Replace sprintf with snprintf (#1758)

Co-authored-by: francesco.laplaca <francesco.laplaca@enhancers.it> Co-authored-by: Ken Matsui <26405363+ken-matsui@users.noreply.github.com>
2023-08-28 11:18:12 +02:00 · 2023-08-28 11:18:12 +02:00 · 816684e15d
parent 40aa034595
commit 816684e15d
2 changed files with 33 additions and 9 deletions
--- a/drogon_ctl/templates/model_h.csp
+++ b/drogon_ctl/templates/model_h.csp
@ -508,7 +508,7 @@ if(@@.get<std::string>("rdbms")=="postgresql")
                if(@@.get<std::string>("rdbms")=="postgresql")
                {
 %>
-            n = sprintf(placeholderStr,"$%d,",placeholder++);
+            n = snprintf(placeholderStr,sizeof(placeholderStr),"$%d,",placeholder++);
            sql.append(placeholderStr, n);
 <%c++
                }else
--- a/orm_lib/tests/postgresql/Users.h
+++ b/orm_lib/tests/postgresql/Users.h
@ -352,43 +352,67 @@ class Users
        size_t n = 0;
        if (dirtyFlag_[0])
        {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
            sql.append(placeholderStr, n);
        }
        if (dirtyFlag_[1])
        {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
            sql.append(placeholderStr, n);
        }
        if (dirtyFlag_[2])
        {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
            sql.append(placeholderStr, n);
        }
        if (dirtyFlag_[3])
        {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
            sql.append(placeholderStr, n);
        }
        if (dirtyFlag_[4])
        {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
            sql.append(placeholderStr, n);
        }
        if (dirtyFlag_[5])
        {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
            sql.append(placeholderStr, n);
        }
        sql += "default,";
        if (dirtyFlag_[7])
        {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
            sql.append(placeholderStr, n);
        }
        if (dirtyFlag_[8])
        {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
            sql.append(placeholderStr, n);
        }
        else