use snprintf instead of sprintf

author: Renaud Guillard <dev@nore.fr> 2017-06-04 21:10:19 +0200
committer: Renaud Guillard <dev@nore.fr> 2017-06-04 21:10:19 +0200
commit: b5e9d933ad5232a1585f8bc8dfe7860e17dad57f (patch)
tree: c0c978bc62b513daab1b87f214b3bbbcf65112f3 /src
parent: 38edf255aee473ade74d955faa79e4f7a5c38eb1 (diff)
1 files changed, 6 insertions, 5 deletions
diff --git a/src/pugixml.cpp b/src/pugixml.cpp
index 56d7c75..9973999 100644
--- a/src/pugixml.cpp
+++ b/src/pugixml.cpp
@@ -4632,7 +4632,8 @@ PUGI__NS_BEGIN
 	PUGI__FN bool set_value_convert(String& dest, Header& header, uintptr_t header_mask, float value)
 	{
 		char buf[128];
-		sprintf(buf, "%.9g", value);
+		snprintf(buf, 128, "%.9g", value);
+		buf[127] = '\0';
 
 		return set_value_ascii(dest, header, header_mask, buf);
 	}
@@ -4641,7 +4642,8 @@ PUGI__NS_BEGIN
 	PUGI__FN bool set_value_convert(String& dest, Header& header, uintptr_t header_mask, double value)
 	{
 		char buf[128];
-		sprintf(buf, "%.17g", value);
+		snprintf(buf, 128, "%.17g", value);
+		buf[127] = '\0';
 
 		return set_value_ascii(dest, header, header_mask, buf);
 	}
@@ -7997,9 +7999,8 @@ PUGI__NS_BEGIN
 	PUGI__FN void convert_number_to_mantissa_exponent(double value, char* buffer, size_t buffer_size, char** out_mantissa, int* out_exponent)
 	{
 		// get a scientific notation value with IEEE DBL_DIG decimals
-		sprintf(buffer, "%.*e", DBL_DIG, value);
-		assert(strlen(buffer) < buffer_size);
-		(void)!buffer_size;
+		snprintf(buffer, buffer_size, "%.*e", DBL_DIG, value);
+		buffer[buffer_size - 1] = '\0';
 
 		// get the exponent (possibly negative)
 		char* exponent_string = strchr(buffer, 'e');
author	Renaud Guillard <dev@nore.fr>	2017-06-04 21:10:19 +0200
committer	Renaud Guillard <dev@nore.fr>	2017-06-04 21:10:19 +0200
commit	b5e9d933ad5232a1585f8bc8dfe7860e17dad57f (patch)
tree	c0c978bc62b513daab1b87f214b3bbbcf65112f3 /src
parent	38edf255aee473ade74d955faa79e4f7a5c38eb1 (diff)