Use snprintf() in favour of sprintf()
authorAaron Crane <arc@cpan.org>
Tue, 17 Oct 2017 16:30:18 +0000 (17:30 +0100)
committerAaron Crane <arc@cpan.org>
Sat, 21 Oct 2017 15:52:42 +0000 (16:52 +0100)
sv.c
taint.c

diff --git a/sv.c b/sv.c
index c5a560a..a3d33ae 100644 (file)
--- a/sv.c
+++ b/sv.c
@@ -13210,7 +13210,7 @@ Perl_sv_vcatpvfn_flags(pTHX_ SV *const sv, const char *const pat, const STRLEN p
                         ? my_snprintf(PL_efloatbuf, PL_efloatsize, ptr, fv)
                         : my_snprintf(PL_efloatbuf, PL_efloatsize, ptr, (double)fv));
 #else
-                elen = my_sprintf(PL_efloatbuf, ptr, fv);
+                elen = my_snprintf(PL_efloatbuf, PL_efloatsize, ptr, fv);
 #endif
                 GCC_DIAG_RESTORE;
            }
diff --git a/taint.c b/taint.c
index 1b78928..ae0c2c9 100644 (file)
--- a/taint.c
+++ b/taint.c
@@ -122,7 +122,7 @@ Perl_taint_env(pTHX)
     while (1) {
         MAGIC* mg;
        if (i)
-           len = my_sprintf(name,"DCL$PATH;%d", i);
+           len = my_snprintf(name, sizeof name, "DCL$PATH;%d", i);
        svp = hv_fetch(GvHVn(PL_envgv), name, len, FALSE);
        if (!svp || *svp == &PL_sv_undef)
            break;