Excise the last instances of unsafe sprintf (#3705)

lgritz · web-flow · commit ed3dc51c551b · 2022-12-11T12:05:52.000-08:00
diff --git a/src/cineon.imageio/cineoninput.cpp b/src/cineon.imageio/cineoninput.cpp
@@ -338,7 +338,7 @@ CineonInput::open(const std::string& name, ImageSpec& newspec)
     }
     {
         char filmedge[17];
-        m_cin.header.FilmEdgeCode(filmedge);
+        m_cin.header.FilmEdgeCode(filmedge, sizeof(filmedge));
         if (filmedge[0])
             m_spec.attribute("cineon:FilmEdgeCode", filmedge);
     }
diff --git a/src/cineon.imageio/libcineon/CineonHeader.cpp b/src/cineon.imageio/libcineon/CineonHeader.cpp
@@ -500,21 +500,18 @@ int cineon::GenericHeader::DataSizeByteCount(const DataSize ds)
 }
 
 
-void cineon::IndustryHeader::FilmEdgeCode(char *edge) const
+void cineon::IndustryHeader::FilmEdgeCode(char *edge, size_t size) const
 {
-	if (this->filmManufacturingIdCode == 0xff
-		&& this->filmType == 0xff
-		&& this->perfsOffset == 0xff
-		&& this->prefix == 0xffffffff
-		&& this->count == 0xffffffff)
-		*edge = 0;
-	else
-		sprintf(edge, "%02u%02u%02u%06u%04u",
-			(unsigned int)this->filmManufacturingIdCode,
-			(unsigned int)this->filmType,
-			(unsigned int)this->perfsOffset,
-			this->prefix,
-			this->count);
+        if (this->filmManufacturingIdCode == 0xff && this->filmType == 0xff
+            && this->perfsOffset == 0xff && this->prefix == 0xffffffff
+            && this->count == 0xffffffff)
+                *edge = 0;
+        else
+                snprintf(edge, size, "%02u%02u%02u%06u%04u",
+                         (unsigned int)this->filmManufacturingIdCode,
+                         (unsigned int)this->filmType,
+                         (unsigned int)this->perfsOffset, this->prefix,
+                         this->count);
 }
 
 
diff --git a/src/cineon.imageio/libcineon/CineonHeader.h b/src/cineon.imageio/libcineon/CineonHeader.h
@@ -955,7 +955,7 @@ namespace cineon
 		 * \brief Get the film edge code information that is machine readable
 		 * \param edge buffer to write film edge code information (16+1 chars)
 		 */
-		void				FilmEdgeCode(char *edge) const;
+		void				FilmEdgeCode(char *edge, size_t size) const;
 
 		/*!
 		 * \brief Set the film edge code information that is machine readable
diff --git a/src/dpx.imageio/libdpx/DPXHeader.cpp b/src/dpx.imageio/libdpx/DPXHeader.cpp
@@ -688,7 +688,7 @@ void dpx::IndustryHeader::SetFileEdgeCode(const char *edge)
 void dpx::IndustryHeader::TimeCode(char *str) const
 {
 	U32 tc = this->timeCode;
-	::sprintf(str, "%c%c:%c%c:%c%c:%c%c", 
+	::snprintf(str, 12, "%c%c:%c%c:%c%c:%c%c", 
 		Hex((tc & 0xf0000000) >> 28),  Hex((tc & 0xf000000) >> 24),
 		Hex((tc & 0xf00000) >> 20),  Hex((tc & 0xf0000) >> 16),
 		Hex((tc & 0xf000) >> 12),  Hex((tc & 0xf00) >> 8),
@@ -699,7 +699,7 @@ void dpx::IndustryHeader::TimeCode(char *str) const
 void dpx::IndustryHeader::UserBits(char *str) const
 {
 	U32 ub = this->userBits;
-	::sprintf(str, "%c%c:%c%c:%c%c:%c%c", 
+	::snprintf(str, 12, "%c%c:%c%c:%c%c:%c%c",
 		Hex((ub & 0xf0000000) >> 28),  Hex((ub & 0xf000000) >> 24),
 		Hex((ub & 0xf00000) >> 20),  Hex((ub & 0xf0000) >> 16),
 		Hex((ub & 0xf000) >> 12),  Hex((ub & 0xf00) >> 8),
diff --git a/src/libutil/strutil_test.cpp b/src/libutil/strutil_test.cpp
@@ -77,18 +77,18 @@ test_format()
     bench.indent (2);
     bench.units (Benchmarker::Unit::ns);
     char buffer[256];
-    bench ("std::sprintf(\"%g\")", [&](){ DoNotOptimize (std::sprintf(buffer,"%g",123.45f)); });
+    bench ("std::snprintf(\"%g\")", [&](){ DoNotOptimize (std::snprintf(buffer,sizeof(buffer),"%g",123.45f)); });
     bench ("Strutil::sprintf(\"%g\")", [&](){ DoNotOptimize (Strutil::sprintf("%g",123.45f)); });
     bench ("Strutil::fmt::format(\"{:g}\")", [&](){ DoNotOptimize (Strutil::fmt::format("{:g}",123.45f)); });
     bench ("Strutil::to_string(float)", [&](){ DoNotOptimize (Strutil::to_string(123.45f)); });
 
-    bench ("std::sprintf(\"%d\")", [&](){ DoNotOptimize (std::sprintf(buffer,"%d",123)); });
+    bench ("std::snprintf(\"%d\")", [&](){ DoNotOptimize (std::snprintf(buffer,sizeof(buffer),"%d",123)); });
     bench ("Strutil::sprintf(\"%d\")", [&](){ DoNotOptimize (Strutil::sprintf("%g",123.0f)); });
     bench ("Strutil::fmt::format(\"{}\")", [&](){ DoNotOptimize (Strutil::fmt::format("{}",123)); });
     bench ("Strutil::to_string(int)", [&](){ DoNotOptimize (Strutil::to_string(123)); });
 
-    bench ("std::sprintf(\"%g %d %s %d %s %g\")", [&](){
-               DoNotOptimize (std::sprintf(buffer,"%g %d %s %d %s %g", 123.45f, 1234, "foobar", 42, "kablooey", 3.14159f));
+    bench ("std::snprintf(\"%g %d %s %d %s %g\")", [&](){
+               DoNotOptimize (std::snprintf(buffer,sizeof(buffer),"%g %d %s %d %s %g", 123.45f, 1234, "foobar", 42, "kablooey", 3.14159f));
            });
     bench ("Strutil::sprintf(\"%g %d %s %d %s %g\")", [&](){
                DoNotOptimize (Strutil::sprintf("%g %d %s %d %s %g", 123.45f, 1234, "foobar", 42, "kablooey", 3.14159f));

Original file line number	Diff line number	Diff line change
`@@ -338,7 +338,7 @@ CineonInput::open(const std::string& name, ImageSpec& newspec)`
`338`	`338`	`}`
`339`	`339`	`{`
`340`	`340`	`char filmedge[17];`
`341`		`- m_cin.header.FilmEdgeCode(filmedge);`
	`341`	`+ m_cin.header.FilmEdgeCode(filmedge, sizeof(filmedge));`
`342`	`342`	`if (filmedge[0])`
`343`	`343`	`m_spec.attribute("cineon:FilmEdgeCode", filmedge);`
`344`	`344`	`}`