c index d4298fe61..c7f323999 100644 --- a/src/grib_accessor_class_gaussian_grid_name.c +++ b/src/grib_accessor_class_gaussian_grid_name.c @@ -176,15 +176,15 @@ static int unpack_string(grib_accessor* a, char* v, size_t* len) if ((ret = grib_get_long_internal(a->parent->h, self->isOctahedral, &isOctahedral)) != GRIB_SUCCESS) return ret; if (isOctahedral == 1) { - sprintf(tmp, "O%ld", N); + snprintf(tmp, sizeof(tmp), "O%ld", N); } else { - sprintf(tmp, "N%ld", N); /* Classic */ + snprintf(tmp, sizeof(tmp), "N%ld", N); /* Classic */ } } else { /* Regular gaussian grid */ - sprintf(tmp, "F%ld", N); + snprintf(tmp, sizeof(tmp), "F%ld", N); } length = strlen(tmp) + 1; diff --git a/src/grib_accessor_class_gen.c b/src/grib_accessor_class_gen.c index 0506e6f0a..992203078 100644 --- a/src/grib_accessor_class_gen.c +++ b/src/grib_accessor_class_gen.c @@ -343,7 +343,7 @@ static int unpack_string(grib_accessor* a, char* v, size_t* len) double val = 0.0; size_t l = 1; grib_unpack_double(a, &val, &l); - sprintf(v, "%g", val); + snprintf(v, 64, "%g", val); *len = strlen(v); grib_context_log(a->context, GRIB_LOG_DEBUG, "Casting double %s to string", a->name); return GRIB_SUCCESS; @@ -353,7 +353,7 @@ static int unpack_string(grib_accessor* a, char* v, size_t* len) long val = 0; size_t l = 1; grib_unpack_long(a, &val, &l); - sprintf(v, "%ld", val); + snprintf(v, 64, "%ld", val); *len = strlen(v); grib_context_log(a->context, GRIB_LOG_DEBUG, "Casting long %s to string \n", a->name); return GRIB_SUCCESS; diff --git a/src/grib_accessor_class_getenv.c b/src/grib_accessor_class_getenv.c index 7353914e9..a62258b72 100644 --- a/src/grib_accessor_class_getenv.c +++ b/src/grib_accessor_class_getenv.c @@ -170,7 +170,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) l = strlen(self->value); if (*len < l) return GRIB_ARRAY_TOO_SMALL; - sprintf(val, "%s", self->value); + snprintf(val, 1024, "%s", self->value); *len = strlen(self->value); return GRIB_SUCCESS; diff --git a/src/grib_accessor_class_gts_header.c b/src/grib_accessor_class_gts_header.c index 21f337f07..9b340f465 100644 --- a/src/grib_accessor_class_gts_header.c +++ b/src/grib_accessor_class_gts_header.c @@ -160,7 +160,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) if (h->gts_header == NULL || h->gts_header_len < 8) { if (*len < 8) return GRIB_ARRAY_TOO_SMALL; - sprintf(val, "missing"); + snprintf(val, 1024, "missing"); return GRIB_SUCCESS; } if (*len < h->gts_header_len) diff --git a/src/grib_accessor_class_hash_array.c b/src/grib_accessor_class_hash_array.c index 528c9ba7f..8e330c7b1 100644 --- a/src/grib_accessor_class_hash_array.c +++ b/src/grib_accessor_class_hash_array.c @@ -163,7 +163,7 @@ static int pack_double(grib_accessor* a, const double* val, size_t* len) { grib_accessor_hash_array* self = (grib_accessor_hash_array*)a; char s[200] = {0,}; - sprintf(s, "%g", *val); + snprintf(s, sizeof(s), "%g", *val); self->key = grib_context_strdup(a->context, s); self->ha = 0; return GRIB_SUCCESS; @@ -173,7 +173,7 @@ static int pack_long(grib_accessor* a, const long* val, size_t* len) { grib_accessor_hash_array* self = (grib_accessor_hash_array*)a; char s[200] = {0,}; - sprintf(s, "%ld", *val); + snprintf(s, sizeof(s), "%ld", *val); if (self->key) grib_context_free(a->context, self->key); self->key = grib_context_strdup(a->context, s); diff --git a/src/grib_accessor_class_julian_date.c b/src/grib_accessor_class_julian_date.c index 46b36671c..54f0b436f 100644 --- a/src/grib_accessor_class_julian_date.c +++ b/src/grib_accessor_class_julian_date.c @@ -353,13 +353,13 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) } if (sep[1] != 0 && sep[2] != 0 && sep[3] != 0 && sep[4] != 0) { - sprintf(val, "%04ld%c%02ld%c%02ld%c%02ld%c%02ld%c%02ld", year, sep[0], month, sep[1], day, sep[2], hour, sep[3], minute, sep[4], second); + snprintf(val, 1024, "%04ld%c%02ld%c%02ld%c%02ld%c%02ld%c%02ld", year, sep[0], month, sep[1], day, sep[2], hour, sep[3], minute, sep[4], second); } else if (sep[0] != 0) { - sprintf(val, "%04ld%02ld%02ld%c%02ld%02ld%02ld", year, month, day, sep[0], hour, minute, second); + snprintf(val, 1024, "%04ld%02ld%02ld%c%02ld%02ld%02ld", year, month, day, sep[0], hour, minute, second); } else { - sprintf(val, "%04ld%02ld%02ld%02ld%02ld%02ld", year, month, day, hour, minute, second); + snprintf(val, 1024, "%04ld%02ld%02ld%02ld%02ld%02ld", year, month, day, hour, minute, second); } return ret; } diff --git a/src/grib_accessor_class_ksec1expver.c b/src/grib_accessor_class_ksec1expver.c index f0ecdee9c..06d54f836 100644 --- a/src/grib_accessor_class_ksec1expver.c +++ b/src/grib_accessor_class_ksec1expver.c @@ -212,6 +212,6 @@ static int pack_long(grib_accessor* a, const long* val, size_t* len) { char sval[5] = {0,}; size_t slen = 4; - sprintf(sval, "%04d", (int)(*val)); + snprintf(sval, sizeof(sval), "%04d", (int)(*val)); return pack_string(a, sval, &slen); } diff --git a/src/grib_accessor_class_library_version.c b/src/grib_accessor_class_library_version.c index 181a2cb20..128549983 100644 --- a/src/grib_accessor_class_library_version.c +++ b/src/grib_accessor_class_library_version.c @@ -138,7 +138,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) int minor = ECCODES_MINOR_VERSION; int revision = ECCODES_REVISION_VERSION; - sprintf(result, "%d.%d.%d", major, minor, revision); + snprintf(result, sizeof(result), "%d.%d.%d", major, minor, revision); size = sizeof(result); if (*len < size) diff --git a/src/grib_accessor_class_long.c b/src/grib_accessor_class_long.c index 058c12b46..c3f562be3 100644 --- a/src/grib_accessor_class_long.c +++ b/src/grib_accessor_class_long.c @@ -156,9 +156,9 @@ static int unpack_string(grib_accessor* a, char* v, size_t* len) (void)err; if ((val == GRIB_MISSING_LONG) && ((a->flags & GRIB_ACCESSOR_FLAG_CAN_BE_MISSING) != 0)) - sprintf(repres, "MISSING"); + snprintf(repres, sizeof(repres), "MISSING"); else - sprintf(repres, "%ld", val); + snprintf(repres, sizeof(repres), "%ld", val); l = strlen(repres) + 1; diff --git a/src/grib_accessor_class_lookup.c b/src/grib_accessor_class_lookup.c index 76d4f1b61..8389872cb 100644 --- a/src/grib_accessor_class_lookup.c +++ b/src/grib_accessor_class_lookup.c @@ -181,7 +181,7 @@ static void dump(grib_accessor* a, grib_dumper* dumper) msg[llen] = 0; - sprintf(buf, "%s %lu %ld-%ld", msg, v, (long)a->offset + self->loffset, (long)self->llength); + snprintf(buf, sizeof(buf), "%s %lu %ld-%ld", msg, v, (long)a->offset + self->loffset, (long)self->llength); grib_dump_long(dumper, a, buf); } @@ -209,7 +209,7 @@ static int unpack_string(grib_accessor* a, char* v, size_t* len) int err = unpack_long(a, &lval, &length); if (!err) { char str[5]; - int conv = sprintf(str, "%ld", lval); + int conv = snprintf(str, sizeof(str), "%ld", lval); if (conv == 1) { v[0] = str[0]; } diff --git a/src/grib_accessor_class_mars_param.c b/src/grib_accessor_class_mars_param.c index d863e072f..6eca8913f 100644 --- a/src/grib_accessor_class_mars_param.c +++ b/src/grib_accessor_class_mars_param.c @@ -205,7 +205,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) #endif /*if (table==200) table=128;*/ - sprintf(val, "%ld.%ld", param, table); + snprintf(val, 32, "%ld.%ld", param, table); *len = strlen(val) + 1; return GRIB_SUCCESS; diff --git a/src/grib_accessor_class_mars_step.c b/src/grib_accessor_class_mars_step.c index 2f11db3b9..781b3bebd 100644 --- a/src/grib_accessor_class_mars_step.c +++ b/src/grib_accessor_class_mars_step.c @@ -163,9 +163,9 @@ static int pack_string(grib_accessor* a, const char* val, size_t* len) return ret; if (!strcmp(stepType, "instant")) - sprintf(buf, "%s", val); + snprintf(buf, sizeof(buf), "%s", val); else - sprintf(buf, "0-%s", val); + snprintf(buf, sizeof(buf), "0-%s", val); return grib_pack_string(stepRangeAcc, buf, len); } @@ -212,7 +212,7 @@ static int pack_long(grib_accessor* a, const long* val, size_t* len) char buff[100] = {0,}; size_t bufflen = 100; - sprintf(buff, "%ld", *val); + snprintf(buff, sizeof(buff), "%ld", *val); return pack_string(a, buff, &bufflen); } diff --git a/src/grib_accessor_class_offset_file.c b/src/grib_accessor_class_offset_file.c index b2c88b039..44c9af50b 100644 --- a/src/grib_accessor_class_offset_file.c +++ b/src/grib_accessor_class_offset_file.c @@ -159,7 +159,7 @@ static int unpack_string(grib_accessor* a, char* v, size_t* len) if (err) return err; - sprintf(repres, "%.0f", val); + snprintf(repres, sizeof(repres), "%.0f", val); l = strlen(repres) + 1; if (l > *len) { diff --git a/src/grib_accessor_class_proj_string.c b/src/grib_accessor_class_proj_string.c index adcbbe6b1..37317eebc 100644 --- a/src/grib_accessor_class_proj_string.c +++ b/src/grib_accessor_class_proj_string.c @@ -185,9 +185,9 @@ static int get_earth_shape(grib_handle* h, char* result) if ((err = get_major_minor_axes(h, &major, &minor)) != GRIB_SUCCESS) return err; if (major == minor) - sprintf(result, "+R=%lf", major); /* spherical */ + snprintf(result, 128, "+R=%lf", major); /* spherical */ else - sprintf(result, "+a=%lf +b=%lf", major, minor); /*oblate*/ + snprintf(result, 128, "+a=%lf +b=%lf", major, minor); /*oblate*/ return err; } #if 0 @@ -197,7 +197,7 @@ static int proj_regular_latlon(grib_handle* h, char* result) char shape[64] = {0,}; if ((err = get_earth_shape(h, shape)) != GRIB_SUCCESS) return err; - sprintf(result, "+proj=latlong %s", shape); + snprintf(result, 128, "+proj=latlong %s", shape); return err; } #endif @@ -216,11 +216,11 @@ static int proj_space_view(grib_handle* h, char* result) if ((err = grib_get_double_internal(h, "longitudeOfSubSatellitePointInDegrees", &lonOfSubSatellitePointInDegrees)) != GRIB_SUCCESS) return err; - sprintf(result, "+proj=geos +lon_0=%lf +h=35785831 +x_0=0 +y_0=0 %s", lonOfSubSatellitePointInDegrees, shape); + snprintf(result, 526, "+proj=geos +lon_0=%lf +h=35785831 +x_0=0 +y_0=0 %s", lonOfSubSatellitePointInDegrees, shape); return err; /* Experimental: For now do the same as gdalsrsinfo - hard coded values! */ - sprintf(result, "+proj=geos +lon_0=0 +h=35785831 +x_0=0 +y_0=0 %s", shape); + snprintf(result, 526, "+proj=geos +lon_0=0 +h=35785831 +x_0=0 +y_0=0 %s", shape); return err; #endif } @@ -253,7 +253,7 @@ static int proj_lambert_conformal(grib_handle* h, char* result) return err; if ((err = grib_get_double_internal(h, "LaDInDegrees", &LaDInDegrees)) != GRIB_SUCCESS) return err; - sprintf(result, "+proj=lcc +lon_0=%lf +lat_0=%lf +lat_1=%lf +lat_2=%lf %s", + snprintf(result, 1024, "+proj=lcc +lon_0=%lf +lat_0=%lf +lat_1=%lf +lat_2=%lf %s", LoVInDegrees, LaDInDegrees, Latin1InDegrees, Latin2InDegrees, shape); return err; } @@ -270,7 +270,7 @@ static int proj_lambert_azimuthal_equal_area(grib_handle* h, char* result) return err; if ((err = grib_get_double_internal(h, "centralLongitudeInDegrees", ¢ralLongitude)) != GRIB_SUCCESS) return err; - sprintf(result, "+proj=laea +lon_0=%lf +lat_0=%lf %s", + snprintf(result, 1024, "+proj=laea +lon_0=%lf +lat_0=%lf %s", centralLongitude, standardParallel, shape); return err; } @@ -292,7 +292,7 @@ static int proj_polar_stereographic(grib_handle* h, char* result) if ((err = grib_get_long_internal(h, "projectionCentreFlag", &projectionCentreFlag)) != GRIB_SUCCESS) return err; has_northPole = ((projectionCentreFlag & 128) == 0); - sprintf(result, "+proj=stere +lat_ts=%lf +lat_0=%s +lon_0=%lf +k_0=1 +x_0=0 +y_0=0 %s", + snprintf(result, 1024, "+proj=stere +lat_ts=%lf +lat_0=%s +lon_0=%lf +k_0=1 +x_0=0 +y_0=0 %s", centralLatitude, has_northPole ? "90" : "-90", centralLongitude, shape); return err; } @@ -307,7 +307,7 @@ static int proj_mercator(grib_handle* h, char* result) return err; if ((err = get_earth_shape(h, shape)) != GRIB_SUCCESS) return err; - sprintf(result, "+proj=merc +lat_ts=%lf +lat_0=0 +lon_0=0 +x_0=0 +y_0=0 %s", + snprintf(result, 1024, "+proj=merc +lat_ts=%lf +lat_0=0 +lon_0=0 +x_0=0 +y_0=0 %s", LaDInDegrees, shape); return err; } @@ -347,7 +347,7 @@ static int unpack_string(grib_accessor* a, char* v, size_t* len) if (strcmp(grid_type, pm.gridType) == 0) { found = 1; if (self->endpoint == ENDPOINT_SOURCE) { - sprintf(v, "EPSG:4326"); + snprintf(v, 64, "EPSG:4326"); } else { /* Invoke the appropriate function to get the target proj string */ diff --git a/src/grib_accessor_class_round.c b/src/grib_accessor_class_round.c index cfd729c49..bfc59442a 100644 --- a/src/grib_accessor_class_round.c +++ b/src/grib_accessor_class_round.c @@ -170,7 +170,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) ret = unpack_double(a, &value, &replen); - sprintf(result, "%.3f", value); + snprintf(result, sizeof(result), "%.3f", value); replen = strlen(result) + 1; @@ -181,7 +181,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) *len = replen; - sprintf(val, "%s", result); + snprintf(val, 1024, "%s", result); return ret; } diff --git a/src/grib_accessor_class_section_pointer.c b/src/grib_accessor_class_section_pointer.c index 9622a5953..7a6369263 100644 --- a/src/grib_accessor_class_section_pointer.c +++ b/src/grib_accessor_class_section_pointer.c @@ -181,12 +181,12 @@ static int unpack_string(grib_accessor* a, char* v, size_t* len) p = grib_handle_of_accessor(a)->buffer->data + grib_byte_offset(a); for (i = 0; i < length; i++) { - sprintf (s,"%02x", *(p++)); + snprintf (s,64,"%02x", *(p++)); s+=2; } *len=length; */ - sprintf(v, "%ld_%ld", grib_byte_offset(a), grib_byte_count(a)); + snprintf(v, 64, "%ld_%ld", grib_byte_offset(a), grib_byte_count(a)); return GRIB_SUCCESS; } diff --git a/src/grib_accessor_class_sexagesimal2decimal.c b/src/grib_accessor_class_sexagesimal2decimal.c index 3e50e6ec5..5279bdefd 100644 --- a/src/grib_accessor_class_sexagesimal2decimal.c +++ b/src/grib_accessor_class_sexagesimal2decimal.c @@ -256,7 +256,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) } dd *= dd_sign; - sprintf(buff, "%.2f", dd); + snprintf(buff, sizeof(buff), "%.2f", dd); length = strlen(buff); if (len[0] < length + 1) { diff --git a/src/grib_accessor_class_smart_table.c b/src/grib_accessor_class_smart_table.c index eae37a3be..d2d21e04e 100644 --- a/src/grib_accessor_class_smart_table.c +++ b/src/grib_accessor_class_smart_table.c @@ -249,7 +249,7 @@ static grib_smart_table* load_table(grib_accessor_smart_table* self) if (*masterDir != 0) { char name[2048] = {0,}; - sprintf(name, "%s/%s", masterDir, self->tablename); + snprintf(name, sizeof(name), "%s/%s", masterDir, self->tablename); grib_recompose_name(h, NULL, name, recomposed, 0); filename = grib_context_full_defs_path(c, recomposed); } @@ -260,14 +260,14 @@ static grib_smart_table* load_table(grib_accessor_smart_table* self) if (*localDir != 0) { char localName[2048] = {0,}; - sprintf(localName, "%s/%s", localDir, self->tablename); + snprintf(localName, sizeof(localName), "%s/%s", localDir, self->tablename); grib_recompose_name(h, NULL, localName, localRecomposed, 0); localFilename = grib_context_full_defs_path(c, localRecomposed); } if (*extraDir != 0) { char extraTable[2048] = {0,}; - sprintf(extraTable, "%s/%s", extraDir, self->extraTable); + snprintf(extraTable, sizeof(extraTable), "%s/%s", extraDir, self->extraTable); grib_recompose_name(h, NULL, extraTable, extraRecomposed, 0); extraFilename = grib_context_full_defs_path(c, extraRecomposed); } @@ -453,7 +453,7 @@ static int unpack_string(grib_accessor* a, char* buffer, size_t* len) strcpy(tmp, table->entries[value].abbreviation); } else { - sprintf(tmp, "%d", (int)value); + snprintf(tmp, sizeof(tmp), "%d", (int)value); } l = strlen(tmp) + 1; diff --git a/src/grib_accessor_class_smart_table_column.c b/src/grib_accessor_class_smart_table_column.c index b2edfbef1..66ad1f060 100644 --- a/src/grib_accessor_class_smart_table_column.c +++ b/src/grib_accessor_class_smart_table_column.c @@ -229,7 +229,7 @@ static int unpack_string_array(grib_accessor* a, char** buffer, size_t* len) strcpy(tmp, table->entries[code[i]].column[self->index]); } else { - sprintf(tmp, "%d", (int)code[i]); + snprintf(tmp, sizeof(tmp), "%d", (int)code[i]); } buffer[i] = grib_context_strdup(a->context, tmp); diff --git a/src/grib_accessor_class_sprintf.c b/src/grib_accessor_class_sprintf.c index a66010b0c..d2794d7c3 100644 --- a/src/grib_accessor_class_sprintf.c +++ b/src/grib_accessor_class_sprintf.c @@ -163,7 +163,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) size_t uname_len = 0; uname = grib_arguments_get_string(grib_handle_of_accessor(a), self->args, carg++); - sprintf(result, "%s", ""); + snprintf(result, sizeof(result), "%s", ""); uname_len = strlen(uname); for (i = 0; i < uname_len; i++) { @@ -189,17 +189,17 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) if (ret != GRIB_SUCCESS) return ret; if (is_missing) { - sprintf(tempBuffer, "%sMISSING", result); + snprintf(tempBuffer, sizeof(tempBuffer), "%sMISSING", result); strcpy(result, tempBuffer); } else { /* Not missing so print it */ if (precision != 999) { - sprintf(tempBuffer, "%s%.*ld", result, precision, ires); + snprintf(tempBuffer, sizeof(tempBuffer), "%s%.*ld", result, precision, ires); strcpy(result, tempBuffer); } else { - sprintf(tempBuffer, "%s%ld", result, ires); + snprintf(tempBuffer, sizeof(tempBuffer), "%s%ld", result, ires); strcpy(result, tempBuffer); } } @@ -209,7 +209,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) tempname = grib_arguments_get_name(grib_handle_of_accessor(a), self->args, carg++); if ((ret = grib_get_double_internal(grib_handle_of_accessor(a), tempname, &dres)) != GRIB_SUCCESS) return ret; - sprintf(tempBuffer, "%s%g", result, dres); + snprintf(tempBuffer, sizeof(tempBuffer), "%s%g", result, dres); strcpy(result, tempBuffer); break; @@ -218,13 +218,13 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) tempname = grib_arguments_get_name(grib_handle_of_accessor(a), self->args, carg++); if ((ret = grib_get_string_internal(grib_handle_of_accessor(a), tempname, sres, &replen)) != GRIB_SUCCESS) return ret; - sprintf(tempBuffer, "%s%s", result, sres); + snprintf(tempBuffer, sizeof(tempBuffer), "%s%s", result, sres); strcpy(result, tempBuffer); replen = 1024; } } else { - sprintf(tempBuffer, "%s%c", result, uname[i]); + snprintf(tempBuffer, sizeof(tempBuffer), "%s%c", result, uname[i]); strcpy(result, tempBuffer); } } @@ -237,7 +237,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) } *len = replen; - sprintf(val, "%s", result); + snprintf(val, 1024, "%s", result); return GRIB_SUCCESS; } diff --git a/src/grib_accessor_class_step_human_readable.c b/src/grib_accessor_class_step_human_readable.c index 68136e4e4..d536941de 100644 --- a/src/grib_accessor_class_step_human_readable.c +++ b/src/grib_accessor_class_step_human_readable.c @@ -171,10 +171,10 @@ static int get_step_human_readable(grib_handle* h, char* result, size_t* length) /* sprintf(result, "%ld:%ld:%ld", hour, minute, second); */ if (second) { - sprintf(result, "%ldh %ldm %lds", hour, minute, second); + snprintf(result, 1024, "%ldh %ldm %lds", hour, minute, second); } else { - if (minute) sprintf(result, "%ldh %ldm", hour, minute); - else sprintf(result, "%ldh", hour); + if (minute) snprintf(result, 1024, "%ldh %ldm", hour, minute); + else snprintf(result, 1024, "%ldh", hour); } *length = strlen(result); diff --git a/src/grib_accessor_class_time.c b/src/grib_accessor_class_time.c index f97a1fb5a..f52d23083 100644 --- a/src/grib_accessor_class_time.c +++ b/src/grib_accessor_class_time.c @@ -228,13 +228,13 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) unpack_long(a, &v, &lsize); if (*len < 5) { - grib_context_log(a->context, GRIB_LOG_ERROR, "grib_accessor_time : unpack_string : Buffer too small for %s ", a->name); + grib_context_log(a->context, GRIB_LOG_ERROR, "grib_accessor_time : unpack_string : Buffer too small for %s", a->name); *len = 5; return GRIB_BUFFER_TOO_SMALL; } - sprintf(val, "%04ld", v); + snprintf(val, 64, "%04ld", v); len[0] = 5; return GRIB_SUCCESS; diff --git a/src/grib_accessor_class_trim.c b/src/grib_accessor_class_trim.c index 3671841e3..ef12ca161 100644 --- a/src/grib_accessor_class_trim.c +++ b/src/grib_accessor_class_trim.c @@ -164,7 +164,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) if (err) return err; string_lrtrim(&pInput, self->trim_left, self->trim_right); - sprintf(val, "%s", pInput); + snprintf(val, 1024, "%s", pInput); size = strlen(val); *len = size + 1; return GRIB_SUCCESS; @@ -189,7 +189,7 @@ static int pack_string(grib_accessor* a, const char* val, size_t* len) if ((err = grib_get_string(h, self->input, input, &inputLen)) != GRIB_SUCCESS) return err; - sprintf(buf, "%s", val); + snprintf(buf, sizeof(buf), "%s", val); pBuf = buf; string_lrtrim(&pBuf, self->trim_left, self->trim_right); diff --git a/src/grib_accessor_class_variable.c b/src/grib_accessor_class_variable.c index 9a49a6b09..1183c5f4c 100644 --- a/src/grib_accessor_class_variable.c +++ b/src/grib_accessor_class_variable.c @@ -311,7 +311,7 @@ static int unpack_string(grib_accessor* a, char* val, size_t* len) p = self->cval; } else { - sprintf(p, "%g", self->dval); + snprintf(p, 64, "%g", self->dval); } slen = strlen(p) + 1; @@ -369,7 +369,7 @@ static long byte_count(grib_accessor* a) { if(self->type == GRIB_TYPE_STRING) { return strlen(self->cval) +1; } else { - sprintf(buf,"%g",self->dval); + snprintf(buf,64,"%g",self->dval); printf("========> \"%s\"\n",buf); return strlen(buf)+1; } diff --git a/src/grib_concept_index.c b/src/grib_concept_index.c index 27fc62eb5..9cb8f0d1d 100644 --- a/src/grib_concept_index.c +++ b/src/grib_concept_index.c @@ -112,12 +112,12 @@ static void index_add_conditions(grib_concept_index* index, grib_concept_conditi switch (type) { case GRIB_TYPE_LONG: grib_expression_evaluate_long(0, c->expression, &lres); - sprintf(s, "%ld", lres); + snprintf(s, sizeof(s), "%ld", lres); break; case GRIB_TYPE_DOUBLE: grib_expression_evaluate_double(0, c->expression, &dres); - sprintf(s, "%g", dres); + snprintf(s, sizeof(s), "%g", dres); break; case GRIB_TYPE_STRING: diff --git a/src/grib_context.c b/src/grib_context.c index cf87e2994..8910c380d 100644 --- a/src/grib_context.c +++ b/src/grib_context.c @@ -713,7 +713,7 @@ char* grib_context_full_defs_path(grib_context* c, const char* basename) dir = c->grib_definition_files_dir; while (dir) { - sprintf(full, "%s/%s", dir->value, basename); + snprintf(full, sizeof(full), "%s/%s", dir->value, basename); if (!codes_access(full, F_OK)) { fullpath = (grib_string_list*)grib_context_malloc_clear_persistent(c, sizeof(grib_string_list)); Assert(fullpath); @@ -1054,7 +1054,7 @@ void grib_context_log(const grib_context* c, int level, const char* fmt, ...) const int errsv = errno; va_start(list, fmt); - vsprintf(msg, fmt, list); + vsnprintf(msg, sizeof(msg), fmt, list); va_end(list); if (level & GRIB_LOG_PERROR) { @@ -1085,7 +1085,7 @@ void grib_context_print(const grib_context* c, void* descriptor, const char* fmt char msg[1024]; va_list list; va_start(list, fmt); - vsprintf(msg, fmt, list); + vsnprintf(msg, sizeof(msg), fmt, list); va_end(list); c->print(c, descriptor, msg); } @@ -1241,7 +1241,7 @@ void codes_assertion_failed(const char* message, const char* file, int line) } else { char buffer[10240]; - sprintf(buffer, "ecCodes assertion failed: `%s' in %s:%d", message, file, line); + snprintf(buffer, sizeof(buffer), "ecCodes assertion failed: `%s' in %s:%d", message, file, line); assertion(buffer); } } diff --git a/src/grib_dumper_class_bufr_decode_C.c b/src/grib_dumper_class_bufr_decode_C.c index d15329839..d35fa87b7 100644 --- a/src/grib_dumper_class_bufr_decode_C.c +++ b/src/grib_dumper_class_bufr_decode_C.c @@ -144,7 +144,7 @@ static int destroy(grib_dumper* d) static char* dval_to_string(grib_context* c, double v) { char* sval = (char*)grib_context_malloc_clear(c, sizeof(char) * 40); - sprintf(sval, "%.18e", v); + snprintf(sval, 1024, "%.18e", v); return sval; } @@ -206,7 +206,7 @@ static void dump_values(grib_dumper* d, grib_accessor* a) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -267,7 +267,7 @@ static void dump_values_attribute(grib_dumper* d, grib_accessor* a, const char* char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -304,7 +304,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -354,7 +354,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -410,7 +410,7 @@ static void dump_long_attribute(grib_dumper* d, grib_accessor* a, const char* pr char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -458,7 +458,7 @@ static void dump_double(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -522,7 +522,7 @@ static void dump_string_array(grib_dumper* d, grib_accessor* a, const char* comm if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -583,7 +583,7 @@ static void dump_string(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; diff --git a/src/grib_dumper_class_bufr_decode_filter.c b/src/grib_dumper_class_bufr_decode_filter.c index 555ab5037..b044db208 100644 --- a/src/grib_dumper_class_bufr_decode_filter.c +++ b/src/grib_dumper_class_bufr_decode_filter.c @@ -186,7 +186,7 @@ static void dump_values(grib_dumper* d, grib_accessor* a) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -232,7 +232,7 @@ static void dump_values_attribute(grib_dumper* d, grib_accessor* a, const char* if (self->isLeaf == 0) { char* prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -269,7 +269,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -312,7 +312,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -339,7 +339,7 @@ static void dump_long_attribute(grib_dumper* d, grib_accessor* a, const char* pr if (self->isLeaf == 0) { char* prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -384,7 +384,7 @@ static void dump_double(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -437,7 +437,7 @@ static void dump_string_array(grib_dumper* d, grib_accessor* a, const char* comm if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -497,7 +497,7 @@ static void dump_string(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; diff --git a/src/grib_dumper_class_bufr_decode_fortran.c b/src/grib_dumper_class_bufr_decode_fortran.c index 9695f3388..7fa5f5f00 100644 --- a/src/grib_dumper_class_bufr_decode_fortran.c +++ b/src/grib_dumper_class_bufr_decode_fortran.c @@ -189,7 +189,7 @@ static void dump_values(grib_dumper* d, grib_accessor* a) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -237,7 +237,7 @@ static void dump_values_attribute(grib_dumper* d, grib_accessor* a, const char* char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -274,7 +274,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -319,7 +319,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024,"#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -369,7 +369,7 @@ static void dump_long_attribute(grib_dumper* d, grib_accessor* a, const char* pr char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024,"%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -413,7 +413,7 @@ static void dump_double(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -466,7 +466,7 @@ static void dump_string_array(grib_dumper* d, grib_accessor* a, const char* comm if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -526,7 +526,7 @@ static void dump_string(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; diff --git a/src/grib_dumper_class_bufr_decode_python.c b/src/grib_dumper_class_bufr_decode_python.c index 9ea5987f8..26c5d69c8 100644 --- a/src/grib_dumper_class_bufr_decode_python.c +++ b/src/grib_dumper_class_bufr_decode_python.c @@ -144,7 +144,7 @@ static int destroy(grib_dumper* d) static char* dval_to_string(const grib_context* c, double v) { char* sval = (char*)grib_context_malloc_clear(c, sizeof(char) * 40); - sprintf(sval, "%.18e", v); + snprintf(sval, 1024, "%.18e", v); return sval; } @@ -199,7 +199,7 @@ static void dump_values(grib_dumper* d, grib_accessor* a) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -253,7 +253,7 @@ static void dump_values_attribute(grib_dumper* d, grib_accessor* a, const char* char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -290,7 +290,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -333,7 +333,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -381,7 +381,7 @@ static void dump_long_attribute(grib_dumper* d, grib_accessor* a, const char* pr char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -429,7 +429,7 @@ static void dump_double(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -479,7 +479,7 @@ static void dump_string_array(grib_dumper* d, grib_accessor* a, const char* comm if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -537,7 +537,7 @@ static void dump_string(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; diff --git a/src/grib_dumper_class_bufr_encode_C.c b/src/grib_dumper_class_bufr_encode_C.c index f88fd0cb7..12ba8af50 100644 --- a/src/grib_dumper_class_bufr_encode_C.c +++ b/src/grib_dumper_class_bufr_encode_C.c @@ -143,20 +143,22 @@ static int destroy(grib_dumper* d) static char* lval_to_string(grib_context* c, long v) { - char* sval = (char*)grib_context_malloc_clear(c, sizeof(char) * 40); + const size_t svalMaxLen = 40; + char* sval = (char*)grib_context_malloc_clear(c, sizeof(char) * svalMaxLen); if (v == GRIB_MISSING_LONG) - sprintf(sval, "CODES_MISSING_LONG"); + snprintf(sval, svalMaxLen, "CODES_MISSING_LONG"); else - sprintf(sval, "%ld", v); + snprintf(sval, svalMaxLen, "%ld", v); return sval; } static char* dval_to_string(grib_context* c, double v) { - char* sval = (char*)grib_context_malloc_clear(c, sizeof(char) * 40); + const size_t svalMaxLen = 40; + char* sval = (char*)grib_context_malloc_clear(c, sizeof(char) * svalMaxLen); if (v == GRIB_MISSING_DOUBLE) - sprintf(sval, "CODES_MISSING_DOUBLE"); + snprintf(sval, svalMaxLen, "CODES_MISSING_DOUBLE"); else - sprintf(sval, "%.18e", v); + snprintf(sval, svalMaxLen, "%.18e", v); return sval; } @@ -239,9 +241,10 @@ static void dump_values(grib_dumper* d, grib_accessor* a) int dofree = 0; if (r != 0) { - prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); + const size_t prefixMaxLen = strlen(a->name) + 10; + prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * prefixMaxLen); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, prefixMaxLen, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -322,10 +325,9 @@ static void dump_values_attribute(grib_dumper* d, grib_accessor* a, const char* } if (self->isLeaf == 0) { - char* prefix1; - - prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + const size_t prefix1MaxLen = strlen(a->name) + strlen(prefix) + 5; + char* prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * prefix1MaxLen); + snprintf(prefix1, prefix1MaxLen, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -374,9 +376,10 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) r = compute_bufr_key_rank(h, self->keys, a->name); if (r != 0) { - prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); + const size_t prefixMaxLen = strlen(a->name) + 10; + prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * prefixMaxLen); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, prefixMaxLen, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -462,9 +465,10 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) int dofree = 0; if (r != 0) { - prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); + const size_t prefixMaxLen = strlen(a->name) + 10; + prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * prefixMaxLen); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, prefixMaxLen, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -540,10 +544,9 @@ static void dump_long_attribute(grib_dumper* d, grib_accessor* a, const char* pr } if (self->isLeaf == 0) { - char* prefix1; - - prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + const size_t prefix1MaxLen = strlen(a->name) + strlen(prefix) + 5; + char* prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * prefix1MaxLen); + snprintf(prefix1, prefix1MaxLen, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -587,9 +590,10 @@ static void dump_double(grib_dumper* d, grib_accessor* a, const char* comment) int dofree = 0; if (r != 0) { - prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); + const size_t prefixMaxLen = strlen(a->name) + 10; + prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * prefixMaxLen); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, prefixMaxLen, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -652,9 +656,10 @@ static void dump_string_array(grib_dumper* d, grib_accessor* a, const char* comm int dofree = 0; if (r != 0) { - prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); + const size_t prefixMaxLen = strlen(a->name) + 10; + prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * prefixMaxLen); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, prefixMaxLen, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -726,9 +731,10 @@ static void dump_string(grib_dumper* d, grib_accessor* a, const char* comment) int dofree = 0; if (r != 0) { - prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(acc_name) + 10)); + const size_t prefixMaxLen = strlen(acc_name) + 10; + prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * prefixMaxLen); dofree = 1; - sprintf(prefix, "#%d#%s", r, acc_name); + snprintf(prefix, prefixMaxLen, "#%d#%s", r, acc_name); } else prefix = (char*)acc_name; @@ -863,12 +869,12 @@ static void header(grib_dumper* d, grib_handle* h) if (localSectionPresent && bufrHeaderCentre == 98) { grib_get_long(h, "isSatellite", &isSatellite); if (isSatellite) - sprintf(sampleName, "BUFR%ld_local_satellite", edition); + snprintf(sampleName, sizeof(sampleName), "BUFR%ld_local_satellite", edition); else - sprintf(sampleName, "BUFR%ld_local", edition); + snprintf(sampleName, sizeof(sampleName), "BUFR%ld_local", edition); } else { - sprintf(sampleName, "BUFR%ld", edition); + snprintf(sampleName, sizeof(sampleName), "BUFR%ld", edition); } if (d->count < 2) { diff --git a/src/grib_dumper_class_bufr_encode_filter.c b/src/grib_dumper_class_bufr_encode_filter.c index e56e1043e..6f2c33e4c 100644 --- a/src/grib_dumper_class_bufr_encode_filter.c +++ b/src/grib_dumper_class_bufr_encode_filter.c @@ -218,7 +218,7 @@ static void dump_values(grib_dumper* d, grib_accessor* a) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -292,7 +292,7 @@ static void dump_values_attribute(grib_dumper* d, grib_accessor* a, const char* char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -331,7 +331,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -401,7 +401,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -474,7 +474,7 @@ static void dump_long_attribute(grib_dumper* d, grib_accessor* a, const char* pr char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -521,7 +521,7 @@ static void dump_double(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -594,7 +594,7 @@ static void dump_string_array(grib_dumper* d, grib_accessor* a, const char* comm if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -667,7 +667,7 @@ static void dump_string(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -802,12 +802,12 @@ static void header(grib_dumper* d, grib_handle* h) if (localSectionPresent && bufrHeaderCentre == 98) { grib_get_long(h, "isSatellite", &isSatellite); if (isSatellite) - sprintf(sampleName, "BUFR%ld_local_satellite", edition); + snprintf(sampleName, sizeof(sampleName), "BUFR%ld_local_satellite", edition); else - sprintf(sampleName, "BUFR%ld_local", edition); + snprintf(sampleName, sizeof(sampleName), "BUFR%ld_local", edition); } else { - sprintf(sampleName, "BUFR%ld", edition); + snprintf(sampleName, sizeof(sampleName), "BUFR%ld", edition); } fprintf(self->dumper.out, "# BUFR sample file: %s.tmpl\n", sampleName); diff --git a/src/grib_dumper_class_bufr_encode_fortran.c b/src/grib_dumper_class_bufr_encode_fortran.c index 5de032183..2653138ab 100644 --- a/src/grib_dumper_class_bufr_encode_fortran.c +++ b/src/grib_dumper_class_bufr_encode_fortran.c @@ -146,20 +146,20 @@ static char* lval_to_string(grib_context* c, long v) { char* sval = (char*)grib_context_malloc_clear(c, sizeof(char) * 40); if (v == GRIB_MISSING_LONG) - sprintf(sval, "CODES_MISSING_LONG"); + snprintf(sval, 1024, "CODES_MISSING_LONG"); else - sprintf(sval, "%ld", v); + snprintf(sval, 1024, "%ld", v); return sval; } static char* dval_to_string(grib_context* c, double v) { char* sval = (char*)grib_context_malloc_clear(c, sizeof(char) * 40); if (v == GRIB_MISSING_DOUBLE) { - sprintf(sval, "CODES_MISSING_DOUBLE"); + snprintf(sval, 1024, "CODES_MISSING_DOUBLE"); } else { char* p; - sprintf(sval, "%.18e", v); + snprintf(sval, 1024, "%.18e", v); p = sval; while (*p != 0) { if (*p == 'e') @@ -201,7 +201,7 @@ static char* break_line(grib_context* c, const char* input) } else { char tmp[256] = {0,}; - sprintf(tmp, "->&\n &%s", a_token); + snprintf(tmp, sizeof(tmp), "->&\n &%s", a_token); strcat(result, tmp); } a_token = strtok_r(NULL, "->", &lasts); @@ -291,7 +291,7 @@ static void dump_values(grib_dumper* d, grib_accessor* a) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -375,7 +375,7 @@ static void dump_values_attribute(grib_dumper* d, grib_accessor* a, const char* char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -426,7 +426,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -513,7 +513,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -596,7 +596,7 @@ static void dump_long_attribute(grib_dumper* d, grib_accessor* a, const char* pr char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(pref) + 5)); - sprintf(prefix1, "%s->%s", pref, a->name); + snprintf(prefix1, 1024, "%s->%s", pref, a->name); dump_attributes(d, a, prefix1); @@ -643,7 +643,7 @@ static void dump_double(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -708,7 +708,7 @@ static void dump_string_array(grib_dumper* d, grib_accessor* a, const char* comm if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -780,7 +780,7 @@ static void dump_string(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(acc_name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, acc_name); + snprintf(prefix, 1024, "#%d#%s", r, acc_name); } else prefix = (char*)acc_name; @@ -913,12 +913,12 @@ static void header(grib_dumper* d, grib_handle* h) if (localSectionPresent && bufrHeaderCentre == 98) { grib_get_long(h, "isSatellite", &isSatellite); if (isSatellite) - sprintf(sampleName, "BUFR%ld_local_satellite", edition); + snprintf(sampleName, sizeof(sampleName), "BUFR%ld_local_satellite", edition); else - sprintf(sampleName, "BUFR%ld_local", edition); + snprintf(sampleName, sizeof(sampleName), "BUFR%ld_local", edition); } else { - sprintf(sampleName, "BUFR%ld", edition); + snprintf(sampleName, sizeof(sampleName), "BUFR%ld", edition); } if (d->count < 2) { diff --git a/src/grib_dumper_class_bufr_encode_python.c b/src/grib_dumper_class_bufr_encode_python.c index 5624e1294..fa336a593 100644 --- a/src/grib_dumper_class_bufr_encode_python.c +++ b/src/grib_dumper_class_bufr_encode_python.c @@ -145,18 +145,18 @@ static char* lval_to_string(grib_context* c, long v) { char* sval = (char*)grib_context_malloc_clear(c, sizeof(char) * 40); if (v == GRIB_MISSING_LONG) - sprintf(sval, "CODES_MISSING_LONG"); + snprintf(sval, 1024, "CODES_MISSING_LONG"); else - sprintf(sval, "%ld", v); + snprintf(sval, 1024, "%ld", v); return sval; } static char* dval_to_string(const grib_context* c, double v) { char* sval = (char*)grib_context_malloc_clear(c, sizeof(char) * 40); if (v == GRIB_MISSING_DOUBLE) - sprintf(sval, "CODES_MISSING_DOUBLE"); + snprintf(sval, 1024, "CODES_MISSING_DOUBLE"); else - sprintf(sval, "%.18e", v); + snprintf(sval, 1024, "%.18e", v); return sval; } @@ -242,7 +242,7 @@ static void dump_values(grib_dumper* d, grib_accessor* a) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -326,7 +326,7 @@ static void dump_values_attribute(grib_dumper* d, grib_accessor* a, const char* char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -376,7 +376,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -464,7 +464,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -542,7 +542,7 @@ static void dump_long_attribute(grib_dumper* d, grib_accessor* a, const char* pr char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -588,7 +588,7 @@ static void dump_double(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -650,7 +650,7 @@ static void dump_string_array(grib_dumper* d, grib_accessor* a, const char* comm if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -721,7 +721,7 @@ static void dump_string(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(acc_name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, acc_name); + snprintf(prefix, 1024, "#%d#%s", r, acc_name); } else prefix = (char*)acc_name; @@ -855,12 +855,12 @@ static void header(grib_dumper* d, grib_handle* h) if (localSectionPresent && bufrHeaderCentre == 98) { grib_get_long(h, "isSatellite", &isSatellite); if (isSatellite) - sprintf(sampleName, "BUFR%ld_local_satellite", edition); + snprintf(sampleName, sizeof(sampleName), "BUFR%ld_local_satellite", edition); else - sprintf(sampleName, "BUFR%ld_local", edition); + snprintf(sampleName, sizeof(sampleName), "BUFR%ld_local", edition); } else { - sprintf(sampleName, "BUFR%ld", edition); + snprintf(sampleName, sizeof(sampleName), "BUFR%ld", edition); } if (d->count < 2) { diff --git a/src/grib_dumper_class_bufr_simple.c b/src/grib_dumper_class_bufr_simple.c index eb661e151..3d6f1d9c8 100644 --- a/src/grib_dumper_class_bufr_simple.c +++ b/src/grib_dumper_class_bufr_simple.c @@ -216,7 +216,7 @@ static void dump_values(grib_dumper* d, grib_accessor* a) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -291,7 +291,7 @@ static void dump_values_attribute(grib_dumper* d, grib_accessor* a, const char* char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -339,7 +339,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -418,7 +418,7 @@ static void dump_long(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -492,7 +492,7 @@ static void dump_long_attribute(grib_dumper* d, grib_accessor* a, const char* pr char* prefix1; prefix1 = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(prefix1, "%s->%s", prefix, a->name); + snprintf(prefix1, 1024, "%s->%s", prefix, a->name); dump_attributes(d, a, prefix1); @@ -541,7 +541,7 @@ static void dump_double(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -610,7 +610,7 @@ static void dump_string_array(grib_dumper* d, grib_accessor* a, const char* comm if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, a->name); + snprintf(prefix, 1024, "#%d#%s", r, a->name); } else prefix = (char*)a->name; @@ -682,7 +682,7 @@ static void dump_string(grib_dumper* d, grib_accessor* a, const char* comment) if (r != 0) { prefix = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(acc_name) + 10)); dofree = 1; - sprintf(prefix, "#%d#%s", r, acc_name); + snprintf(prefix, 1024, "#%d#%s", r, acc_name); } else prefix = (char*)acc_name; diff --git a/src/grib_dumper_class_default.c b/src/grib_dumper_class_default.c index d3ba8204d..218c47dfe 100644 --- a/src/grib_dumper_class_default.c +++ b/src/grib_dumper_class_default.c @@ -674,7 +674,7 @@ static void dump_section(grib_dumper* d, grib_accessor* a, grib_block_of_accesso } *q = '\0'; - sprintf(tmp, "%s ( length=%ld, padding=%ld )", upper, (long)s->length, (long)s->padding); + snprintf(tmp, sizeof(tmp), "%s ( length=%ld, padding=%ld )", upper, (long)s->length, (long)s->padding); /* fprintf(self->dumper.out,"#============== %-38s ==============\n",tmp); */ free(upper); self->section_offset = a->offset; diff --git a/src/grib_dumper_class_grib_encode_C.c b/src/grib_dumper_class_grib_encode_C.c index 29632551c..3be707249 100644 --- a/src/grib_dumper_class_grib_encode_C.c +++ b/src/grib_dumper_class_grib_encode_C.c @@ -325,10 +325,10 @@ static void dump_values(grib_dumper* d, grib_accessor* a) type = grib_accessor_get_native_type(a); switch (type) { case GRIB_TYPE_LONG: - sprintf(stype, "%s", "long"); + snprintf(stype, sizeof(stype), "%s", "long"); break; case GRIB_TYPE_DOUBLE: - sprintf(stype, "%s", "double"); + snprintf(stype, sizeof(stype), "%s", "double"); break; default: return; diff --git a/src/grib_dumper_class_json.c b/src/grib_dumper_class_json.c index 40bd47e1e..c2d8c6de2 100644 --- a/src/grib_dumper_class_json.c +++ b/src/grib_dumper_class_json.c @@ -484,7 +484,7 @@ static void dump_string(grib_dumper* d, grib_accessor* a, const char* comment) err = grib_unpack_string(a, value, &size); if (err) { - sprintf(value, " *** ERR=%d (%s) [dump_string on '%s']", + snprintf(value, sizeof(value), " *** ERR=%d (%s) [dump_string on '%s']", err, grib_get_error_message(err), a->name); } else { Assert(size < MAX_STRING_SIZE); diff --git a/src/grib_dumper_class_keys.c b/src/grib_dumper_class_keys.c index ad6d226b1..9aa6cea58 100644 --- a/src/grib_dumper_class_keys.c +++ b/src/grib_dumper_class_keys.c @@ -297,7 +297,7 @@ static void dump_section(grib_dumper* d, grib_accessor* a, grib_block_of_accesso } *q = '\0'; - /*sprintf(tmp,"%s ",upper,(long)s->length,(long)s->padding);*/ + /*snprintf(tmp,1024,"%s ",upper,(long)s->length,(long)s->padding);*/ fprintf(self->dumper.out, "====> %s <==== \n", upper); diff --git a/src/grib_dumper_class_wmo.c b/src/grib_dumper_class_wmo.c index d022518e5..77b91f6bb 100644 --- a/src/grib_dumper_class_wmo.c +++ b/src/grib_dumper_class_wmo.c @@ -548,7 +548,7 @@ static void dump_section(grib_dumper* d, grib_accessor* a, grib_block_of_accesso p++; } *q = '\0'; - sprintf(tmp, "%s ( length=%ld, padding=%ld )", upper, (long)s->length, (long)s->padding); + snprintf(tmp, sizeof(tmp), "%s ( length=%ld, padding=%ld )", upper, (long)s->length, (long)s->padding); fprintf(self->dumper.out, "====================== %-35s ======================\n", tmp); free(upper); self->section_offset = a->offset; @@ -584,7 +584,7 @@ static void print_offset(FILE* out, long begin, long theEnd) if (begin == theEnd) fprintf(out, "%-10ld", begin); else { - sprintf(tmp, "%ld-%ld", begin, theEnd); + snprintf(tmp, sizeof(tmp), "%ld-%ld", begin, theEnd); fprintf(out, "%-10s", tmp); } } diff --git a/src/grib_errors.c b/src/grib_errors.c index 7b797a6ac..a057694a7 100644 --- a/src/grib_errors.c +++ b/src/grib_errors.c @@ -102,7 +102,7 @@ const char* grib_get_error_message(int code) code = -code; if (code < 0 || code >= NUMBER(errors)) { static char mess[64]; - sprintf(mess,"Unknown error %d",code); + snprintf(mess, sizeof(mess), "Unknown error %d", code); return mess; } return errors[code]; diff --git a/src/grib_errors.c.in b/src/grib_errors.c.in index 3b7a43cbd..4e826bb8b 100644 --- a/src/grib_errors.c.in +++ b/src/grib_errors.c.in @@ -22,7 +22,7 @@ const char* grib_get_error_message(int code) code = -code; if (code < 0 || code >= NUMBER(errors)) { static char mess[64]; - sprintf(mess,"Unknown error %d",code); + snprintf(mess, sizeof(mess), "Unknown error %d", code); return mess; } return errors[code]; diff --git a/src/grib_expression_class_is_in_dict.c b/src/grib_expression_class_is_in_dict.c index 0faf4ead9..e0a8f5e5b 100644 --- a/src/grib_expression_class_is_in_dict.c +++ b/src/grib_expression_class_is_in_dict.c @@ -211,7 +211,7 @@ static string evaluate_string(grib_expression* g, grib_handle* h, char* buf, siz else result = 0; - sprintf(buf, "%ld", result); + snprintf(buf, 32, "%ld", result); *size = strlen(buf); return buf; } diff --git a/src/grib_expression_class_is_in_list.c b/src/grib_expression_class_is_in_list.c index a469b4cf5..b82e634ff 100644 --- a/src/grib_expression_class_is_in_list.c +++ b/src/grib_expression_class_is_in_list.c @@ -210,7 +210,7 @@ static string evaluate_string(grib_expression* g, grib_handle* h, char* buf, siz else result = 0; - sprintf(buf, "%ld", result); + snprintf(buf, 32, "%ld", result); *size = strlen(buf); return buf; } diff --git a/src/grib_expression_class_is_integer.c b/src/grib_expression_class_is_integer.c index 6c97a96b2..89bf68197 100644 --- a/src/grib_expression_class_is_integer.c +++ b/src/grib_expression_class_is_integer.c @@ -145,11 +145,11 @@ static string evaluate_string(grib_expression* g, grib_handle* h, char* buf, siz switch (grib_expression_native_type(h, g)) { case GRIB_TYPE_LONG: *err = evaluate_long(g, h, &lresult); - sprintf(buf, "%ld", lresult); + snprintf(buf, 32, "%ld", lresult); break; case GRIB_TYPE_DOUBLE: *err = evaluate_double(g, h, &dresult); - sprintf(buf, "%g", dresult); + snprintf(buf, 32, "%g", dresult); break; } return buf; diff --git a/src/grib_expression_class_length.c b/src/grib_expression_class_length.c index a50daa2f6..2348f555f 100644 --- a/src/grib_expression_class_length.c +++ b/src/grib_expression_class_length.c @@ -132,7 +132,7 @@ static string evaluate_string(grib_expression* g, grib_handle* h, char* buf, siz if ((*err = grib_get_string_internal(h, e->name, mybuf, size)) != GRIB_SUCCESS) return NULL; - sprintf(buf, "%ld", (long)strlen(mybuf)); + snprintf(buf, 32, "%ld", (long)strlen(mybuf)); return buf; } diff --git a/src/grib_handle.c b/src/grib_handle.c index 84c152cc5..2b152d846 100644 --- a/src/grib_handle.c +++ b/src/grib_handle.c @@ -1398,7 +1398,7 @@ int grib_get_message(const grib_handle* ch, const void** msg, size_t* size) if (h->context->gts_header_on && h->gts_header) { char strbuf[10]; - sprintf(strbuf, "%.8d", (int)(h->buffer->ulength + h->gts_header_len - 6)); + snprintf(strbuf, sizeof(strbuf), "%.8d", (int)(h->buffer->ulength + h->gts_header_len - 6)); memcpy(h->gts_header, strbuf, 8); } return 0; diff --git a/src/grib_index.c b/src/grib_index.c index 21197f105..983162b66 100644 --- a/src/grib_index.c +++ b/src/grib_index.c @@ -1012,21 +1012,21 @@ int grib_index_search_same(grib_index* index, grib_handle* h) case GRIB_TYPE_STRING: err = grib_get_string(h, keys->name, buf, &buflen); if (err == GRIB_NOT_FOUND) - sprintf(buf, GRIB_KEY_UNDEF); + snprintf(buf, sizeof(buf), GRIB_KEY_UNDEF); break; case GRIB_TYPE_LONG: err = grib_get_long(h, keys->name, &lval); if (err == GRIB_NOT_FOUND) - sprintf(buf, GRIB_KEY_UNDEF); + snprintf(buf, sizeof(buf), GRIB_KEY_UNDEF); else - sprintf(buf, "%ld", lval); + snprintf(buf, sizeof(buf), "%ld", lval); break; case GRIB_TYPE_DOUBLE: err = grib_get_double(h, keys->name, &dval); if (err == GRIB_NOT_FOUND) - sprintf(buf, GRIB_KEY_UNDEF); + snprintf(buf, sizeof(buf), GRIB_KEY_UNDEF); else - sprintf(buf, "%g", dval); + snprintf(buf, sizeof(buf), "%g", dval); break; default: err = GRIB_WRONG_TYPE; @@ -1038,7 +1038,7 @@ int grib_index_search_same(grib_index* index, grib_handle* h) keys->name, grib_get_error_message(err)); return err; } - sprintf(keys->value, "%s", buf); + snprintf(keys->value, sizeof(buf), "%s", buf); keys = keys->next; } grib_index_rewind(index); @@ -1166,21 +1166,21 @@ int _codes_index_add_file(grib_index* index, const char* filename, int message_t case GRIB_TYPE_STRING: err = grib_get_string(h, index_key->name, buf, &svallen); if (err == GRIB_NOT_FOUND) - sprintf(buf, GRIB_KEY_UNDEF); + snprintf(buf, sizeof(buf), GRIB_KEY_UNDEF); break; case GRIB_TYPE_LONG: err = grib_get_long(h, index_key->name, &lval); if (err == GRIB_NOT_FOUND) - sprintf(buf, GRIB_KEY_UNDEF); + snprintf(buf, sizeof(buf), GRIB_KEY_UNDEF); else - sprintf(buf, "%ld", lval); + snprintf(buf, sizeof(buf), "%ld", lval); break; case GRIB_TYPE_DOUBLE: err = grib_get_double(h, index_key->name, &dval); if (err == GRIB_NOT_FOUND) - sprintf(buf, GRIB_KEY_UNDEF); + snprintf(buf, sizeof(buf), GRIB_KEY_UNDEF); else - sprintf(buf, "%g", dval); + snprintf(buf, sizeof(buf), "%g", dval); break; default: err = GRIB_WRONG_TYPE; @@ -1344,17 +1344,17 @@ int grib_index_add_file(grib_index* index, const char* filename) switch (index_key->type) { case GRIB_TYPE_STRING: err=grib_get_string(h,index_key->name,buf,&svallen); - if (err==GRIB_NOT_FOUND) sprintf(buf,GRIB_KEY_UNDEF); + if (err==GRIB_NOT_FOUND) snprintf(buf,1024,GRIB_KEY_UNDEF); break; case GRIB_TYPE_LONG: err=grib_get_long(h,index_key->name,&lval); - if (err==GRIB_NOT_FOUND) sprintf(buf,GRIB_KEY_UNDEF); - else sprintf(buf,"%ld",lval); + if (err==GRIB_NOT_FOUND) snprintf(buf,1024,GRIB_KEY_UNDEF); + else snprintf(buf,1024,"%ld",lval); break; case GRIB_TYPE_DOUBLE: err=grib_get_double(h,index_key->name,&dval); - if (err==GRIB_NOT_FOUND) sprintf(buf,GRIB_KEY_UNDEF); - else sprintf(buf,"%g",dval); + if (err==GRIB_NOT_FOUND) snprintf(buf,1024,GRIB_KEY_UNDEF); + else snprintf(buf,1024,"%g",dval); break; default : err=GRIB_WRONG_TYPE; @@ -1573,7 +1573,7 @@ int grib_index_select_long(grib_index* index, const char* skey, long value) return err; } Assert(key); - sprintf(key->value, "%ld", value); + snprintf(key->value, sizeof(key->value), "%ld", value); grib_index_rewind(index); return 0; } @@ -1605,7 +1605,7 @@ int grib_index_select_double(grib_index* index, const char* skey, double value) return err; } Assert(key); - sprintf(key->value, "%g", value); + snprintf(key->value, sizeof(key->value), "%g", value); grib_index_rewind(index); return 0; } @@ -1637,7 +1637,7 @@ int grib_index_select_string(grib_index* index, const char* skey, const char* va return err; } Assert(key); - sprintf(key->value, "%s", value); + snprintf(key->value, sizeof(key->value), "%s", value); grib_index_rewind(index); return 0; } @@ -1961,7 +1961,7 @@ int grib_index_search(grib_index* index, grib_index_key* keys) ki = search_key(ki, ks); } if (ki) - sprintf(ki->value, "%s", ks->value); + snprintf(ki->value, 1024, "%s", ks->value); ks = ks->next; } diff --git a/src/grib_parse_utils.c b/src/grib_parse_utils.c index f74fd1eb6..9a7b6cc34 100644 --- a/src/grib_parse_utils.c +++ b/src/grib_parse_utils.c @@ -105,7 +105,7 @@ int grib_recompose_name(grib_handle* h, grib_accessor* observer, const char* una a = grib_find_accessor(h, loc); if (!a) { if (!fail) { - sprintf(val, "undef"); + snprintf(val, sizeof(val), "undef"); } else { grib_context_log(h->context, GRIB_LOG_WARNING, "grib_recompose_name: Problem to recompose filename with : %s ( %s no accessor found)", uname, loc); @@ -121,12 +121,12 @@ int grib_recompose_name(grib_handle* h, grib_accessor* observer, const char* una case GRIB_TYPE_DOUBLE: replen = 1; ret = grib_unpack_double(a, &dval, &replen); - sprintf(val, "%.12g", dval); + snprintf(val, sizeof(val), "%.12g", dval); break; case GRIB_TYPE_LONG: replen = 1; ret = grib_unpack_long(a, &lval, &replen); - sprintf(val, "%d", (int)lval); + snprintf(val, sizeof(val), "%d", (int)lval); break; default: grib_context_log(h->context, GRIB_LOG_WARNING, "grib_recompose_name: Problem to recompose filename with : %s, invalid type %d", loc, type); @@ -679,7 +679,7 @@ void grib_parser_include(const char* included_fname) if (f == NULL) { char buffer[1024]; grib_context_log(grib_parser_context, (GRIB_LOG_ERROR) | (GRIB_LOG_PERROR), "grib_parser_include: cannot open: '%s'", parse_file); - sprintf(buffer, "Cannot include file: '%s'", parse_file); + snprintf(buffer, sizeof(buffer), "Cannot include file: '%s'", parse_file); grib_yyerror(buffer); } else { diff --git a/src/grib_templates.c b/src/grib_templates.c index b179dd987..268b7d3b8 100644 --- a/src/grib_templates.c +++ b/src/grib_templates.c @@ -57,9 +57,9 @@ static grib_handle* try_product_template(grib_context* c, ProductKind product_ki int err = 0; if (string_ends_with(name, ".tmpl")) - sprintf(path, "%s/%s", dir, name); + snprintf(path, sizeof(path), "%s/%s", dir, name); else - sprintf(path, "%s/%s.tmpl", dir, name); + snprintf(path, sizeof(path), "%s/%s.tmpl", dir, name); if (c->debug) { fprintf(stderr, "ECCODES DEBUG try_product_template product=%s, path='%s'\n", codes_get_product_name(product_kind), path); @@ -113,9 +113,9 @@ static char* try_template_path(grib_context* c, const char* dir, const char* nam { char path[2048]; if (string_ends_with(name, ".tmpl")) - sprintf(path, "%s/%s", dir, name); + snprintf(path, sizeof(path), "%s/%s", dir, name); else - sprintf(path, "%s/%s.tmpl", dir, name); + snprintf(path, sizeof(path), "%s/%s.tmpl", dir, name); if (codes_access(path, F_OK) == 0) { return grib_context_strdup(c, path); diff --git a/src/grib_util.c b/src/grib_util.c index af1c950a4..c951429e9 100644 --- a/src/grib_util.c +++ b/src/grib_util.c @@ -74,12 +74,12 @@ static grib_handle* grib_sections_copy_internal(grib_handle* hfrom, grib_handle* h = hto; } - sprintf(section_length_str, "section%dLength", i); + snprintf(section_length_str, sizeof(section_length_str), "section%dLength", i); if (grib_get_long(h, section_length_str, &length)) continue; section_length[i] = length; - sprintf(section_offset_str, "offsetSection%d", i); + snprintf(section_offset_str, sizeof(section_offset_str), "offsetSection%d", i); if (grib_get_long(h, section_offset_str, &offset)) continue; section_offset[i] = offset; @@ -506,7 +506,7 @@ static int angle_can_be_encoded(grib_handle* h, const double angle) return ret; Assert(angle_subdivisions > 0); - sprintf(sample_name, "GRIB%ld", edition); + snprintf(sample_name, sizeof(sample_name), "GRIB%ld", edition); h2 = grib_handle_new_from_samples(0, sample_name); if ((ret = grib_set_double(h2, "latitudeOfFirstGridPointInDegrees", angle)) != 0) return ret; @@ -1158,10 +1158,10 @@ grib_handle* grib_util_set_spec2(grib_handle* h, case GRIB_UTIL_GRID_SPEC_REDUCED_GG: case GRIB_UTIL_GRID_SPEC_REDUCED_ROTATED_GG: /* Choose a sample with the right Gaussian number and edition */ - sprintf(sample_name, "%s_pl_%ld_grib%ld", grid_type, spec->N, editionNumber); + snprintf(sample_name, sizeof(sample_name), "%s_pl_%ld_grib%ld", grid_type, spec->N, editionNumber); if (spec->pl && spec->pl_size) { /* GRIB-834: pl is given so can use any of the reduced_gg_pl samples */ - sprintf(sample_name, "%s_pl_grib%ld", grid_type, editionNumber); + snprintf(sample_name, sizeof(sample_name), "%s_pl_grib%ld", grid_type, editionNumber); } break; case GRIB_UTIL_GRID_SPEC_LAMBERT_AZIMUTHAL_EQUAL_AREA: @@ -1173,13 +1173,13 @@ grib_handle* grib_util_set_spec2(grib_handle* h, grid_type); convertEditionEarlier = 1; } - sprintf(sample_name, "GRIB%ld", editionNumber); + snprintf(sample_name, sizeof(sample_name), "GRIB%ld", editionNumber); break; case GRIB_UTIL_GRID_SPEC_LAMBERT_CONFORMAL: - sprintf(sample_name, "GRIB%ld", editionNumber); + snprintf(sample_name, sizeof(sample_name), "GRIB%ld", editionNumber); break; default: - sprintf(sample_name, "%s_pl_grib%ld", grid_type, editionNumber); + snprintf(sample_name, sizeof(sample_name), "%s_pl_grib%ld", grid_type, editionNumber); } if (spec->pl && spec->grid_name) { @@ -1188,7 +1188,7 @@ grib_handle* grib_util_set_spec2(grib_handle* h, goto cleanup; } if (spec->grid_name) { - sprintf(sample_name, "%s_grib%ld", spec->grid_name, editionNumber); + snprintf(sample_name,sizeof(sample_name), "%s_grib%ld", spec->grid_name, editionNumber); } } diff --git a/src/grib_vdarray.c b/src/grib_vdarray.c index 62f635787..d118db45c 100644 --- a/src/grib_vdarray.c +++ b/src/grib_vdarray.c @@ -24,7 +24,7 @@ void grib_vdarray_print(const char* title, const grib_vdarray* vdarray) Assert(vdarray); printf("%s: vdarray.n=%lu\n", title, (unsigned long)vdarray->n); for (i = 0; i < vdarray->n; i++) { - sprintf(text, " vdarray->v[%lu]", (unsigned long)i); + snprintf(text, sizeof(text), " vdarray->v[%lu]", (unsigned long)i); grib_darray_print(text, vdarray->v[i]); } printf("\n"); diff --git a/src/grib_viarray.c b/src/grib_viarray.c index 126591a1e..5c4f6692b 100644 --- a/src/grib_viarray.c +++ b/src/grib_viarray.c @@ -21,10 +21,11 @@ void grib_viarray_print(const char* title, const grib_viarray* viarray) { size_t i; char text[100] = {0,}; + const size_t textLen = sizeof(text); Assert(viarray); printf("%s: viarray.n=%lu\n", title, (unsigned long)viarray->n); for (i = 0; i < viarray->n; i++) { - sprintf(text, " viarray->v[%lu]", (unsigned long)i); + snprintf(text, textLen, " viarray->v[%lu]", (unsigned long)i); grib_iarray_print(text, viarray->v[i]); } printf("\n"); diff --git a/src/grib_yacc.c b/src/grib_yacc.c index 3c9fa9821..09bbbb45f 100644 --- a/src/grib_yacc.c +++ b/src/grib_yacc.c @@ -2069,7 +2069,7 @@ grib_yysyntax_error (YYPTRDIFF_T *grib_yymsg_alloc, char **grib_yymsg, return 1; } - /* Avoid sprintf, as that infringes on the user's name space. + /* Avoid snprintf, as that infringes on the user's name space. Don't have undefined behavior even if the translation produced a string with the wrong number of "%s"s. */ { @@ -3520,14 +3520,14 @@ grib_yyreduce: case 206: #line 752 "griby.y" { - char buf[80]; sprintf(buf,"%ld",(long)(grib_yyvsp[-4].lval)); (grib_yyval.concept_value) = grib_concept_value_new(grib_parser_context,buf,(grib_yyvsp[-1].concept_condition));} + char buf[80]; snprintf(buf,sizeof(buf),"%ld",(long)(grib_yyvsp[-4].lval)); (grib_yyval.concept_value) = grib_concept_value_new(grib_parser_context,buf,(grib_yyvsp[-1].concept_condition));} #line 3525 "y.tab.c" break; case 207: #line 754 "griby.y" { - char buf[80]; sprintf(buf,"%g",(double)(grib_yyvsp[-4].dval)); (grib_yyval.concept_value) = grib_concept_value_new(grib_parser_context,buf,(grib_yyvsp[-1].concept_condition));} + char buf[80]; snprintf(buf,sizeof(buf),"%g",(double)(grib_yyvsp[-4].dval)); (grib_yyval.concept_value) = grib_concept_value_new(grib_parser_context,buf,(grib_yyvsp[-1].concept_condition));} #line 3532 "y.tab.c" break; diff --git a/src/griby.y b/src/griby.y index 425a8d7b9..32b6a6962 100644 --- a/src/griby.y +++ b/src/griby.y @@ -750,9 +750,9 @@ concept_value: STRING '=' '{' concept_conditions '}' { | IDENT '=' '{' concept_conditions '}' { $$ = grib_concept_value_new(grib_parser_context,$1,$4); free($1);} | INTEGER '=' '{' concept_conditions '}' { - char buf[80]; sprintf(buf,"%ld",(long)$1); $$ = grib_concept_value_new(grib_parser_context,buf,$4);} + char buf[80]; snprintf(buf, sizeof(buf), "%ld",(long)$1); $$ = grib_concept_value_new(grib_parser_context,buf,$4);} | FLOAT '=' '{' concept_conditions '}' { - char buf[80]; sprintf(buf,"%g",(double)$1); $$ = grib_concept_value_new(grib_parser_context,buf,$4);} + char buf[80]; snprintf(buf, sizeof(buf), "%g", (double)$1); $$ = grib_concept_value_new(grib_parser_context,buf,$4);} ; concept_conditions: concept_condition diff --git a/src/md5.c b/src/md5.c index 9bebbe750..7bf2279e3 100644 --- a/src/md5.c +++ b/src/md5.c @@ -281,7 +281,7 @@ void grib_md5_end(grib_md5_state* s, char* digest) #define U(x) ((unsigned int)(x)) - sprintf(digest, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", + snprintf(digest, 1024, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", U(s->h0 & 0xff), U((s->h0 >> 8) & 0xff), U((s->h0 >> 16) & 0xff), U((s->h0 >> 24) & 0xff), U(s->h1 & 0xff), U((s->h1 >> 8) & 0xff), U((s->h1 >> 16) & 0xff), U((s->h1 >> 24) & 0xff), U(s->h2 & 0xff), U((s->h2 >> 8) & 0xff), U((s->h2 >> 16) & 0xff), U((s->h2 >> 24) & 0xff), diff --git a/tests/bufr_ecc-1288.c b/tests/bufr_ecc-1288.c index be38bae60..327fe320d 100644 --- a/tests/bufr_ecc-1288.c +++ b/tests/bufr_ecc-1288.c @@ -42,7 +42,7 @@ int main(int argc, char* argv[]) codes_handle_delete(h); printf("Wipe the cache and extend the definitions path...\n"); - sprintf(buf, "%s:%s", DEFS_PATH_LOCAL, codes_definition_path(NULL)); + snprintf(buf, 1024, "%s:%s", DEFS_PATH_LOCAL, codes_definition_path(NULL)); codes_context_delete(NULL); codes_context_set_definitions_path(NULL, buf); printf("ECCODES_DEFINITION_PATH is now = |%s|\n", buf); diff --git a/tests/bufr_threads_ecc-604.c b/tests/bufr_threads_ecc-604.c index 65c3dcfb7..bbe3dd61c 100644 --- a/tests/bufr_threads_ecc-604.c +++ b/tests/bufr_threads_ecc-604.c @@ -184,7 +184,7 @@ void do_stuff(void* ptr) for (i = 0; i < FILES_PER_ITERATION; i++) { if (opt_write) { - sprintf(output_file, "output/output_file_%ld-%ld.bufr", data->number, i); + snprintf(output_file, 50, "output/output_file_%ld-%ld.bufr", data->number, i); encode_file(INPUT_FILE, output_file); } else { diff --git a/tests/codes_set_samples_path.c b/tests/codes_set_samples_path.c index 4c2cf7767..dbcff4ed7 100644 --- a/tests/codes_set_samples_path.c +++ b/tests/codes_set_samples_path.c @@ -38,7 +38,7 @@ int main(int argc, char** argv) h = grib_handle_new_from_samples(c, sample_name); Assert(!h); - sprintf(full_path, "%s%c%s", new_dir, ECC_PATH_DELIMITER_CHAR, grib_samples_path(c)); + snprintf(full_path, 2048, "%s%c%s", new_dir, ECC_PATH_DELIMITER_CHAR, grib_samples_path(c)); printf("Change samples_path to: %s\n", full_path); grib_context_set_samples_path(c, full_path); diff --git a/tests/grib_bpv_limit.c b/tests/grib_bpv_limit.c index c0cccd152..b5a3af0f6 100644 --- a/tests/grib_bpv_limit.c +++ b/tests/grib_bpv_limit.c @@ -88,7 +88,7 @@ int main(int argc, char** argv) /* do nothing */ } else { - sprintf(error_msg, "Error decoding when bpv=%d. Error message:%s", i, grib_get_error_message(err)); + snprintf(error_msg, sizeof(error_msg), "Error decoding when bpv=%d. Error message:%s", i, grib_get_error_message(err)); perror(error_msg); exit(1); } @@ -108,7 +108,7 @@ int main(int argc, char** argv) /* do nothing */ } else { - sprintf(error_msg, "Error decoding when bpv=%d. Error message:%s", i, grib_get_error_message(err)); + snprintf(error_msg, sizeof(error_msg), "Error decoding when bpv=%d. Error message:%s", i, grib_get_error_message(err)); perror(error_msg); exit(1); } diff --git a/tests/grib_check_param_concepts.c b/tests/grib_check_param_concepts.c index f04cd4779..077d61e14 100644 --- a/tests/grib_check_param_concepts.c +++ b/tests/grib_check_param_concepts.c @@ -86,15 +86,15 @@ static int grib_check_param_concepts(const char* key, const char* filename) /* condition_name is discipline, parameterCategory etc. */ if (strcmp(expression->cclass->name, "long") == 0) { grib_expression_long* el = (grib_expression_long*)expression; - sprintf(condition_value, "%ld", el->value); + snprintf(condition_value, sizeof(condition_value), "%ld", el->value); } else if (strcmp(expression->cclass->name, "functor") == 0) { grib_expression_functor* ef = (grib_expression_functor*)expression; - sprintf(condition_value, "%s", ef->name); + snprintf(condition_value, sizeof(condition_value), "%s", ef->name); } else if (strcmp(expression->cclass->name, "string") == 0) { grib_expression_string* es = (grib_expression_string*)expression; - sprintf(condition_value, "%s", es->value); + snprintf(condition_value, sizeof(condition_value), "%s", es->value); } else { fprintf(stderr, "%s %s: Unknown class name: '%s'\n", diff --git a/tests/grib_encode_pthreads.c b/tests/grib_encode_pthreads.c index ab752ba21..44a69eafc 100644 --- a/tests/grib_encode_pthreads.c +++ b/tests/grib_encode_pthreads.c @@ -117,7 +117,7 @@ void do_stuff(void* arg) int i; for (i = 0; i < FILES_PER_ITERATION; i++) { - sprintf(output_file, "temp.grib_encode_pthreads_test.out_%d-%d.grib", (int)number, i); + snprintf(output_file, 50, "temp.grib_encode_pthreads_test.out_%d-%d.grib", (int)number, i); encode_file(INPUT_FILE, output_file); } } diff --git a/tests/grib_lam_bf.c b/tests/grib_lam_bf.c index 7f5ce39f5..6771deedd 100644 --- a/tests/grib_lam_bf.c +++ b/tests/grib_lam_bf.c @@ -796,7 +796,7 @@ int main(int argc, char* argv[]) FILE* fp; size_t size; const void* buffer = NULL; - sprintf(f, "lam_bf_%s_%s.grib", grids[igrid], trunc[itrunc].name); + snprintf(f, 128, "lam_bf_%s_%s.grib", grids[igrid], trunc[itrunc].name); fp = fopen(f, "wb"); GRIB_CHECK(grib_get_message(h, &buffer, &size), 0); if (fwrite(buffer, 1, size, fp) != size) { @@ -820,7 +820,7 @@ int main(int argc, char* argv[]) long int nsmax, nmsmax; char geometry[128]; - sprintf(f, "lam_bf_%s_%s.grib", grids[igrid], trunc[itrunc].name); + snprintf(f, 128, "lam_bf_%s_%s.grib", grids[igrid], trunc[itrunc].name); fp = fopen(f, "rb"); h = grib_handle_new_from_file(0, fp, &err); vals = (double*)malloc(sizeof(double) * trunc[itrunc].len); diff --git a/tests/grib_lam_gp.c b/tests/grib_lam_gp.c index 4200e5cc6..13825f9e1 100644 --- a/tests/grib_lam_gp.c +++ b/tests/grib_lam_gp.c @@ -924,7 +924,7 @@ int main(int argc, char* argv[]) FILE* fp; size_t size; const void* buffer = NULL; - sprintf(f, "lam_gp_%s.grib", grids[igrid]); + snprintf(f, 128, "lam_gp_%s.grib", grids[igrid]); fp = fopen(f, "wb"); GRIB_CHECK(grib_get_message(h, &buffer, &size), 0); if (fwrite(buffer, 1, size, fp) != size) { @@ -947,7 +947,7 @@ int main(int argc, char* argv[]) long int Nux, Nuy, Ncx, Ncy; char geometry[128]; - sprintf(f, "lam_gp_%s.grib", grids[igrid]); + snprintf(f, 128, "lam_gp_%s.grib", grids[igrid]); fp = fopen(f, "rb"); h = grib_handle_new_from_file(0, fp, &err); vals = (double*)malloc(sizeof(double) * 4096); diff --git a/tests/grib_threads_ecc-604-encode.c b/tests/grib_threads_ecc-604-encode.c index ddb1959a5..d2438e299 100644 --- a/tests/grib_threads_ecc-604-encode.c +++ b/tests/grib_threads_ecc-604-encode.c @@ -146,7 +146,7 @@ void do_encode(void* ptr) for (i = 0; i < FILES_PER_ITERATION; i++) { grib_handle* h = grib_handle_clone(hs); if (opt_write) { - sprintf(output_file, "output/output_file_%ld-%ld.grib", data->number, i); + snprintf(output_file, 50, "output/output_file_%ld-%ld.grib", data->number, i); encode_values(h, output_file); } else { diff --git a/tests/grib_threads_ecc-604.c b/tests/grib_threads_ecc-604.c index a122ad961..c09d2ea91 100644 --- a/tests/grib_threads_ecc-604.c +++ b/tests/grib_threads_ecc-604.c @@ -193,7 +193,7 @@ void do_stuff(void* ptr) for (i = 0; i < FILES_PER_ITERATION; i++) { if (opt_write) { - sprintf(output_file, "output/output_file_%ld-%ld.grib", data->number, i); + snprintf(output_file, 50, "output/output_file_%ld-%ld.grib", data->number, i); encode_file(INPUT_FILE, output_file); } else { diff --git a/tigge/tigge_name.c b/tigge/tigge_name.c index 40e004236..b0216f566 100755 --- a/tigge/tigge_name.c +++ b/tigge/tigge_name.c @@ -87,7 +87,7 @@ static void verify(grib_handle *h,const char* full,const char* base) else level = get(h,"level"); - sprintf(wmo_name,"z_tigge_c_%s_%08ld%04ld00_%s_%s_%s_%s_%04ld_%03ld_%04ld_%s.grib", + snprintf(wmo_name, sizeof(wmo_name), "z_tigge_c_%s_%08ld%04ld00_%s_%s_%s_%s_%04ld_%03ld_%04ld_%s.grib", sget(h,"origin",origin,sizeof(origin)), compare_mode?0:get(h,"date"), compare_mode?0:get(h,"time"), diff --git a/tigge/tigge_split.c b/tigge/tigge_split.c index d4fb37464..f062aeb57 100755 --- a/tigge/tigge_split.c +++ b/tigge/tigge_split.c @@ -142,7 +142,7 @@ static void split(grib_handle *h) else level = get(h,"level"); - sprintf(wmo_name,"z_tigge_c_%s_%08ld%04ld00_%s_%s_%s_%s_%04ld_%03ld_%04ld_%s.grib", + snprintf(wmo_name, 1024, "z_tigge_c_%s_%08ld%04ld00_%s_%s_%s_%s_%04ld_%03ld_%04ld_%s.grib", sget(h,"origin",origin,sizeof(origin)), get(h,"date"), get(h,"time"), diff --git a/tigge/tigge_tools.c b/tigge/tigge_tools.c index 6115d1d9e..58cb2c7d4 100644 --- a/tigge/tigge_tools.c +++ b/tigge/tigge_tools.c @@ -37,7 +37,7 @@ void scan(const char* name) while( (e = readdir(dir)) != NULL) { if(e->d_name[0] == '.') continue; - sprintf(tmp,"%s/%s",name,e->d_name); + snprintf(tmp, 1024, "%s/%s",name,e->d_name); scan(tmp); } @@ -53,12 +53,12 @@ void scan(const char* name) struct _finddata_t fileinfo; intptr_t handle; char tmp[1024]; - sprintf(tmp, "%s/*", name); + snprintf(tmp, 1024, "%s/*", name); if((handle = _findfirst(tmp, &fileinfo)) != -1) { do { if(fileinfo.name[0] != '.') { - sprintf(tmp, "%s/%s", name, fileinfo.name); + snprintf(tmp, 1024, "%s/%s", name, fileinfo.name); scan(tmp); } } while(!_findnext(handle, &fileinfo)); diff --git a/tools/bufr_compare.c b/tools/bufr_compare.c index 57037796a..2f0510626 100644 --- a/tools/bufr_compare.c +++ b/tools/bufr_compare.c @@ -155,7 +155,7 @@ static void write_message(grib_handle* h, const char* str) FILE* fh; grib_get_message(h, &m, &s); - sprintf(fname, "%s_%d.bufr", str, write_count); + snprintf(fname, sizeof(fname), "%s_%d.bufr", str, write_count); fh = fopen(fname, "w"); if (!fh) { @@ -381,7 +381,7 @@ int grib_tool_init(grib_runtime_options* options) /* Take the filename of the 1st file and append to dir */ char bufr[2048] = {0,}; /* options->infile_extra->name is the 1st file */ - sprintf(bufr, "%s%c%s", + snprintf(bufr, sizeof(bufr), "%s%c%s", infile->name, get_dir_separator_char(), extract_filename(options->infile_extra->name)); @@ -636,9 +636,9 @@ static char* double_as_string(grib_context* c, double v) { char* sval = (char*)grib_context_malloc_clear(c, sizeof(char) * 40); if (v == GRIB_MISSING_DOUBLE) - sprintf(sval, "MISSING"); + snprintf(sval, 32, "MISSING"); else - sprintf(sval, "%.20e", v); + snprintf(sval, 32, "%.20e", v); return sval; } @@ -1238,8 +1238,9 @@ static int compare_attribute(grib_handle* handle1, grib_handle* handle2, grib_ru { int ret = 0; grib_context* c = handle1->context; - char* fullname = (char*)grib_context_malloc_clear(c, sizeof(char) * (strlen(a->name) + strlen(prefix) + 5)); - sprintf(fullname, "%s->%s", prefix, a->name); + const size_t fullnameMaxLen = strlen(a->name) + strlen(prefix) + 5; + char* fullname = (char*)grib_context_malloc_clear(c, sizeof(char) * fullnameMaxLen); + snprintf(fullname, fullnameMaxLen, "%s->%s", prefix, a->name); if (compare_values(options, handle1, handle2, fullname, GRIB_TYPE_UNDEFINED)) { (*err)++; write_messages(handle1, handle2); @@ -1304,9 +1305,10 @@ static int compare_all_dump_keys(grib_handle* handle1, grib_handle* handle2, gri /* Get full name of key, e.g. '#2#windSpeed' or 'blockNumber' */ rank = compute_bufr_key_rank(handle1, keys_list, xa->name); if (rank != 0) { - prefix = (char*)grib_context_malloc_clear(context, sizeof(char) * (strlen(xa->name) + 10)); + const size_t prefixMaxLen = strlen(xa->name) + 10; + prefix = (char*)grib_context_malloc_clear(context, sizeof(char) * prefixMaxLen); dofree = 1; - sprintf(prefix, "#%d#%s", rank, xa->name); + snprintf(prefix, prefixMaxLen, "#%d#%s", rank, xa->name); } else { prefix = (char*)xa->name; diff --git a/tools/bufr_dump.c b/tools/bufr_dump.c index c74e5d59e..0e0ecbcb0 100644 --- a/tools/bufr_dump.c +++ b/tools/bufr_dump.c @@ -232,7 +232,7 @@ int grib_tool_new_file_action(grib_runtime_options* options, grib_tools_file* fi } else { char tmp[1024]; - sprintf(tmp, "FILE: %s ", options->current_infile->name); + snprintf(tmp, sizeof(tmp), "FILE: %s ", options->current_infile->name); if (!grib_options_on("p")) fprintf(stdout, "***** %s\n", tmp); } @@ -532,7 +532,7 @@ int grib_tool_new_handle_action(grib_runtime_options* options, grib_handle* h) } else if (grib_options_on("O")) { char tmp[1024]; - sprintf(tmp, "MESSAGE %d ( length=%ld )", options->handle_count, length); + snprintf(tmp, sizeof(tmp), "MESSAGE %d ( length=%ld )", options->handle_count, length); if (!grib_options_on("C")) fprintf(stdout, "#============== %-38s ==============\n", tmp); grib_dump_content(h, stdout, options->dump_mode, options->dump_flags, 0); diff --git a/tools/bufr_split_by_rdbSubtype.c b/tools/bufr_split_by_rdbSubtype.c index b5a86d36d..5f7beaf4c 100644 --- a/tools/bufr_split_by_rdbSubtype.c +++ b/tools/bufr_split_by_rdbSubtype.c @@ -112,7 +112,7 @@ static int split_file_by_subtype(FILE* in, const char* filename, unsigned long* if (!in) return 1; - sprintf(ofilename, "%s", OUTPUT_FILENAME_DEFAULT); /*default name*/ + snprintf(ofilename, 2048, "%s", OUTPUT_FILENAME_DEFAULT); /*default name*/ while (err != GRIB_END_OF_FILE) { mesg = wmo_read_bufr_from_file_malloc(in, 0, &size, &offset, &err); @@ -125,9 +125,9 @@ static int split_file_by_subtype(FILE* in, const char* filename, unsigned long* return status; } - sprintf(ofilename, "%s", OUTPUT_FILENAME_DEFAULT); + snprintf(ofilename, 2048, "%s", OUTPUT_FILENAME_DEFAULT); if (rdbSubtype != -1) - sprintf(ofilename, OUTPUT_FILENAME_SUBTYPE, rdbSubtype); + snprintf(ofilename, 2048, OUTPUT_FILENAME_SUBTYPE, rdbSubtype); if (verbose) { if (!path_is_regular_file(ofilename)) diff --git a/tools/codes_split_file.c b/tools/codes_split_file.c index 568dfcd89..5bb14bacf 100644 --- a/tools/codes_split_file.c +++ b/tools/codes_split_file.c @@ -34,6 +34,7 @@ static int split_file(FILE* in, const char* filename, const int nchunks, unsigne void* mesg = NULL; FILE* out; size_t size = 0, read_size = 0, insize = 0, chunk_size, msg_size = 0, num_msg = 0; + size_t ofilenameMaxLen = 0; off_t offset = 0; int err = GRIB_SUCCESS; int i; @@ -44,7 +45,8 @@ static int split_file(FILE* in, const char* filename, const int nchunks, unsigne return 1; /* name of output file */ - ofilename = (char*)calloc(1, strlen(filename) + 10); + ofilenameMaxLen = strlen(filename) + 10; + ofilename = (char*)calloc(1, ofilenameMaxLen); fseeko(in, 0, SEEK_END); insize = ftello(in); @@ -58,7 +60,7 @@ static int split_file(FILE* in, const char* filename, const int nchunks, unsigne } i = 1; - sprintf(ofilename, OUTPUT_FILENAME_FORMAT, filename, i); + snprintf(ofilename, ofilenameMaxLen, OUTPUT_FILENAME_FORMAT, filename, i); out = fopen(ofilename, "w"); if (!out) { perror(ofilename); @@ -87,7 +89,7 @@ static int split_file(FILE* in, const char* filename, const int nchunks, unsigne i++; /* Start writing to the next file */ /*printf("=2=%d\t%d\n",*count,msg_size);*/ - sprintf(ofilename, OUTPUT_FILENAME_FORMAT, filename, i); + snprintf(ofilename, ofilenameMaxLen, OUTPUT_FILENAME_FORMAT, filename, i); out = fopen(ofilename, "w"); if (!out) { perror(ofilename); diff --git a/tools/grib_check_gaussian_grid.c b/tools/grib_check_gaussian_grid.c index d9dc05f1e..1b1024b57 100644 --- a/tools/grib_check_gaussian_grid.c +++ b/tools/grib_check_gaussian_grid.c @@ -53,9 +53,9 @@ static void error(const char* filename, int msg_num, const char* fmt, ...) va_list list; va_start(list, fmt); if (verbose) - sprintf(buf, " Error: %s", fmt); /* indent a bit */ + snprintf(buf, sizeof(buf), " Error: %s", fmt); /* indent a bit */ else - sprintf(buf, "Error: %s #%d: %s", filename, msg_num, fmt); + snprintf(buf, sizeof(buf), "Error: %s #%d: %s", filename, msg_num, fmt); vfprintf(stderr, buf, list); va_end(list); diff --git a/tools/grib_compare.c b/tools/grib_compare.c index cb4f8ab90..dadaf6463 100644 --- a/tools/grib_compare.c +++ b/tools/grib_compare.c @@ -344,7 +344,7 @@ int grib_tool_init(grib_runtime_options* options) /* Take the filename of the 1st file and append to dir */ char bufr[2048] = {0,}; /* options->infile_extra->name is the 1st file */ - sprintf(bufr, "%s%c%s", + snprintf(bufr, sizeof(bufr), "%s%c%s", infile->name, get_dir_separator_char(), extract_filename(options->infile_extra->name)); diff --git a/tools/grib_dump.c b/tools/grib_dump.c index 1659a354a..9dd9f0052 100644 --- a/tools/grib_dump.c +++ b/tools/grib_dump.c @@ -132,7 +132,7 @@ int grib_tool_new_file_action(grib_runtime_options* options, grib_tools_file* fi Assert(file); exit_if_input_is_directory(tool_name, file->name); - sprintf(tmp, "FILE: %s ", options->current_infile->name); + snprintf(tmp, sizeof(tmp), "FILE: %s ", options->current_infile->name); if (!grib_options_on("C")) fprintf(stdout, "***** %s\n", tmp); @@ -211,7 +211,7 @@ int grib_tool_new_handle_action(grib_runtime_options* options, grib_handle* h) char tmp[1024]; char identifier[100]; size_t idlen = 100; - sprintf(tmp, "MESSAGE %d ( length=%ld )", options->handle_count, length); + snprintf(tmp, sizeof(tmp), "MESSAGE %d ( length=%ld )", options->handle_count, length); if (!grib_options_on("C")) fprintf(stdout, "#============== %-38s ==============\n", tmp); if (!strcmp(options->dump_mode, "default")) { diff --git a/tools/grib_get_data.c b/tools/grib_get_data.c index 682d7764b..a6787c5bb 100644 --- a/tools/grib_get_data.c +++ b/tools/grib_get_data.c @@ -142,10 +142,10 @@ int grib_tool_new_handle_action(grib_runtime_options* options, grib_handle* h) str, default_format_latlons); exit(1); } - sprintf(format_latlons, "%s ", str); /* Add a final space to separate from data values */ + snprintf(format_latlons, sizeof(format_latlons), "%s ", str); /* Add a final space to separate from data values */ } else { - sprintf(format_latlons, "%s ", default_format_latlons); + snprintf(format_latlons, sizeof(format_latlons), "%s ", default_format_latlons); } if ((err = grib_get_long(h, "numberOfPoints", &numberOfPoints)) != GRIB_SUCCESS) { @@ -315,7 +315,7 @@ static grib_values* get_key_values(grib_runtime_options* options, grib_handle* h if (grib_is_missing(h, options->print_keys[i].name, &ret) && ret == GRIB_SUCCESS) { options->print_keys[i].type = GRIB_TYPE_MISSING; - sprintf(value, "MISSING"); + snprintf(value, sizeof(value), "MISSING"); } else if (ret != GRIB_NOT_FOUND) { if (options->print_keys[i].type == GRIB_TYPE_UNDEFINED) { @@ -329,12 +329,12 @@ static grib_values* get_key_values(grib_runtime_options* options, grib_handle* h case GRIB_TYPE_DOUBLE: ret = grib_get_double(h, options->print_keys[i].name, &(options->print_keys[i].double_value)); - sprintf(value, "%g", options->print_keys[i].double_value); + snprintf(value, sizeof(value), "%g", options->print_keys[i].double_value); break; case GRIB_TYPE_LONG: ret = grib_get_long(h, options->print_keys[i].name, &(options->print_keys[i].long_value)); - sprintf(value, "%ld", (long)options->print_keys[i].long_value); + snprintf(value, sizeof(value), "%ld", (long)options->print_keys[i].long_value); break; default: fprintf(dump_file, "invalid type for %s\n", options->print_keys[i].name); diff --git a/tools/grib_merge.c b/tools/grib_merge.c index ac74019db..ce47666ed 100644 --- a/tools/grib_merge.c +++ b/tools/grib_merge.c @@ -337,7 +337,7 @@ int grib_tool_new_handle_action(grib_runtime_options* options, grib_handle* h) md5Key, grib_get_error_message(err)); exit(err); } - sprintf(fname, "_%s.orig.grib", md5); + snprintf(fname, sizeof(fname), "_%s.orig.grib", md5); err = grib_write_message(h, fname, "a"); if ((hm = merge(h, hh)) == NULL) { @@ -349,7 +349,7 @@ int grib_tool_new_handle_action(grib_runtime_options* options, grib_handle* h) md5Key, grib_get_error_message(err)); exit(err); } - sprintf(fname, "_%s.merge.grib", md5); + snprintf(fname, sizeof(fname), "_%s.merge.grib", md5); grib_write_message(hh, fname, "a"); } grib_handle_delete(hh); diff --git a/tools/grib_options.c b/tools/grib_options.c index 1f133c150..9aa7c38ba 100644 --- a/tools/grib_options.c +++ b/tools/grib_options.c @@ -407,7 +407,7 @@ const char* grib_options_get_help(const char* id) int i = 0; char msg[] = "ERROR: help not found for option "; char* err = (char*)calloc(1, sizeof(msg) + 3); - sprintf(err, "%s%c\n", msg, *id); + snprintf(err, 1024, "%s%c\n", msg, *id); for (i = 0; i < grib_options_count; i++) { if (!strcmp(id, grib_options[i].id)) { if (grib_options[i].help != NULL) @@ -433,7 +433,7 @@ const char* grib_options_get_args(const char* id) if (id[1] != ':') return strdup(empty); err = (char*)calloc(1, sizeof(msg) + 3); - sprintf(err, "%s%c\n", msg, *id); + snprintf(err, 1024, "%s%c\n", msg, *id); for (i = 0; i < grib_options_count; i++) { if (!strcmp(id, grib_options[i].id)) { if (grib_options[i].args != NULL) { diff --git a/tools/grib_to_netcdf.c b/tools/grib_to_netcdf.c index e20b74213..dbd8395c4 100644 --- a/tools/grib_to_netcdf.c +++ b/tools/grib_to_netcdf.c @@ -9,6 +9,7 @@ */ #include "grib_api_internal.h" +#define HAVE_NETCDF #ifdef HAVE_NETCDF @@ -389,7 +390,7 @@ static void add_value(request* r, const char* parname, const char* fmt, ...) va_list list; va_start(list, fmt); - vsprintf(buffer, fmt, list); + vsnprintf(buffer, sizeof(buffer), fmt, list); va_end(list); put_value(r, parname, buffer, TRUE, FALSE, FALSE); @@ -536,7 +537,7 @@ static void set_value(request* r, const char* parname, const char* fmt, ...) va_list list; va_start(list, fmt); - vsprintf(buffer, fmt, list); + vsnprintf(buffer, sizeof(buffer), fmt, list); va_end(list); put_value(r, parname, buffer, FALSE, FALSE, FALSE); @@ -2982,25 +2983,25 @@ static int define_netcdf_dimensions(hypercube* h, fieldset* fs, int ncid, datase } if (strcmp(axis, "date") == 0) { - sprintf(u, "days since %ld-%02ld-%02ld 00:00:0.0", setup.refdate / 10000, (setup.refdate % 10000) / 100, (setup.refdate % 100)); + snprintf(u, sizeof(u), "days since %ld-%02ld-%02ld 00:00:0.0", setup.refdate / 10000, (setup.refdate % 10000) / 100, (setup.refdate % 100)); units = u; longname = "Base_date"; if (setup.climatology) { - sprintf(u, "months"); + snprintf(u, sizeof(u), "months"); units = u; } } if (strcmp(axis, "time") == 0) { boolean onedtime = (count_values(cube, "date") == 0 && count_values(cube, "step") == 0); - sprintf(u, "hours since 0000-00-00 00:00:00.0"); + snprintf(u, sizeof(u), "hours since 0000-00-00 00:00:00.0"); longname = "reference_time"; if (setup.usevalidtime || onedtime) { - sprintf(u, "hours since %ld-%02ld-%02ld 00:00:00.0", setup.refdate / 10000, (setup.refdate % 10000) / 100, (setup.refdate % 100)); + snprintf(u, sizeof(u), "hours since %ld-%02ld-%02ld 00:00:00.0", setup.refdate / 10000, (setup.refdate % 10000) / 100, (setup.refdate % 100)); longname = "time"; } if (setup.climatology) { - sprintf(u, "hours"); + snprintf(u, sizeof(u), "hours"); } units = u; /* nctype = NC_FLOAT; */ @@ -3015,7 +3016,7 @@ static int define_netcdf_dimensions(hypercube* h, fieldset* fs, int ncid, datase long date = d ? atol(d) : 0; long hour = t ? atol(t) : 0; long min = t ? 60 * (atof(t) - hour) : 0; - sprintf(u, "hours since %ld-%02ld-%02ld %02ld:%02ld:00.0", date / 10000, (date % 10000) / 100, (date % 100), hour, min); + snprintf(u, sizeof(u), "hours since %ld-%02ld-%02ld %02ld:%02ld:00.0", date / 10000, (date % 10000) / 100, (date % 100), hour, min); units = u; } } @@ -3034,9 +3035,9 @@ static int define_netcdf_dimensions(hypercube* h, fieldset* fs, int ncid, datase strcat(ymd, "01"); } else { - sprintf(ymd, "00-00-00"); + snprintf(ymd, sizeof(ymd), "00-00-00"); } - sprintf(u, "months since %s 00:00:00.0", ymd); + snprintf(u, sizeof(u), "months since %s 00:00:00.0", ymd); units = u; longname = "time"; } @@ -3157,11 +3158,11 @@ static int define_netcdf_dimensions(hypercube* h, fieldset* fs, int ncid, datase if (p->name[0] != '_') { char par[1024]; char val[1024000] = ""; - sprintf(par, "%s", (p->name)); + snprintf(par, sizeof(par), "%s", (p->name)); #if 0 value2string(p->values,val); #else - sprintf(val, "%s", (p->values->name)); + snprintf(val, sizeof(val), "%s", (p->values->name)); #endif stat = nc_put_att_text(ncid, var_id, par, strlen(val), (val)); if (stat != NC_NOERR) { @@ -3188,7 +3189,7 @@ static int define_netcdf_dimensions(hypercube* h, fieldset* fs, int ncid, datase /* Use history provided or Timestamp */ if (setup.history) { - sprintf(history, "%s", setup.history); + snprintf(history, sizeof(history), "%s", setup.history); } else { int major = ECCODES_MAJOR_VERSION; @@ -3197,7 +3198,7 @@ static int define_netcdf_dimensions(hypercube* h, fieldset* fs, int ncid, datase time(&now); strftime(timestamp, sizeof(timestamp), "%Y-%m-%d %H:%M:%S GMT", gmtime(&now)); - sprintf(history, "%s by grib_to_netcdf-%d.%d.%d: %s", timestamp, major, minor, revision, argvString); + snprintf(history, sizeof(history), "%s by grib_to_netcdf-%d.%d.%d: %s", timestamp, major, minor, revision, argvString); } stat = nc_put_att_text(ncid, NC_GLOBAL, "history", strlen(history), history); check_err("nc_put_att_text", stat, __LINE__); @@ -3462,7 +3463,7 @@ static void find_nc_attributes(const request* subset_r, const request* user_r, n if (!metadata_dir) metadata_dir = getenv("METADATA_DIR"); - sprintf(metapath, "%s/%s", metadata_dir ? metadata_dir : ".", metafile); + snprintf(metapath, sizeof(metapath), "%s/%s", metadata_dir ? metadata_dir : ".", metafile); att->metadata = 0; /* read_request_file(metapath); */ } @@ -3496,7 +3497,7 @@ static void find_nc_attributes(const request* subset_r, const request* user_r, n if (!isalpha(att->name[0])) { char buf[1048]; const char* val = get_value(subset_r, "param", 0); - sprintf(buf, "%s_%s", (val ? val : "p"), att->name); + snprintf(buf, sizeof(buf), "%s_%s", (val ? val : "p"), att->name); strcpy(att->name, buf); } } diff --git a/tools/grib_tools.c b/tools/grib_tools.c index 2680a2488..a6051d1c0 100644 --- a/tools/grib_tools.c +++ b/tools/grib_tools.c @@ -590,7 +590,7 @@ static int scan(grib_context* c, grib_runtime_options* options, const char* dir) while ((s = readdir(d)) && (err == 0)) { if (strcmp(s->d_name, ".") != 0 && strcmp(s->d_name, "..") != 0) { char buf[1024]; - sprintf(buf, "%s/%s", dir, s->d_name); + snprintf(buf, sizeof(buf), "%s/%s", dir, s->d_name); process(c, options, buf); } } @@ -603,12 +603,12 @@ static int scan(grib_context* c, grib_runtime_options* options, const char* dir) struct _finddata_t fileinfo; intptr_t handle; char buffer[1024]; - sprintf(buffer, "%s/*", dir); + snprintf(buffer, sizeof(buffer), "%s/*", dir); if ((handle = _findfirst(buffer, &fileinfo)) != -1) { do { if (strcmp(fileinfo.name, ".") != 0 && strcmp(fileinfo.name, "..") != 0) { char buf[1024]; - sprintf(buf, "%s/%s", dir, fileinfo.name); + snprintf(buf, sizeof(buf), "%s/%s", dir, fileinfo.name); process(c, options, buf); } } while (!_findnext(handle, &fileinfo)); @@ -946,7 +946,7 @@ static int get_initial_element_of_array(grib_handle* h, const char* keyName, siz free(sval); return err; } - sprintf(value, "%s", sval); + snprintf(value, len, "%s", sval); free(sval); break; case GRIB_TYPE_LONG: @@ -955,7 +955,7 @@ static int get_initial_element_of_array(grib_handle* h, const char* keyName, siz return GRIB_OUT_OF_MEMORY; if ((err = grib_get_long_array(h, keyName, lval, &len)) != GRIB_SUCCESS) return err; - sprintf(value, "%ld...", lval[0]); + snprintf(value, 32, "%ld...", lval[0]); free(lval); break; case GRIB_TYPE_DOUBLE: @@ -964,7 +964,7 @@ static int get_initial_element_of_array(grib_handle* h, const char* keyName, siz return GRIB_OUT_OF_MEMORY; if ((err = grib_get_double_array(h, keyName, dval, &len)) != GRIB_SUCCESS) return err; - sprintf(value, "%g...", dval[0]); + snprintf(value, 32, "%g...", dval[0]); free(dval); break; case GRIB_TYPE_BYTES: @@ -973,11 +973,11 @@ static int get_initial_element_of_array(grib_handle* h, const char* keyName, siz return GRIB_OUT_OF_MEMORY; if ((err = grib_get_bytes(h, keyName, uval, &len)) != GRIB_SUCCESS) return err; - sprintf(value, "%d...", (short)uval[0]); + snprintf(value, 32, "%d...", (short)uval[0]); free(uval); break; default: - sprintf(value, "%s...", ""); + snprintf(value, 32, "%s...", ""); } return GRIB_SUCCESS; } @@ -991,11 +991,11 @@ static void get_value_for_key(grib_handle* h, const char* key_name, int key_type size_t len = MAX_STRING_LEN; if (grib_is_missing(h, key_name, &ret) && ret == GRIB_SUCCESS) { - sprintf(value_str, "MISSING"); + snprintf(value_str, 32, "MISSING"); return; } if (ret == GRIB_NOT_FOUND) { - sprintf(value_str, "not_found"); + snprintf(value_str, 32, "not_found"); return; } @@ -1022,11 +1022,11 @@ static void get_value_for_key(grib_handle* h, const char* key_name, int key_type } else if (type == GRIB_TYPE_DOUBLE) { ret = grib_get_double(h, key_name, &dvalue); - sprintf(value_str, format, dvalue); + snprintf(value_str, 32, format, dvalue); } else if (type == GRIB_TYPE_LONG) { ret = grib_get_long(h, key_name, &lvalue); - sprintf(value_str, "%ld", lvalue); + snprintf(value_str, 32, "%ld", lvalue); } else if (type == GRIB_TYPE_BYTES) { ret = grib_get_string(h, key_name, value_str, &len); @@ -1038,7 +1038,7 @@ static void get_value_for_key(grib_handle* h, const char* key_name, int key_type if (ret != GRIB_SUCCESS) { if (ret == GRIB_NOT_FOUND) { - sprintf(value_str, "not_found"); + snprintf(value_str, 32, "not_found"); } else { fprintf(dump_file, "ERROR: Failed to get value for key %s\n", key_name); exit(1); @@ -1123,15 +1123,15 @@ void grib_print_key_values(grib_runtime_options* options, grib_handle* h) acc = grib_find_accessor(h, options->print_keys[i].name); ret = grib_get_string(h, options->print_keys[i].name, value, &len); if (grib_is_missing_string(acc, (unsigned char*)value, len)) - sprintf(value, "MISSING"); + snprintf(value, 32, "MISSING"); break; case GRIB_TYPE_DOUBLE: if (num_vals > 1) { ret = GRIB_ARRAY_TOO_SMALL; } else { ret = grib_get_double(h, options->print_keys[i].name, &dvalue); - if (dvalue == GRIB_MISSING_DOUBLE) sprintf(value, "MISSING"); - else sprintf(value, options->format, dvalue); + if (dvalue == GRIB_MISSING_DOUBLE) snprintf(value, 32, "MISSING"); + else snprintf(value, 32, options->format, dvalue); } break; case GRIB_TYPE_LONG: @@ -1139,8 +1139,8 @@ void grib_print_key_values(grib_runtime_options* options, grib_handle* h) ret = GRIB_ARRAY_TOO_SMALL; } else { ret = grib_get_long(h, options->print_keys[i].name, &lvalue); - if (lvalue == GRIB_MISSING_LONG) sprintf(value, "MISSING"); - else sprintf(value, "%ld", lvalue); + if (lvalue == GRIB_MISSING_LONG) snprintf(value, 32, "MISSING"); + else snprintf(value, 32, "%ld", lvalue); } break; case GRIB_TYPE_BYTES: @@ -1155,7 +1155,7 @@ void grib_print_key_values(grib_runtime_options* options, grib_handle* h) else { /* Other products e.g. GRIB */ if (grib_is_missing(h, options->print_keys[i].name, &ret) && ret == GRIB_SUCCESS) { - sprintf(value, "MISSING"); + snprintf(value, 32, "MISSING"); } else if (ret == GRIB_SUCCESS) { const char* pName = NULL; @@ -1180,11 +1180,11 @@ void grib_print_key_values(grib_runtime_options* options, grib_handle* h) break; case GRIB_TYPE_DOUBLE: ret = grib_get_double(h, options->print_keys[i].name, &dvalue); - sprintf(value, options->format, dvalue); + snprintf(value, 32, options->format, dvalue); break; case GRIB_TYPE_LONG: ret = grib_get_long(h, options->print_keys[i].name, &lvalue); - sprintf(value, "%ld", lvalue); + snprintf(value, 32, "%ld", lvalue); break; case GRIB_TYPE_BYTES: ret = grib_get_string(h, options->print_keys[i].name, value, &len); @@ -1231,7 +1231,7 @@ void grib_print_key_values(grib_runtime_options* options, grib_handle* h) written_to_dump = 1; } else if (options->latlon_mode == 1) { - sprintf(value, options->format, options->values[options->latlon_idx]); + snprintf(value, sizeof(value), options->format, options->values[options->latlon_idx]); strlenvalue = (int)strlen(value); width = strlenvalue < options->default_print_width ? options->default_print_width + 2 : strlenvalue + 2; fprintf(dump_file, "%-*s", (int)width, value); @@ -1248,7 +1248,7 @@ void grib_print_key_values(grib_runtime_options* options, grib_handle* h) err = grib_get_size(h, "values", &size); if (err) { - sprintf(value, "unknown"); + snprintf(value, 32, "unknown"); if (!options->fail) exit(err); return; @@ -1266,7 +1266,7 @@ void grib_print_key_values(grib_runtime_options* options, grib_handle* h) grib_context_free(h->context, values); } - sprintf(value, options->format, v); + snprintf(value, 32, options->format, v); strlenvalue = (int)strlen(value); width = strlenvalue < options->default_print_width ? options->default_print_width + 2 : strlenvalue + 2; fprintf(dump_file, "%-*s", (int)width, value); diff --git a/tools/gts_compare.c b/tools/gts_compare.c index 5fa20aa06..6c54fe3a4 100644 --- a/tools/gts_compare.c +++ b/tools/gts_compare.c @@ -103,7 +103,7 @@ static void write_message(grib_handle* h, const char* str) FILE* fh = NULL; grib_get_message(h, &m, &s); - sprintf(fname, "%s_%d.gts", str, write_count); + snprintf(fname, 1024, "%s_%d.gts", str, write_count); fh = fopen(fname, "w"); if (!fh) { @@ -252,7 +252,7 @@ int grib_tool_init(grib_runtime_options* options) /* Take the filename of the 1st file and append to dir */ char bufr[2048] = {0,}; /* options->infile_extra->name is the 1st file */ - sprintf(bufr, "%s%c%s", + snprintf(bufr, 2048, "%s%c%s", infile->name, get_dir_separator_char(), extract_filename(options->infile_extra->name)); diff --git a/tools/gts_dump.c b/tools/gts_dump.c index c8fe98eb3..e0f7ad411 100644 --- a/tools/gts_dump.c +++ b/tools/gts_dump.c @@ -101,7 +101,7 @@ int grib_tool_new_file_action(grib_runtime_options* options, grib_tools_file* fi char tmp[1024]; if (!options->current_infile->name) return 0; - sprintf(tmp, "FILE: %s ", options->current_infile->name); + snprintf(tmp, 1024, "FILE: %s ", options->current_infile->name); if (!grib_options_on("C")) fprintf(stdout, "***** %s\n", tmp); return 0; @@ -120,7 +120,7 @@ int grib_tool_new_handle_action(grib_runtime_options* options, grib_handle* h) for (i = 0; i < options->print_keys_count; i++) grib_set_flag(h, options->print_keys[i].name, GRIB_ACCESSOR_FLAG_DUMP); - sprintf(tmp, "MESSAGE %d ( length=%ld )", options->handle_count, length); + snprintf(tmp, 1024, "MESSAGE %d ( length=%ld )", options->handle_count, length); if (!grib_options_on("C")) fprintf(stdout, "#============== %-38s ==============\n", tmp); if (!strcmp(options->dump_mode, "default")) { diff --git a/tools/metar_compare.c b/tools/metar_compare.c index b5e2e59bc..9232c039f 100644 --- a/tools/metar_compare.c +++ b/tools/metar_compare.c @@ -116,7 +116,7 @@ static void write_message(grib_handle* h, const char* str) FILE* fh; grib_get_message(h, &m, &s); - sprintf(fname, "%s_%d.metar", str, write_count); + snprintf(fname, 1024, "%s_%d.metar", str, write_count); fh = fopen(fname, "w"); if (!fh) { @@ -323,7 +323,7 @@ int grib_tool_init(grib_runtime_options* options) /* Take the filename of the 1st file and append to dir */ char bufr[2048] = {0,}; /* options->infile_extra->name is the 1st file */ - sprintf(bufr, "%s%c%s", + snprintf(bufr, 2048, "%s%c%s", infile->name, get_dir_separator_char(), extract_filename(options->infile_extra->name)); diff --git a/tools/metar_dump.c b/tools/metar_dump.c index 2dcfe14b9..16007f837 100644 --- a/tools/metar_dump.c +++ b/tools/metar_dump.c @@ -108,7 +108,7 @@ int grib_tool_new_file_action(grib_runtime_options* options, grib_tools_file* fi char tmp[1024]; if (!options->current_infile->name) return 0; - sprintf(tmp, "FILE: %s ", options->current_infile->name); + snprintf(tmp, 1024, "FILE: %s ", options->current_infile->name); if (!grib_options_on("C") && !grib_options_on("J") && !grib_options_on("X")) fprintf(stdout, "***** %s\n", tmp); return 0; @@ -127,7 +127,7 @@ int grib_tool_new_handle_action(grib_runtime_options* options, grib_handle* h) for (i = 0; i < options->print_keys_count; i++) grib_set_flag(h, options->print_keys[i].name, GRIB_ACCESSOR_FLAG_DUMP); - sprintf(tmp, "MESSAGE %d ( length=%ld )", options->handle_count, length); + snprintf(tmp, 1024, "MESSAGE %d ( length=%ld )", options->handle_count, length); if (!grib_options_on("C") && !grib_options_on("X") && !grib_options_on("J")) fprintf(stdout, "#============== %-38s ==============\n", tmp); if (!strcmp(options->dump_mode, "default")) {