From 816684e15d58c1f732213e85d2c2a4f562d614b0 Mon Sep 17 00:00:00 2001
From: frank10gm <francesco.laplaca@gmail.com>
Date: Mon, 28 Aug 2023 11:18:12 +0200
Subject: [PATCH] Replace sprintf with snprintf (#1758)

Co-authored-by: francesco.laplaca <francesco.laplaca@enhancers.it>
Co-authored-by: Ken Matsui <26405363+ken-matsui@users.noreply.github.com>
---
 drogon_ctl/templates/model_h.csp |  2 +-
 orm_lib/tests/postgresql/Users.h | 40 +++++++++++++++++++++++++-------
 2 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/drogon_ctl/templates/model_h.csp b/drogon_ctl/templates/model_h.csp
index a8ded786..0ed1eeee 100644
--- a/drogon_ctl/templates/model_h.csp
+++ b/drogon_ctl/templates/model_h.csp
@@ -508,7 +508,7 @@ if(@@.get<std::string>("rdbms")=="postgresql")
                 if(@@.get<std::string>("rdbms")=="postgresql")
                 {
 %>
-            n = sprintf(placeholderStr,"$%d,",placeholder++);
+            n = snprintf(placeholderStr,sizeof(placeholderStr),"$%d,",placeholder++);
             sql.append(placeholderStr, n);
 <%c++
                 }else
diff --git a/orm_lib/tests/postgresql/Users.h b/orm_lib/tests/postgresql/Users.h
index d3c3ce4f..bf208694 100644
--- a/orm_lib/tests/postgresql/Users.h
+++ b/orm_lib/tests/postgresql/Users.h
@@ -352,43 +352,67 @@ class Users
         size_t n = 0;
         if (dirtyFlag_[0])
         {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
             sql.append(placeholderStr, n);
         }
         if (dirtyFlag_[1])
         {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
             sql.append(placeholderStr, n);
         }
         if (dirtyFlag_[2])
         {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
             sql.append(placeholderStr, n);
         }
         if (dirtyFlag_[3])
         {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
             sql.append(placeholderStr, n);
         }
         if (dirtyFlag_[4])
         {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
             sql.append(placeholderStr, n);
         }
         if (dirtyFlag_[5])
         {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
             sql.append(placeholderStr, n);
         }
         sql += "default,";
         if (dirtyFlag_[7])
         {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
             sql.append(placeholderStr, n);
         }
         if (dirtyFlag_[8])
         {
-            n = sprintf(placeholderStr, "$%d,", placeholder++);
+            n = snprintf(placeholderStr,
+                         sizeof(placeholderStr),
+                         "$%d,",
+                         placeholder++);
             sql.append(placeholderStr, n);
         }
         else