diff --git a/client/mysql.cc b/client/mysql.cc index 316223c07607f..a56c9eb815443 100644 --- a/client/mysql.cc +++ b/client/mysql.cc @@ -1162,8 +1162,9 @@ static void print_table_data_xml(MYSQL_RES *result); static void print_tab_data(MYSQL_RES *result); static void print_table_data_vertically(MYSQL_RES *result); static void print_warnings(void); -static void end_timer(ulonglong start_time, char *buff); -static void nice_time(double sec,char *buff,bool part_second); +static void end_timer(ulonglong start_time, char *buff, size_t buff_size); +static void nice_time(double sec, char *buff, size_t buff_size, + bool part_second); extern "C" sig_handler mysql_end(int sig) __attribute__ ((noreturn)); extern "C" sig_handler handle_sigint(int sig); #if defined(HAVE_TERMIOS_H) && defined(GWINSZ_IN_SYS_IOCTL) @@ -1418,10 +1419,13 @@ int main(int argc,char *argv[]) histfile=my_strdup(PSI_NOT_INSTRUMENTED, getenv("MYSQL_HISTFILE"),MYF(MY_WME)); else if (getenv("HOME")) { + size_t histfile_size= + strlen(getenv("HOME")) + strlen("/.mysql_history") + 2; histfile=(char*) my_malloc(PSI_NOT_INSTRUMENTED, - strlen(getenv("HOME")) + strlen("/.mysql_history")+2, MYF(MY_WME)); + histfile_size, MYF(MY_WME)); if (histfile) - sprintf(histfile,"%s/.mysql_history",getenv("HOME")); + snprintf(histfile, histfile_size, + "%s/.mysql_history", getenv("HOME")); char link_name[FN_REFLEN]; if (my_readlink(link_name, histfile, 0) == 0 && strncmp(link_name, "/dev/null", 10) == 0) @@ -3661,7 +3665,7 @@ static int com_go(String *buffer, char *) } if (verbose >= 3 || !opt_silent) - end_timer(timer, time_buff); + end_timer(timer, time_buff, sizeof(time_buff)); else time_buff[0]= '\0'; @@ -3697,9 +3701,9 @@ static int com_go(String *buffer, char *) print_tab_data(result); else print_table_data(result); - snprintf(buff, sizeof(buff), "%ld %s in set", - (long) mysql_num_rows(result), - (long) mysql_num_rows(result) == 1 ? "row" : "rows"); + snprintf(buff, sizeof(buff), "%llu %s in set", + mysql_num_rows(result), + mysql_num_rows(result) == 1 ? "row" : "rows"); end_pager(); if (mysql_errno(&mysql)) { @@ -3890,7 +3894,7 @@ static char *fieldflags2str(uint f) { ff2s_check_flag(ON_UPDATE_NOW); #undef ff2s_check_flag if (f) - snprintf(s, sizeof(buf), " unknows=0x%04x", f); + snprintf(s, sizeof(buf) - (size_t)(s - buf), " unknown=0x%04x", f); return buf; } @@ -4604,7 +4608,7 @@ com_edit(String *buffer,char *) strxmov(buff,editor," ",filename,NullS); if ((error= system(buff))) { - char errmsg[100]; + char errmsg[sizeof("Command '%.40s' failed") - 1 + 40]; snprintf(errmsg, sizeof(errmsg), "Command '%.40s' failed", buff); put_info(errmsg, INFO_ERROR, 0, NullS); goto err; @@ -5289,7 +5293,7 @@ static int com_status(String *, char *) tee_fprintf(stdout, "%.*s\t\t\t", (int) (pos-status_str), status_str); if ((status_str= str2int(pos,10,0,LONG_MAX,(long*) &sec))) { - nice_time((double) sec,buff,0); + nice_time((double) sec,buff, sizeof(buff),0); tee_puts(buff, stdout); /* print nice time */ while (*status_str == ' ') status_str++; /* to next info */ @@ -5508,8 +5512,10 @@ void tee_putc(int c, FILE *file) len("4294967296 days, 23 hours, 59 minutes, 60.000 seconds") -> 53 */ -static void nice_time(double sec, char *buff, bool part_second) +static void nice_time(double sec, char *buff, size_t buff_size, + bool part_second) { + char *buff_end= buff + buff_size; ulong tmp; if (sec >= 3600.0*24) { @@ -5533,21 +5539,23 @@ static void nice_time(double sec, char *buff, bool part_second) buff=strmov(buff," min "); } if (part_second) - sprintf(buff,"%.3f sec",sec); + snprintf(buff, buff_end - buff, "%.3f sec", sec); else - sprintf(buff,"%d sec",(int) sec); + snprintf(buff, buff_end - buff, "%d sec", (int) sec); } -static void end_timer(ulonglong start_time, char *buff) +static void end_timer(ulonglong start_time, char *buff, size_t buff_size) { double sec; + if (buff_size < 4) + return; buff[0]=' '; buff[1]='('; sec= (microsecond_interval_timer() - start_time) / (double) (1000 * 1000); - nice_time(sec, buff + 2, 1); - strmov(strend(buff),")"); + nice_time(sec, buff + 2, buff_size - 2, 1); + snprintf(strend(buff), buff_size - (strend(buff) - buff), ")"); } static const char *construct_prompt() diff --git a/client/mysqladmin.cc b/client/mysqladmin.cc index 931268bae9ad1..528ee79c930b1 100644 --- a/client/mysqladmin.cc +++ b/client/mysqladmin.cc @@ -752,7 +752,7 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv) if (opt_shutdown_wait_for_slaves) { - sprintf(buff, "SHUTDOWN WAIT FOR ALL SLAVES"); + snprintf(buff, sizeof(buff), "SHUTDOWN WAIT FOR ALL SLAVES"); if (mysql_query(mysql, buff)) { my_printf_error(0, "%s failed; error: '%-.200s'", diff --git a/client/mysqlbinlog.cc b/client/mysqlbinlog.cc index 96eeee1d1e28e..adea2a03a4532 100644 --- a/client/mysqlbinlog.cc +++ b/client/mysqlbinlog.cc @@ -318,13 +318,14 @@ class Load_log_processor @retval -1 Error (can't find new filename). @retval >=0 Found file. */ - File create_unique_file(char *filename, char *file_name_end) + File create_unique_file(char *filename, char *file_name_end, + size_t buf_remaining) { File res; /* If we have to try more than 1000 times, something is seriously wrong */ for (uint version= 0; version<1000; version++) { - sprintf(file_name_end,"-%x",version); + snprintf(file_name_end, buf_remaining, "-%x", version); if ((res= my_create(filename,0, O_CREAT|O_EXCL|O_BINARY|O_WRONLY,MYF(0)))!=-1) return res; @@ -462,7 +463,8 @@ File Load_log_processor::prepare_new_file_for_old_format(Load_log_event *le, len= strlen(filename); tail= filename + len; - if ((file= create_unique_file(filename,tail)) < 0) + if ((file= create_unique_file(filename, tail, + FN_REFLEN + 1 - len)) < 0) { error("Could not construct local filename %s.",filename); return -1; @@ -587,7 +589,8 @@ Exit_status Load_log_processor::process_first_event(const char *bname, //so the rest of fname has size full_len - target_dir_name_len ptr+= snprintf(ptr, full_len - target_dir_name_len, "-%x", file_id); - if ((file= create_unique_file(fname,ptr)) < 0) + if ((file= create_unique_file(fname, ptr, + full_len - (size_t) (ptr - fname))) < 0) { error("Could not construct local filename %s%s.", target_dir_name,bname); @@ -1460,7 +1463,6 @@ Exit_status process_event(PRINT_EVENT_INFO *print_event_info, Log_event *ev, exit(1); } - memset(tmp_sql, 0, sizeof(tmp_sql)); snprintf(tmp_sql, sizeof(tmp_sql), " " "SELECT Group_concat(cols) " "FROM (SELECT 'op_type char(1)' cols " @@ -1507,11 +1509,9 @@ Exit_status process_event(PRINT_EVENT_INFO *print_event_info, Log_event *ev, } else { - memset(tmp_sql, 0, sizeof(tmp_sql)); snprintf(tmp_sql, sizeof(tmp_sql), "__%s", map->get_table_name()); ev->set_flashback_review_tablename(tmp_sql); } - memset(tmp_sql, 0, sizeof(tmp_sql)); tmp_sql_offset= snprintf(tmp_sql, sizeof(tmp_sql), "CREATE TABLE IF NOT EXISTS"); tmp_sql_offset+= snprintf(tmp_sql + tmp_sql_offset, sizeof(tmp_sql) - (uint) tmp_sql_offset, " `%s`.`%s` (%s) %s", ev->get_flashback_review_dbname(), @@ -1537,7 +1537,7 @@ Exit_status process_event(PRINT_EVENT_INFO *print_event_info, Log_event *ev, else { memset(tmp_str, 0, sizeof(tmp_str)); - snprintf(tmp_str, sizeof(tmp_sql), "__%s", map->get_table_name()); + snprintf(tmp_str, sizeof(tmp_str), "__%s", map->get_table_name()); ev->set_flashback_review_tablename(tmp_str); } } @@ -2801,9 +2801,9 @@ static Exit_status check_master_version() char buf[256]; rpl_gtid *start_gtid= &start_gtids[gtid_idx]; - sprintf(buf, "%u-%u-%llu", - start_gtid->domain_id, start_gtid->server_id, - start_gtid->seq_no); + snprintf(buf, sizeof(buf), "%u-%u-%llu", + start_gtid->domain_id, start_gtid->server_id, + start_gtid->seq_no); query_str.append(buf, strlen(buf)); if (gtid_idx < n_start_gtids - 1) query_str.append(','); diff --git a/client/mysqldump.c b/client/mysqldump.c index 43c6cfc3b4555..6b376d95fc248 100644 --- a/client/mysqldump.c +++ b/client/mysqldump.c @@ -838,7 +838,7 @@ static void write_footer(FILE *sql_file) if (opt_dump_date) { char time_str[20]; - get_date(time_str, GETDATE_DATE_TIME, 0); + get_date(time_str, sizeof(time_str), GETDATE_DATE_TIME, 0); print_comment(sql_file, 0, "-- Dump completed on %s\n", time_str); } else @@ -6165,7 +6165,8 @@ const char fmt_gtid_pos[]= "%sSET GLOBAL gtid_slave_pos='%s';\n"; static int do_show_master_status(MYSQL *mysql_con, int consistent_binlog_pos, int have_mariadb_gtid, int use_gtid, - char *set_gtid_pos) + char *set_gtid_pos, + size_t set_gtid_pos_size) { MYSQL_ROW row; MYSQL_RES *UNINIT_VAR(master); @@ -6240,8 +6241,8 @@ static int do_show_master_status(MYSQL *mysql_con, int consistent_binlog_pos, "CHANGE-MASTER settings to the slave gtid state is printed " "later in the file.\n"); } - sprintf(set_gtid_pos, fmt_gtid_pos, - (!use_gtid ? "-- " : comment_prefix), gtid_pos); + snprintf(set_gtid_pos, set_gtid_pos_size, fmt_gtid_pos, + (!use_gtid ? "-- " : comment_prefix), gtid_pos); } /* SHOW MASTER STATUS reports file and position */ @@ -6331,7 +6332,8 @@ static int add_slave_statements(void) } static int do_show_slave_status(MYSQL *mysql_con, int have_mariadb_gtid, - int use_gtid, char* set_gtid_pos) + int use_gtid, char *set_gtid_pos, + size_t set_gtid_pos_size) { MYSQL_RES *UNINIT_VAR(slave); MYSQL_ROW row; @@ -6376,7 +6378,8 @@ static int do_show_slave_status(MYSQL *mysql_con, int have_mariadb_gtid, "\n-- A corresponding to the below dump-slave " "CHANGE-MASTER settings to the slave gtid state is printed " "later in the file.\n"); - sprintf(set_gtid_pos, fmt_gtid_pos, gtid_comment_prefix, gtid_pos); + snprintf(set_gtid_pos, set_gtid_pos_size, fmt_gtid_pos, + gtid_comment_prefix, gtid_pos); } if (use_gtid) print_comment(md_result_file, 0, @@ -7248,11 +7251,15 @@ int main(int argc, char **argv) if (opt_master_data && do_show_master_status(mysql, consistent_binlog_pos, have_mariadb_gtid, - opt_use_gtid, master_set_gtid_pos)) + opt_use_gtid, + master_set_gtid_pos, + sizeof(master_set_gtid_pos))) goto err; if (opt_slave_data && do_show_slave_status(mysql, have_mariadb_gtid, - opt_use_gtid, slave_set_gtid_pos)) + opt_use_gtid, + slave_set_gtid_pos, + sizeof(slave_set_gtid_pos))) goto err; if (opt_single_transaction && do_unlock_tables(mysql)) /* unlock but no commit! */ goto err; diff --git a/client/mysqlimport.c b/client/mysqlimport.c index 33f43681158dc..9025616551195 100644 --- a/client/mysqlimport.c +++ b/client/mysqlimport.c @@ -378,9 +378,9 @@ static int write_to_table(char *filename, MYSQL *mysql) } mysql_real_escape_string(mysql, escaped_name, hard_path, (unsigned long) strlen(hard_path)); - sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'", - opt_low_priority ? "LOW_PRIORITY" : "", - opt_local_file ? "LOCAL" : "", escaped_name); + snprintf(sql_statement, sizeof(sql_statement), "LOAD DATA %s %s INFILE '%s'", + opt_low_priority ? "LOW_PRIORITY" : "", + opt_local_file ? "LOCAL" : "", escaped_name); end= strend(sql_statement); if (replace) end= strmov(end, " REPLACE"); diff --git a/client/mysqltest.cc b/client/mysqltest.cc index 7f334eb25508b..4a78195b8a8df 100644 --- a/client/mysqltest.cc +++ b/client/mysqltest.cc @@ -2908,7 +2908,7 @@ VAR* var_get(const char *var_name, const char **var_name_end, my_bool raw, if (!raw && v->int_dirty) { - sprintf(v->str_val, "%d", v->int_val); + snprintf(v->str_val, v->alloced_len, "%d", v->int_val); v->int_dirty= false; v->str_val_len = strlen(v->str_val); } @@ -2970,7 +2970,7 @@ void var_set(const char *var_name, const char *var_name_end, { if (v->int_dirty) { - sprintf(v->str_val, "%d", v->int_val); + snprintf(v->str_val, v->alloced_len, "%d", v->int_val); v->int_dirty=false; v->str_val_len= strlen(v->str_val); } @@ -5234,7 +5234,8 @@ void do_sync_with_master2(struct st_command *command, long offset, if (!master_pos.file[0]) die("Calling 'sync_with_master' without calling 'save_master_pos'"); - snprintf(query_buf, sizeof(query_buf), "select master_pos_wait('%s', %ld, %d, '%s')", + snprintf(query_buf, sizeof(query_buf), + "select master_pos_wait('%s', %ld, %d, '%s')", master_pos.file, master_pos.pos + offset, timeout, connection_name); @@ -10821,7 +10822,7 @@ void append_info(DYNAMIC_STRING *ds, ulonglong affected_rows, const char *info) { char buf[40], buff2[21]; - size_t len= sprintf(buf,"affected rows: %s\n", llstr(affected_rows, buff2)); + size_t len= snprintf(buf, sizeof(buf), "affected rows: %s\n", llstr(affected_rows, buff2)); dynstr_append_mem(ds, buf, len); if (info) { diff --git a/extra/mariabackup/backup_copy.cc b/extra/mariabackup/backup_copy.cc index 11b052561daa6..356d41115984f 100644 --- a/extra/mariabackup/backup_copy.cc +++ b/extra/mariabackup/backup_copy.cc @@ -1747,7 +1747,7 @@ copy_back() for (uint i = 1; i <= TRX_SYS_MAX_UNDO_SPACES; i++) { char filename[20]; - sprintf(filename, "undo%03u", i); + snprintf(filename, sizeof(filename), "undo%03u", i); if (!file_exists(filename)) { break; } diff --git a/extra/mariabackup/backup_mysql.cc b/extra/mariabackup/backup_mysql.cc index a85a6c79b974f..7fa02b1128c6d 100644 --- a/extra/mariabackup/backup_mysql.cc +++ b/extra/mariabackup/backup_mysql.cc @@ -148,7 +148,7 @@ xb_mysql_connect() char mysql_port_str[std::numeric_limits::digits10 + 3]; const char *user= opt_user ? opt_user : get_os_user(); - sprintf(mysql_port_str, "%d", opt_port); + snprintf(mysql_port_str, sizeof(mysql_port_str), "%d", opt_port); if (connection == NULL) { msg("Failed to init MariaDB struct: %s.", diff --git a/extra/mariabackup/common.h b/extra/mariabackup/common.h index 6fde514e8bbaa..1fb8e1b90ee69 100644 --- a/extra/mariabackup/common.h +++ b/extra/mariabackup/common.h @@ -54,7 +54,7 @@ static inline int vasprintf(char **strp, const char *fmt, va_list args) { return -1; } - vsprintf(*strp, fmt, args); + vsnprintf(*strp, len + 1, fmt, args); return len; } diff --git a/extra/mariabackup/xbcloud.cc b/extra/mariabackup/xbcloud.cc index 588a15eb791dd..b5d416f12855f 100644 --- a/extra/mariabackup/xbcloud.cc +++ b/extra/mariabackup/xbcloud.cc @@ -491,7 +491,7 @@ static char *hex_md5(const unsigned char *hash, char *out) int i; for (i = 0, p = out; i < hash_len; i++, p+=2) { - sprintf(p, "%02x", hash[i]); + snprintf(p, 3, "%02x", hash[i]); } return out; @@ -549,6 +549,7 @@ swift_temp_auth(const char *auth_url, swift_auth_info *info) CURLcode res; long http_code; char *hdr_buf = NULL; + size_t hdr_buf_size = 0; struct curl_slist *slist = NULL; if (opt_swift_user == NULL) { @@ -565,18 +566,19 @@ swift_temp_auth(const char *auth_url, swift_auth_info *info) if (curl != NULL) { - hdr_buf = (char *)(calloc(14 + max(strlen(opt_swift_user), - strlen(opt_swift_key)), 1)); + hdr_buf_size = 14 + max(strlen(opt_swift_user), + strlen(opt_swift_key)); + hdr_buf = (char *)(calloc(hdr_buf_size, 1)); if (!hdr_buf) { res = CURLE_FAILED_INIT; goto cleanup; } - sprintf(hdr_buf, "X-Auth-User: %s", opt_swift_user); + snprintf(hdr_buf, hdr_buf_size, "X-Auth-User: %s", opt_swift_user); slist = curl_slist_append(slist, hdr_buf); - sprintf(hdr_buf, "X-Auth-Key: %s", opt_swift_key); + snprintf(hdr_buf, hdr_buf_size, "X-Auth-Key: %s", opt_swift_key); slist = curl_slist_append(slist, hdr_buf); curl_easy_setopt(curl, CURLOPT_VERBOSE, opt_verbose); diff --git a/extra/mariabackup/xtrabackup.cc b/extra/mariabackup/xtrabackup.cc index 969ffb6907db0..12c7dc392ccab 100644 --- a/extra/mariabackup/xtrabackup.cc +++ b/extra/mariabackup/xtrabackup.cc @@ -4141,13 +4141,15 @@ os_file_readdir_next_file( strcpy(info->name, ent->d_name); + size_t full_path_size= strlen(dirname) + strlen(ent->d_name) + 10; full_path = static_cast( - ut_malloc_nokey(strlen(dirname) + strlen(ent->d_name) + 10)); + ut_malloc_nokey(full_path_size)); if (!full_path) { return -1; } - sprintf(full_path, "%s/%s", dirname, ent->d_name); + snprintf(full_path, full_path_size, + "%s/%s", dirname, ent->d_name); ret = stat(full_path, &statinfo); @@ -4949,14 +4951,14 @@ bool Backup_datasinks::backup_low() if (xtrabackup_extra_lsndir) { char filename[FN_REFLEN]; - sprintf(filename, "%s/%s", xtrabackup_extra_lsndir, + snprintf(filename, sizeof(filename), "%s/%s", xtrabackup_extra_lsndir, XTRABACKUP_METADATA_FILENAME); if (!xtrabackup_write_metadata(filename)) { msg("Error: failed to write metadata " "to '%s'.", filename); return false; } - sprintf(filename, "%s/%s", xtrabackup_extra_lsndir, + snprintf(filename, sizeof(filename), "%s/%s", xtrabackup_extra_lsndir, XTRABACKUP_INFO); if (!write_xtrabackup_info(m_data, mysql_connection, filename, false, false)) { @@ -6820,8 +6822,8 @@ static bool xtrabackup_prepare_func(char** argv) /* read metadata of target */ - sprintf(metadata_path, "%s/%s", xtrabackup_target_dir, - XTRABACKUP_METADATA_FILENAME); + snprintf(metadata_path, sizeof(metadata_path), "%s/%s", + xtrabackup_target_dir, XTRABACKUP_METADATA_FILENAME); if (!xtrabackup_read_metadata(metadata_path)) { msg("Error: failed to read metadata from '%s'\n", @@ -6931,7 +6933,7 @@ static bool xtrabackup_prepare_func(char** argv) if (xtrabackup_incremental) { char inc_filename[FN_REFLEN]; - sprintf(inc_filename, "%s/%s", xtrabackup_incremental_dir, + snprintf(inc_filename, sizeof(inc_filename), "%s/%s", xtrabackup_incremental_dir, MB_CORRUPTED_PAGES_FILE); corrupted_pages.read_from_file(inc_filename); } @@ -7000,14 +7002,14 @@ static bool xtrabackup_prepare_func(char** argv) metadata_last_lsn = incremental_last_lsn; } - sprintf(filename, "%s/%s", xtrabackup_target_dir, XTRABACKUP_METADATA_FILENAME); + snprintf(filename, sizeof(filename), "%s/%s", xtrabackup_target_dir, XTRABACKUP_METADATA_FILENAME); if (!xtrabackup_write_metadata(filename)) { msg("mariabackup: Error: failed to write metadata " "to '%s'", filename); ok = false; } else if (xtrabackup_extra_lsndir) { - sprintf(filename, "%s/%s", xtrabackup_extra_lsndir, XTRABACKUP_METADATA_FILENAME); + snprintf(filename, sizeof(filename), "%s/%s", xtrabackup_extra_lsndir, XTRABACKUP_METADATA_FILENAME); if (!xtrabackup_write_metadata(filename)) { msg("mariabackup: Error: failed to write " "metadata to '%s'", filename); @@ -7781,7 +7783,9 @@ static int main_low(char** argv) } else if (xtrabackup_backup && xtrabackup_incremental_basedir) { char filename[FN_REFLEN]; - sprintf(filename, "%s/%s", xtrabackup_incremental_basedir, XTRABACKUP_METADATA_FILENAME); + snprintf(filename, sizeof(filename), "%s/%s", + xtrabackup_incremental_basedir, + XTRABACKUP_METADATA_FILENAME); if (!xtrabackup_read_metadata(filename)) { msg("mariabackup: error: failed to read metadata from " @@ -7794,7 +7798,9 @@ static int main_low(char** argv) } else if (xtrabackup_prepare && xtrabackup_incremental_dir) { char filename[FN_REFLEN]; - sprintf(filename, "%s/%s", xtrabackup_incremental_dir, XTRABACKUP_METADATA_FILENAME); + snprintf(filename, sizeof(filename), "%s/%s", + xtrabackup_incremental_dir, + XTRABACKUP_METADATA_FILENAME); if (!xtrabackup_read_metadata(filename)) { msg("mariabackup: error: failed to read metadata from " diff --git a/include/my_sys.h b/include/my_sys.h index ec760c7bd1968..b7dd3f8f0bc5d 100644 --- a/include/my_sys.h +++ b/include/my_sys.h @@ -767,7 +767,8 @@ extern int wild_compare(const char *str,const char *wildstr, pbool str_is_pattern); extern my_bool array_append_string_unique(const char *str, const char **array, size_t size); -extern void get_date(char * to,int timeflag,time_t use_time); +extern void get_date(char * to, size_t to_len, int timeflag, + time_t use_time); extern void soundex(CHARSET_INFO *, char * out_pntr, char * in_pntr, pbool remove_garbage); extern int init_record_cache(RECORD_CACHE *info,size_t cachesize,File file, diff --git a/include/mysql_com.h b/include/mysql_com.h index 31d888c7052d2..1b796ce402490 100644 --- a/include/mysql_com.h +++ b/include/mysql_com.h @@ -462,6 +462,7 @@ typedef struct st_vio Vio; #define MAX_INT_WIDTH 10 /* Max width for a LONG w.o. sign */ #define MAX_BIGINT_WIDTH 20 /* Max width for a LONGLONG */ #define MAX_CHAR_WIDTH 255 /* Max length for a CHAR column */ +#define MYSQL_UDF_MAX_RESULT_LENGTH 255 /* Max length for a UDF result */ #define MAX_BLOB_WIDTH 16777216 /* Default width for blob */ typedef struct st_net { diff --git a/include/password.h b/include/password.h index a076a6a37e9bb..b6e44e8f901cd 100644 --- a/include/password.h +++ b/include/password.h @@ -16,6 +16,19 @@ #ifndef PASSWORD_INCLUDED #define PASSWORD_INCLUDED +/* + SCRAMBLE_LENGTH_323 and SCRAMBLED_PASSWORD_CHAR_LENGTH_323 may + already be defined via mysql_com.h. Define them here as well so + that translation units which do not include mysql_com.h (e.g. + mariadb-install-db via libmariadb headers) can still use them. +*/ +#ifndef SCRAMBLE_LENGTH_323 +#define SCRAMBLE_LENGTH_323 8 +#endif +#ifndef SCRAMBLED_PASSWORD_CHAR_LENGTH_323 +#define SCRAMBLED_PASSWORD_CHAR_LENGTH_323 (SCRAMBLE_LENGTH_323 * 2) +#endif + C_MODE_START void my_make_scrambled_password_323(char *to, const char *password, diff --git a/include/violite.h b/include/violite.h index f1e5c95a648fe..b9f26650bb03f 100644 --- a/include/violite.h +++ b/include/violite.h @@ -141,11 +141,6 @@ int vio_getnameinfo(const struct sockaddr *sa, int flags); #ifdef HAVE_OPENSSL -/* apple deprecated openssl in MacOSX Lion */ -#ifdef __APPLE__ -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" -#endif - #define HEADER_DES_LOCL_H dummy_something #define YASSL_MYSQL_COMPATIBLE #ifndef YASSL_PREFIX diff --git a/mysql-test/lib/My/SafeProcess/safe_process.cc b/mysql-test/lib/My/SafeProcess/safe_process.cc index 462e72ed97613..847635096a5a6 100644 --- a/mysql-test/lib/My/SafeProcess/safe_process.cc +++ b/mysql-test/lib/My/SafeProcess/safe_process.cc @@ -237,7 +237,8 @@ int main(int argc, char* const argv[] ) sigaction(SIGCHLD, &sa,NULL); sigaction(SIGABRT, &sa_abort,NULL); - sprintf(safe_process_name, "safe_process[%ld]", (long) own_pid); + snprintf(safe_process_name, sizeof(safe_process_name), + "safe_process[%ld]", (long) own_pid); message("Started"); diff --git a/mysql-test/lib/My/SafeProcess/safe_process_win.cc b/mysql-test/lib/My/SafeProcess/safe_process_win.cc index 6e1fd41428707..8a83449c23657 100644 --- a/mysql-test/lib/My/SafeProcess/safe_process_win.cc +++ b/mysql-test/lib/My/SafeProcess/safe_process_win.cc @@ -181,7 +181,7 @@ int main(int argc, const char** argv ) PROCESS_INFORMATION process_info= {0}; BOOL nocore= FALSE; - sprintf(safe_process_name, "safe_process[%lu]", pid); + snprintf(safe_process_name, sizeof(safe_process_name), "safe_process[%lu]", pid); /* Create an event for the signal handler */ if ((shutdown_event= diff --git a/mysys/file_logger.c b/mysys/file_logger.c index a753c049f6814..7e1eb7212c17a 100644 --- a/mysys/file_logger.c +++ b/mysys/file_logger.c @@ -109,9 +109,11 @@ int logger_close(LOGGER_HANDLE *log) } -static char *logname(LOGGER_HANDLE *log, char *buf, unsigned int n_log) +static char *logname(LOGGER_HANDLE *log, char *buf, size_t buf_size, + unsigned int n_log) { - sprintf(buf+log->path_len, ".%0*u", n_dig(log->rotations), n_log); + snprintf(buf + log->path_len, buf_size - log->path_len, + ".%0*u", n_dig(log->rotations), n_log); return buf; } @@ -128,11 +130,11 @@ static int do_rotate(LOGGER_HANDLE *log) memcpy(namebuf, log->path, log->path_len); - buf_new= logname(log, namebuf, log->rotations); + buf_new= logname(log, namebuf, sizeof(namebuf), log->rotations); buf_old= log->path; for (i=log->rotations-1; i>0; i--) { - logname(log, buf_old, i); + logname(log, buf_old, FN_REFLEN, i); if (!access(buf_old, F_OK) && (result= my_rename(buf_old, buf_new, MYF(0)))) goto exit; @@ -143,7 +145,7 @@ static int do_rotate(LOGGER_HANDLE *log) if ((result= my_close(log->file, MYF(0)))) goto exit; namebuf[log->path_len]= 0; - result= my_rename(namebuf, logname(log, log->path, 1), MYF(0)); + result= my_rename(namebuf, logname(log, log->path, FN_REFLEN, 1), MYF(0)); log->file= my_open(namebuf, LOG_FLAGS, MYF(0)); exit: errno= my_errno; diff --git a/mysys/mf_getdate.c b/mysys/mf_getdate.c index 3db0398bbfe1f..89a43d89dd44d 100644 --- a/mysys/mf_getdate.c +++ b/mysys/mf_getdate.c @@ -35,7 +35,7 @@ */ -void get_date(register char * to, int flag, time_t date) +void get_date(register char * to, size_t to_len, int flag, time_t date) { reg2 struct tm *start_time; time_t skr; @@ -57,26 +57,33 @@ void get_date(register char * to, int flag, time_t date) start_time= localtime(&skr); #endif if (flag & GETDATE_SHORT_DATE) - sprintf(to,"%02d%02d%02d", - start_time->tm_year % 100, - start_time->tm_mon+1, - start_time->tm_mday); + snprintf(to, to_len, "%02d%02d%02d", + start_time->tm_year % 100, + start_time->tm_mon+1, + start_time->tm_mday); else - sprintf(to, ((flag & GETDATE_FIXEDLENGTH) ? - "%4d-%02d-%02d" : "%d-%02d-%02d"), - start_time->tm_year+1900, - start_time->tm_mon+1, - start_time->tm_mday); + snprintf(to, to_len, + ((flag & GETDATE_FIXEDLENGTH) ? + "%4d-%02d-%02d" : "%d-%02d-%02d"), + start_time->tm_year+1900, + start_time->tm_mon+1, + start_time->tm_mday); if (flag & GETDATE_DATE_TIME) - sprintf(strend(to), - ((flag & GETDATE_FIXEDLENGTH) ? - " %02d:%02d:%02d" : " %2d:%02d:%02d"), - start_time->tm_hour, - start_time->tm_min, - start_time->tm_sec); + { + size_t l= strlen(to); + snprintf(to + l, to_len - l, + ((flag & GETDATE_FIXEDLENGTH) ? + " %02d:%02d:%02d" : " %2d:%02d:%02d"), + start_time->tm_hour, + start_time->tm_min, + start_time->tm_sec); + } else if (flag & GETDATE_HHMMSSTIME) - sprintf(strend(to),"%02d%02d%02d", - start_time->tm_hour, - start_time->tm_min, - start_time->tm_sec); + { + size_t l= strlen(to); + snprintf(to + l, to_len - l, "%02d%02d%02d", + start_time->tm_hour, + start_time->tm_min, + start_time->tm_sec); + } } /* get_date */ diff --git a/mysys/my_atomic_writes.c b/mysys/my_atomic_writes.c index 90d0f1d026188..bbc04922ba1c8 100644 --- a/mysys/my_atomic_writes.c +++ b/mysys/my_atomic_writes.c @@ -310,8 +310,9 @@ static my_bool test_if_sfx_card_exists() { struct stat stat_buff; - sprintf(sfx_devices[sfx_found_devices].dev_name, "/dev/sfdv%dn1", - dev_num); + snprintf(sfx_devices[sfx_found_devices].dev_name, + sizeof(sfx_devices[sfx_found_devices].dev_name), + "/dev/sfdv%dn1", dev_num); if (stat(sfx_devices[sfx_found_devices].dev_name, &stat_buff) < 0) break; diff --git a/mysys/my_lib.c b/mysys/my_lib.c index 7365b9fa1ba03..8b5d3dca35022 100644 --- a/mysys/my_lib.c +++ b/mysys/my_lib.c @@ -144,7 +144,15 @@ MY_DIR *my_dir(const char *path, myf MyFlags) dp= (struct dirent*) dirent_tmp; + /* readdir_r is deprecated on macOS but still used for older platforms */ +#ifdef __APPLE__ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif while (!(READDIR(dirp,(struct dirent*) dirent_tmp,dp))) +#ifdef __APPLE__ +#pragma GCC diagnostic pop +#endif { MY_STAT statbuf, *mystat= 0; diff --git a/mysys/my_redel.c b/mysys/my_redel.c index 3dacfff96ddae..6e2a811e49b89 100644 --- a/mysys/my_redel.c +++ b/mysys/my_redel.c @@ -149,7 +149,8 @@ void my_create_backup_name(char *to, const char *from, time_t backup_start) { char ext[MY_BACKUP_NAME_EXTRA_LENGTH+1]; ext[0]='-'; - get_date(ext+1, GETDATE_SHORT_DATE | GETDATE_HHMMSSTIME, backup_start); + get_date(ext+1, sizeof(ext) - 1, GETDATE_SHORT_DATE | GETDATE_HHMMSSTIME, + backup_start); strmov(strend(ext),REDEL_EXT); strmov(strmov(to, from), ext); } diff --git a/mysys/testhash.c b/mysys/testhash.c index 4af25c32fc02c..d284dc9d50189 100644 --- a/mysys/testhash.c +++ b/mysys/testhash.c @@ -81,7 +81,7 @@ static int do_test() { n1=rnd(1000); n2=rnd(100); n3=rnd(MY_MIN(recant*5,MAX_RECORDS)); record= (char*) my_malloc(reclength,MYF(MY_FAE)); - sprintf(record,"%6d:%4d:%8d:Pos: %4d ",n1,n2,n3,write_count); + snprintf(record, reclength, "%6d:%4d:%8d:Pos: %4d ",n1,n2,n3,write_count); if (my_hash_insert(&hash,record)) { printf("Error: %d in write at record: %d\n",my_errno,i); @@ -102,7 +102,7 @@ static int do_test() for (j=rnd(1000) ; j>0 && key1[j] == 0 ; j--) ; if (j != 0) { - sprintf(key,"%6d",j); + snprintf(key, sizeof(key), "%6d",j); if (!(recpos=hash_search(&hash,key,0))) { printf("can't find key1: \"%s\"\n",key); @@ -137,7 +137,7 @@ static int do_test() for (j=rnd(1000) ; j>0 && key1[j] == 0 ; j--) ; if (j) { - sprintf(key,"%6d",j); + snprintf(key, sizeof(key), "%6d",j); if (!(recpos=hash_search(&hash,key,0))) { printf("can't find key1: \"%s\"\n",key); @@ -146,7 +146,7 @@ static int do_test() key1[atoi(recpos)]--; key_check=key_check-atoi(recpos)+n1; key1[n1]++; - sprintf(recpos,"%6d:%4d:%8d:XXX: %4d ",n1,n2,n3,update); + snprintf(recpos, reclength, "%6d:%4d:%8d:XXX: %4d ",n1,n2,n3,update); update++; if (hash_update(&hash,recpos,key,0)) { @@ -175,7 +175,7 @@ static int do_test() { HASH_SEARCH_STATE state; printf("- Testing identical read\n"); - sprintf(key,"%6d",j); + snprintf(key, sizeof(key), "%6d",j); pos=1; if (!(recpos= hash_first(&hash, key, 0, &state))) { diff --git a/plugin/feedback/utils.cc b/plugin/feedback/utils.cc index efd9d0f59b5db..279b921dadbca 100644 --- a/plugin/feedback/utils.cc +++ b/plugin/feedback/utils.cc @@ -104,15 +104,15 @@ static int uname(struct utsname *buf) buf->nodename[0]= 0; strcpy(buf->sysname, "Windows"); - sprintf(buf->release, "%d.%d", (int)ver.dwMajorVersion, (int)ver.dwMinorVersion); + snprintf(buf->release, sizeof(buf->release), "%d.%d", (int)ver.dwMajorVersion, (int)ver.dwMinorVersion); const char *version_str= get_os_version_name(&ver); if(version_str && version_str[0]) - sprintf(buf->version, "%s %s",version_str, ver.szCSDVersion); + snprintf(buf->version, sizeof(buf->version), "%s %s",version_str, ver.szCSDVersion); else { /* Fallback for unknown versions, e.g "Windows ." */ - sprintf(buf->version, "Windows %d.%d%s", + snprintf(buf->version, sizeof(buf->version), "Windows %d.%d%s", (int)ver.dwMajorVersion, (int)ver.dwMinorVersion, (ver.wProductType == VER_NT_WORKSTATION ? "" : " Server")); } diff --git a/plugin/type_inet/sql_type_inet.cc b/plugin/type_inet/sql_type_inet.cc index d23073d2b8453..01f896e75e99a 100644 --- a/plugin/type_inet/sql_type_inet.cc +++ b/plugin/type_inet/sql_type_inet.cc @@ -494,7 +494,7 @@ size_t Inet6::to_string(char *dst, size_t dstsize) const // // If it is not the last field, append closing ':'. - p += sprintf(p, "%x", ipv6_words[i]); + p += snprintf(p, dstend - p, "%x", ipv6_words[i]); if (i + 1 != IN6_ADDR_NUM_WORDS) { diff --git a/sql/field.cc b/sql/field.cc index 552dc7383817c..cb38415b35875 100644 --- a/sql/field.cc +++ b/sql/field.cc @@ -6668,7 +6668,9 @@ String *Field_year::val_str(String *val_buffer, val_buffer->alloc(5); val_buffer->length(field_length); char *to=(char*) val_buffer->ptr(); - sprintf(to,field_length == 2 ? "%02d" : "%04d",(int) Field_year::val_int()); + snprintf(to, val_buffer->length() + 1, + field_length == 2 ? "%02d" : "%04d", + (int) Field_year::val_int()); val_buffer->set_charset(&my_charset_numeric); return val_buffer; } diff --git a/sql/gcalc_slicescan.cc b/sql/gcalc_slicescan.cc index 2081cb3fe6e92..967a783d4fe57 100644 --- a/sql/gcalc_slicescan.cc +++ b/sql/gcalc_slicescan.cc @@ -100,9 +100,10 @@ const char *gcalc_ev_name(int ev) } -static int gcalc_pi_str(char *str, const Gcalc_heap::Info *pi, const char *postfix) +static int gcalc_pi_str(char *str, size_t size, + const Gcalc_heap::Info *pi, const char *postfix) { - return sprintf(str, "%s %d %d | %s %d %d%s", + return snprintf(str, size, "%s %d %d | %s %d %d%s", GCALC_SIGN(pi->node.shape.ix[0]) ? "-":"", FIRST_DIGIT(pi->node.shape.ix[0]),pi->node.shape.ix[1], GCALC_SIGN(pi->node.shape.iy[0]) ? "-":"", FIRST_DIGIT(pi->node.shape.iy[0]),pi->node.shape.iy[1], postfix); @@ -132,7 +133,7 @@ static void GCALC_DBUG_PRINT_PI(const Gcalc_heap::Info *pi) #endif return; } - n_buf= gcalc_pi_str(buf, pi, ""); + n_buf= gcalc_pi_str(buf, sizeof(buf), pi, ""); buf[n_buf]= 0; GCALC_DBUG_PRINT(("%s", buf)); } @@ -148,14 +149,16 @@ static void GCALC_DBUG_PRINT_SLICE(const char *header, for (; slice; slice= slice->get_next()) { size_t lnbuf= nbuf; - lnbuf+= sprintf(buf + lnbuf, "%d\t", slice->thread); - lnbuf+= sprintf(buf + lnbuf, "%s\t", gcalc_ev_name(slice->event)); + lnbuf+= snprintf(buf + lnbuf, sizeof(buf) - lnbuf, "%d\t", slice->thread); + lnbuf+= snprintf(buf + lnbuf, sizeof(buf) - lnbuf, "%s\t", + gcalc_ev_name(slice->event)); - lnbuf+= gcalc_pi_str(buf + lnbuf, slice->pi, "\t"); + lnbuf+= gcalc_pi_str(buf + lnbuf, sizeof(buf) - lnbuf, slice->pi, "\t"); if (slice->is_bottom()) - lnbuf+= sprintf(buf+lnbuf, "bt\t"); + lnbuf+= snprintf(buf + lnbuf, sizeof(buf) - lnbuf, "bt\t"); else - lnbuf+= gcalc_pi_str(buf+lnbuf, slice->next_pi, "\t"); + lnbuf+= gcalc_pi_str(buf + lnbuf, sizeof(buf) - lnbuf, + slice->next_pi, "\t"); buf[lnbuf]= 0; GCALC_DBUG_PRINT(("%s", buf)); } diff --git a/sql/item_subselect.cc b/sql/item_subselect.cc index 4374762321381..6da58c20d6f3b 100644 --- a/sql/item_subselect.cc +++ b/sql/item_subselect.cc @@ -1279,8 +1279,8 @@ Item_singlerow_subselect::select_transformer(JOIN *join) if (thd->lex->describe) { char warn_buff[MYSQL_ERRMSG_SIZE]; - sprintf(warn_buff, ER_THD(thd, ER_SELECT_REDUCED), - select_lex->select_number); + snprintf(warn_buff, sizeof(warn_buff), ER_THD(thd, ER_SELECT_REDUCED), + select_lex->select_number); push_warning(thd, Sql_condition::WARN_LEVEL_NOTE, ER_SELECT_REDUCED, warn_buff); } @@ -2069,8 +2069,8 @@ Item_in_subselect::single_value_transformer(JOIN *join) if (thd->lex->describe) { char warn_buff[MYSQL_ERRMSG_SIZE]; - sprintf(warn_buff, ER_THD(thd, ER_SELECT_REDUCED), - select_lex->select_number); + snprintf(warn_buff, sizeof(warn_buff), ER_THD(thd, ER_SELECT_REDUCED), + select_lex->select_number); push_warning(thd, Sql_condition::WARN_LEVEL_NOTE, ER_SELECT_REDUCED, warn_buff); } diff --git a/sql/item_timefunc.cc b/sql/item_timefunc.cc index 8db1c08b58297..bfbb4aeae9f1f 100644 --- a/sql/item_timefunc.cc +++ b/sql/item_timefunc.cc @@ -629,11 +629,12 @@ static bool make_date_time(const String *format, const MYSQL_TIME *l_time, str->append(hours_i < 12 ? "AM" : "PM",2); break; case 'r': - length= sprintf(intbuff, ((l_time->hour % 24) < 12) ? - "%02d:%02d:%02d AM" : "%02d:%02d:%02d PM", - (l_time->hour+11)%12+1, - l_time->minute, - l_time->second); + length= snprintf(intbuff, sizeof(intbuff), + ((l_time->hour % 24) < 12) ? + "%02d:%02d:%02d AM" : "%02d:%02d:%02d PM", + (l_time->hour+11)%12+1, + l_time->minute, + l_time->second); str->append(intbuff, length); break; case 'S': @@ -641,8 +642,8 @@ static bool make_date_time(const String *format, const MYSQL_TIME *l_time, str->append_zerofill(l_time->second, 2); break; case 'T': - length= sprintf(intbuff, "%02d:%02d:%02d", - l_time->hour, l_time->minute, l_time->second); + length= snprintf(intbuff, sizeof(intbuff), "%02d:%02d:%02d", + l_time->hour, l_time->minute, l_time->second); str->append(intbuff, length); break; case 'U': @@ -3576,8 +3577,9 @@ bool Item_func_maketime::get_date(THD *thd, MYSQL_TIME *ltime, date_mode_t fuzzy check_time_range(ltime, decimals, &unused); char buf[28]; char *ptr= longlong10_to_str(hour.value(), buf, hour.is_unsigned() ? 10 : -10); - int len = (int)(ptr - buf) + sprintf(ptr, ":%02u:%02u", - (uint) minute, (uint) sec.sec()); + int len = (int)(ptr - buf) + snprintf(ptr, buf + sizeof(buf) - ptr, + ":%02u:%02u", + (uint) minute, (uint) sec.sec()); ErrConvString err(buf, len, &my_charset_bin); thd->push_warning_truncated_wrong_value("time", err.ptr()); } diff --git a/sql/log.cc b/sql/log.cc index 13fd58462949e..d526336496d86 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -2937,7 +2937,8 @@ static void setup_windows_event_source() nonzero if not possible to get unique filename. */ -static int find_uniq_filename(char *name, ulong min_log_number_to_use, +static int find_uniq_filename(char *name, size_t name_size, + ulong min_log_number_to_use, ulong *last_used_log_number) { char buff[FN_REFLEN], ext_buf[FN_REFLEN]; @@ -2996,7 +2997,7 @@ updating the index files.", max_found); } next= max_found + 1; - if (sprintf(ext_buf, "%06lu", next)<0) + if (snprintf(ext_buf, sizeof(ext_buf), "%06lu", next)<0) { error= 1; goto end; @@ -3017,7 +3018,7 @@ index files.", name, ext_buf, (strlen(ext_buf) + (end - name))); goto end; } - if (sprintf(end, "%06lu", next)<0) + if (snprintf(end, name + name_size - end, "%06lu", next)<0) { error= 1; goto end; @@ -3048,8 +3049,9 @@ bool MYSQL_LOG::init_and_set_log_file_name(const char *log_name, { strmov(log_file_name, new_name); } - else if (!new_name && generate_new_name(log_file_name, log_name, - next_log_number)) + else if (!new_name && generate_new_name(log_file_name, + sizeof(log_file_name), + log_name, next_log_number)) return TRUE; return FALSE; @@ -3262,21 +3264,23 @@ void MYSQL_LOG::cleanup() } -int MYSQL_LOG::generate_new_name(char *new_name, const char *log_name, +int MYSQL_LOG::generate_new_name(char *new_name, size_t name_size, + const char *log_name, ulong next_log_number) { fn_format(new_name, log_name, mysql_data_home, "", 4); return 0; } -int MYSQL_BIN_LOG::generate_new_name(char *new_name, const char *log_name, +int MYSQL_BIN_LOG::generate_new_name(char *new_name, size_t name_size, + const char *log_name, ulong next_log_number) { fn_format(new_name, log_name, mysql_data_home, "", 4); if (!fn_ext(log_name)[0]) { if (DBUG_IF("binlog_inject_new_name_error") || - unlikely(find_uniq_filename(new_name, next_log_number, + unlikely(find_uniq_filename(new_name, name_size, next_log_number, &last_used_log_number))) { THD *thd= current_thd; @@ -3508,8 +3512,8 @@ bool MYSQL_QUERY_LOG::write(THD *thd, time_t current_time, my_b_write(&log_file, (uchar*) "\n", 1)) goto err; - sprintf(query_time_buff, "%.6f", ulonglong2double(query_utime)/1000000.0); - sprintf(lock_time_buff, "%.6f", ulonglong2double(lock_utime)/1000000.0); + snprintf(query_time_buff, sizeof(query_time_buff), "%.6f", ulonglong2double(query_utime)/1000000.0); + snprintf(lock_time_buff, sizeof(lock_time_buff), "%.6f", ulonglong2double(lock_utime)/1000000.0); if (my_b_printf(&log_file, "# Thread_id: %lu Schema: %s QC_hit: %s\n" "# Query_time: %s Lock_time: %s Rows_sent: %lu Rows_examined: %lu\n" @@ -3529,12 +3533,12 @@ bool MYSQL_QUERY_LOG::write(THD *thd, time_t current_time, { ha_handler_stats *stats= &thd->handler_stats; double tracker_frequency= timer_tracker_frequency(); - sprintf(query_time_buff, "%.4f", - 1000.0 * ulonglong2double(stats->pages_read_time)/ - tracker_frequency); - sprintf(lock_time_buff, "%.4f", - 1000.0 * ulonglong2double(stats->engine_time)/ - tracker_frequency); + snprintf(query_time_buff, sizeof(query_time_buff), "%.4f", + 1000.0 * ulonglong2double(stats->pages_read_time)/ + tracker_frequency); + snprintf(lock_time_buff, sizeof(lock_time_buff), "%.4f", + 1000.0 * ulonglong2double(stats->engine_time)/ + tracker_frequency); if (my_b_printf(&log_file, "# Pages_accessed: %lu Pages_read: %lu " @@ -5654,7 +5658,8 @@ int MYSQL_BIN_LOG::new_file_impl() We have to do this here and not in open as we want to store the new file name in the current binary log file. */ - if (unlikely((error= generate_new_name(new_name, name, 0)))) + if (unlikely((error= generate_new_name(new_name, sizeof(new_name), + name, 0)))) { mysql_mutex_unlock(&LOCK_index); DBUG_RETURN(error); @@ -7620,7 +7625,8 @@ static int do_delete_gtid_domain(DYNAMIC_ARRAY *domain_drop_lex) if (errmsg) goto end; errmsg= rpl_global_gtid_binlog_state.drop_domain(domain_drop_lex, - glev, errbuf); + glev, errbuf, + sizeof(errbuf)); end: if (errmsg) diff --git a/sql/log.h b/sql/log.h index d8af49168046d..0475b0f9662e4 100644 --- a/sql/log.h +++ b/sql/log.h @@ -324,7 +324,8 @@ class MYSQL_LOG const char *generate_name(const char *log_name, const char *suffix, bool strip_ext, char *buff); - virtual int generate_new_name(char *new_name, const char *log_name, + virtual int generate_new_name(char *new_name, size_t name_size, + const char *log_name, ulong next_log_number); protected: /* LOCK_log is inited by init_pthread_objects() */ @@ -723,7 +724,8 @@ class MYSQL_BIN_LOG: public TC_LOG, private MYSQL_LOG int open(const char *opt_name) override; void close() override; - int generate_new_name(char *new_name, const char *log_name, + int generate_new_name(char *new_name, size_t name_size, + const char *log_name, ulong next_log_number) override; int log_and_order(THD *thd, my_xid xid, bool all, bool need_prepare_ordered, bool need_commit_ordered) override; diff --git a/sql/log_event.cc b/sql/log_event.cc index d596970623e9e..3d7460315ed65 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -1425,7 +1425,7 @@ code_name(int code) case Q_XID: return "XID"; case Q_GTID_FLAGS3: return "Q_GTID_FLAGS3"; } - sprintf(buf, "CODE#%d", code); + snprintf(buf, sizeof(buf), "CODE#%d", code); return buf; } #endif diff --git a/sql/log_event.h b/sql/log_event.h index 9403e15e4c650..0aa7c187c93ae 100644 --- a/sql/log_event.h +++ b/sql/log_event.h @@ -3230,8 +3230,8 @@ class Xid_log_event: public Xid_apply_log_event @return the value of the buffer pointer */ -inline char *serialize_xid(char *buf, long fmt, long gln, long bln, - const char *dat) +inline char *serialize_xid(char *buf, size_t bufsize, long fmt, long gln, + long bln, const char *dat) { int i; char *c= buf; @@ -3263,7 +3263,7 @@ inline char *serialize_xid(char *buf, long fmt, long gln, long bln, c+= 2; } c[0]= '\''; - sprintf(c+1, ",%lu", fmt); + snprintf(c + 1, bufsize - (size_t)(c + 1 - buf), ",%lu", fmt); return buf; } @@ -3284,7 +3284,8 @@ struct event_mysql_xid_t : MYSQL_XID char buf[ser_buf_size]; char *serialize() { - return serialize_xid(buf, formatID, gtrid_length, bqual_length, data); + return serialize_xid(buf, sizeof(buf), formatID, gtrid_length, + bqual_length, data); } }; @@ -3295,7 +3296,8 @@ struct event_xid_t : XID char *serialize(char *buf_arg) { - return serialize_xid(buf_arg, formatID, gtrid_length, bqual_length, data); + return serialize_xid(buf_arg, ser_buf_size, formatID, gtrid_length, + bqual_length, data); } char *serialize() { @@ -3347,9 +3349,9 @@ class XA_prepare_log_event: public Xid_apply_log_event int do_commit() override; const char* get_query() override { - sprintf(query, - (one_phase ? "XA COMMIT %s ONE PHASE" : "XA PREPARE %s"), - m_xid.serialize()); + snprintf(query, sizeof(query), + (one_phase ? "XA COMMIT %s ONE PHASE" : "XA PREPARE %s"), + m_xid.serialize()); return query; } #endif diff --git a/sql/log_event_client.cc b/sql/log_event_client.cc index 9bd0d41b9ca97..3171eaa2faba6 100644 --- a/sql/log_event_client.cc +++ b/sql/log_event_client.cc @@ -635,7 +635,7 @@ log_event_print_value(IO_CACHE *file, PRINT_EVENT_INFO *print_event_info, float fl; float4get(fl, ptr); char tmp[320]; - sprintf(tmp, "%-20g", (double) fl); + snprintf(tmp, sizeof(tmp), "%-20g", (double) fl); my_b_printf(file, "%s", tmp); /* my_snprintf doesn't support %-20g */ return 4; } @@ -649,7 +649,7 @@ log_event_print_value(IO_CACHE *file, PRINT_EVENT_INFO *print_event_info, float8get(dbl, ptr); char tmp[320]; - sprintf(tmp, "%-.20g", dbl); /* strmake doesn't support %-20g */ + snprintf(tmp, sizeof(tmp), "%-.20g", dbl); /* strmake doesn't support %-20g */ my_b_printf(file, tmp, "%s"); return 8; } @@ -2515,7 +2515,7 @@ bool User_var_log_event::print(FILE* file, PRINT_EVENT_INFO* print_event_info) double real_val; char real_buf[FMT_G_BUFSIZE(14)]; float8get(real_val, val); - sprintf(real_buf, "%.14g", real_val); + snprintf(real_buf, sizeof(real_buf), "%.14g", real_val); if (my_b_printf(&cache, ":=%s%s\n", real_buf, print_event_info->delimiter)) goto err; @@ -2924,10 +2924,13 @@ bool copy_cache_to_string_wrapped(IO_CACHE *cache, sizeof(fmt_binlog2) + 3*PRINT_EVENT_INFO::max_delimiter_size; + size_t buf_alloc_size; + if (reinit_io_cache(cache, READ_CACHE, 0L, FALSE, FALSE)) goto err; - if (!(to->str= (char*) my_malloc(PSI_NOT_INSTRUMENTED, (size_t)cache->end_of_file + fmt_size, + buf_alloc_size= (size_t)cache->end_of_file + fmt_size; + if (!(to->str= (char*) my_malloc(PSI_NOT_INSTRUMENTED, buf_alloc_size, MYF(0)))) { perror("Out of memory: can't allocate memory in " @@ -2956,38 +2959,45 @@ bool copy_cache_to_string_wrapped(IO_CACHE *cache, contribution of non-compressed packet. */ char *str= to->str; + const char *buf_end= to->str + buf_alloc_size; size_t add_to_len; - str += (to->length= sprintf(str, fmt_frag, 0)); + str += (to->length= snprintf(str, (size_t)(buf_end - str), fmt_frag, 0)); if (my_b_read(cache, (uchar*) str, (uint32) (cache_size/2 + 1))) goto err; str += (add_to_len = (uint32) (cache_size/2 + 1)); to->length += add_to_len; - str += (add_to_len= sprintf(str, fmt_n_delim, delimiter)); + str += (add_to_len= snprintf(str, (size_t)(buf_end - str), + fmt_n_delim, delimiter)); to->length += add_to_len; - str += (add_to_len= sprintf(str, fmt_frag, 1)); + str += (add_to_len= snprintf(str, (size_t)(buf_end - str), + fmt_frag, 1)); to->length += add_to_len; if (my_b_read(cache, (uchar*) str, uint32(cache->end_of_file - (cache_size/2 + 1)))) goto err; str += (add_to_len= uint32(cache->end_of_file - (cache_size/2 + 1))); to->length += add_to_len; { - str += (add_to_len= sprintf(str , fmt_delim, delimiter)); + str += (add_to_len= snprintf(str, (size_t)(buf_end - str), + fmt_delim, delimiter)); to->length += add_to_len; } - to->length += sprintf(str, fmt_binlog2, delimiter); + to->length += snprintf(str, (size_t)(buf_end - str), + fmt_binlog2, delimiter); } else { char *str= to->str; + const char *buf_end= to->str + buf_alloc_size; - str += (to->length= sprintf(str, str_binlog)); + str += (to->length= snprintf(str, (size_t)(buf_end - str), str_binlog)); if (my_b_read(cache, (uchar*) str, (size_t)cache->end_of_file)) goto err; str += cache->end_of_file; to->length += (size_t)cache->end_of_file; - to->length += sprintf(str , fmt_delim, delimiter); + to->length += snprintf(str, (size_t)(buf_end - str), + fmt_delim, delimiter); } reinit_io_cache(cache, WRITE_CACHE, 0, FALSE, TRUE); diff --git a/sql/log_event_server.cc b/sql/log_event_server.cc index 3f4ff841a42bc..a21c417fc70c0 100644 --- a/sql/log_event_server.cc +++ b/sql/log_event_server.cc @@ -3853,7 +3853,7 @@ Gtid_log_event::pack_info(Protocol *protocol) flags2 & FL_PREPARED_XA ? "XA START " : "BEGIN GTID ")); if (flags2 & FL_PREPARED_XA) { - p+= sprintf(p, "%s GTID ", xid.serialize()); + p+= snprintf(p, buf + sizeof(buf) - p, "%s GTID ", xid.serialize()); } p= longlong10_to_str(domain_id, p, 10); *p++= '-'; @@ -3940,7 +3940,7 @@ Gtid_log_event::do_apply_event(rpl_group_info *rgi) thd->lex->xid= &xid; thd->lex->xa_opt= XA_NONE; - sprintf(buf_xa, fmt, xid.serialize()); + snprintf(buf_xa, sizeof(buf_xa), fmt, xid.serialize()); thd->set_query_and_id(buf_xa, static_cast(strlen(buf_xa)), &my_charset_bin, next_query_id()); thd->lex->sql_command= SQLCOM_XA_START; @@ -4576,9 +4576,9 @@ void XA_prepare_log_event::pack_info(Protocol *protocol) { char query[sizeof("XA COMMIT ONE PHASE") + 1 + ser_buf_size]; - sprintf(query, - (one_phase ? "XA COMMIT %s ONE PHASE" : "XA PREPARE %s"), - m_xid.serialize()); + snprintf(query, sizeof(query), + (one_phase ? "XA COMMIT %s ONE PHASE" : "XA PREPARE %s"), + m_xid.serialize()); protocol->store(query, strlen(query), &my_charset_bin); } @@ -5227,7 +5227,7 @@ void Append_block_log_event::pack_info(Protocol *protocol) { char buf[256]; uint length; - length= (uint) sprintf(buf, ";file_id=%u;block_len=%u", file_id, block_len); + length= (uint) snprintf(buf, sizeof(buf), ";file_id=%u;block_len=%u", file_id, block_len); protocol->store(buf, length, &my_charset_bin); } @@ -5336,7 +5336,7 @@ void Delete_file_log_event::pack_info(Protocol *protocol) { char buf[64]; uint length; - length= (uint) sprintf(buf, ";file_id=%u", (uint) file_id); + length= (uint) snprintf(buf, sizeof(buf), ";file_id=%u", (uint) file_id); protocol->store(buf, (int32) length, &my_charset_bin); } #endif @@ -5384,7 +5384,7 @@ void Execute_load_log_event::pack_info(Protocol *protocol) { char buf[64]; uint length; - length= (uint) sprintf(buf, ";file_id=%u", (uint) file_id); + length= (uint) snprintf(buf, sizeof(buf), ";file_id=%u", (uint) file_id); protocol->store(buf, (int32) length, &my_charset_bin); } diff --git a/sql/my_decimal.cc b/sql/my_decimal.cc index bb12efaae29dd..a1194634adb00 100644 --- a/sql/my_decimal.cc +++ b/sql/my_decimal.cc @@ -397,14 +397,16 @@ void print_decimal(const my_decimal *dec) { int i, end; - char buff[512], *pos; + char buff[512], *pos, *buf_end; pos= buff; - pos+= sprintf(buff, "Decimal: sign: %d intg: %d frac: %d { ", - dec->sign(), dec->intg, dec->frac); + buf_end= buff + sizeof(buff); + pos+= snprintf(buff, sizeof(buff), + "Decimal: sign: %d intg: %d frac: %d { ", + dec->sign(), dec->intg, dec->frac); end= ROUND_UP(dec->frac)+ROUND_UP(dec->intg)-1; for (i=0; i < end; i++) - pos+= sprintf(pos, "%09d, ", dec->buf[i]); - pos+= sprintf(pos, "%09d }\n", dec->buf[i]); + pos+= snprintf(pos, buf_end - pos, "%09d, ", dec->buf[i]); + pos+= snprintf(pos, buf_end - pos, "%09d }\n", dec->buf[i]); fputs(buff, DBUG_FILE); } diff --git a/sql/mysql_upgrade_service.cc b/sql/mysql_upgrade_service.cc index 5492bccd23937..13ee17089f527 100644 --- a/sql/mysql_upgrade_service.cc +++ b/sql/mysql_upgrade_service.cc @@ -373,10 +373,11 @@ static void get_service_config() */ sprintf_s(service_properties.inifile, MAX_PATH, "%s\\my.ini", service_properties.datadir); } - sprintf(defaults_file_param, "--defaults-file=%s", service_properties.inifile); + snprintf(defaults_file_param, sizeof(defaults_file_param), + "--defaults-file=%s", service_properties.inifile); } /* - Change service configuration (binPath) to point to mysqld from + Change service configuration (binPath) to point to mysqld from this installation. */ static void change_service_config() @@ -407,7 +408,8 @@ static void change_service_config() */ WritePrivateProfileString("mysqld", "basedir",NULL, service_properties.inifile); - sprintf(defaults_file_param,"--defaults-file=%s", service_properties.inifile); + snprintf(defaults_file_param, sizeof(defaults_file_param), + "--defaults-file=%s", service_properties.inifile); sprintf_s(commandline, "\"%s\" \"%s\" \"%s\"", mysqld_path, defaults_file_param, opt_service); if (!ChangeServiceConfig(service, SERVICE_NO_CHANGE, SERVICE_NO_CHANGE, diff --git a/sql/mysqld.cc b/sql/mysqld.cc index c597d9a0d067c..70ecec9676be7 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -2473,8 +2473,8 @@ static void activate_tcp_port(uint port, { char buff[100]; int s_errno= socket_errno; - sprintf(buff, "Can't start server: Bind on TCP/IP port. Got error: %d", - (int) s_errno); + snprintf(buff, sizeof(buff), "Can't start server: Bind on TCP/IP port. Got error: %d", + (int) s_errno); sql_perror(buff); /* Linux will quite happily bind to addresses not present. The @@ -7028,7 +7028,8 @@ static int show_heartbeat_period(THD *thd, SHOW_VAR *var, void *buff, get_master_info(&thd->variables.default_master_connection, Sql_condition::WARN_LEVEL_NOTE)) { - sprintf(static_cast(buff), "%.3f", mi->heartbeat_period); + snprintf(static_cast(buff), SHOW_VAR_FUNC_BUFF_SIZE, "%.3f", + mi->heartbeat_period); mi->release(); var->type= SHOW_CHAR; var->value= buff; diff --git a/sql/opt_subselect.cc b/sql/opt_subselect.cc index f079d3f5b6834..8726531075af4 100644 --- a/sql/opt_subselect.cc +++ b/sql/opt_subselect.cc @@ -4598,13 +4598,14 @@ SJ_TMP_TABLE::create_sj_weedout_tmp_table(THD *thd) temp_pool_slot = temp_pool_set_next(); if (temp_pool_slot != MY_BIT_NONE) // we got a slot - sprintf(path, "%s-subquery-%lx-%i", tmp_file_prefix, - current_pid, temp_pool_slot); + snprintf(path, sizeof(path), "%s-subquery-%lx-%i", tmp_file_prefix, + current_pid, temp_pool_slot); else { /* if we run out of slots or we are not using tempool */ - sprintf(path,"%s-subquery-%lx-%lx-%x", tmp_file_prefix,current_pid, - (ulong) thd->thread_id, thd->tmp_table++); + snprintf(path, sizeof(path), "%s-subquery-%lx-%lx-%x", + tmp_file_prefix, current_pid, + (ulong) thd->thread_id, thd->tmp_table++); } fn_format(path, path, mysql_tmpdir, "", MY_REPLACE_EXT|MY_UNPACK_FILENAME); diff --git a/sql/password.c b/sql/password.c index d824e61586ac7..83cc884ec7a32 100644 --- a/sql/password.c +++ b/sql/password.c @@ -122,7 +122,8 @@ void my_make_scrambled_password_323(char *to, const char *password, { ulong hash_res[2]; hash_password(hash_res, password, (uint) pass_len); - sprintf(to, "%08lx%08lx", hash_res[0], hash_res[1]); + snprintf(to, SCRAMBLED_PASSWORD_CHAR_LENGTH_323 + 1, + "%08lx%08lx", hash_res[0], hash_res[1]); } @@ -270,7 +271,8 @@ void get_salt_from_password_323(ulong *res, const char *password) void make_password_from_salt_323(char *to, const ulong *salt) { - sprintf(to,"%08lx%08lx", salt[0], salt[1]); + snprintf(to, SCRAMBLED_PASSWORD_CHAR_LENGTH_323 + 1, + "%08lx%08lx", salt[0], salt[1]); } diff --git a/sql/rpl_gtid.cc b/sql/rpl_gtid.cc index 31b8ed7c6cbbf..9004aea20e41e 100644 --- a/sql/rpl_gtid.cc +++ b/sql/rpl_gtid.cc @@ -2153,7 +2153,7 @@ rpl_binlog_state::append_state(String *str) const char* rpl_binlog_state::drop_domain(DYNAMIC_ARRAY *ids, Gtid_list_log_event *glev, - char* errbuf) + char* errbuf, size_t errbuf_size) { DYNAMIC_ARRAY domain_unique; // sequece (unsorted) of unique element*:s rpl_binlog_state::element* domain_unique_buffer[16]; @@ -2189,21 +2189,21 @@ rpl_binlog_state::drop_domain(DYNAMIC_ARRAY *ids, rpl_gtid* rb_state_gtid= find_nolock(glev->list[l].domain_id, glev->list[l].server_id); if (!rb_state_gtid) - sprintf(errbuf, - "missing gtids from the '%u-%u' domain-server pair which is " - "referred to in the gtid list describing an earlier state. Ignore " - "if the domain ('%u') was already explicitly deleted", - glev->list[l].domain_id, glev->list[l].server_id, - glev->list[l].domain_id); + snprintf(errbuf, errbuf_size, + "missing gtids from the '%u-%u' domain-server pair which is " + "referred to in the gtid list describing an earlier state. Ignore " + "if the domain ('%u') was already explicitly deleted", + glev->list[l].domain_id, glev->list[l].server_id, + glev->list[l].domain_id); else if (rb_state_gtid->seq_no < glev->list[l].seq_no) - sprintf(errbuf, - "having a gtid '%u-%u-%llu' which is less than " - "the '%u-%u-%llu' of the gtid list describing an earlier state. " - "The state may have been affected by manually injecting " - "a lower sequence number gtid or via replication", - rb_state_gtid->domain_id, rb_state_gtid->server_id, - rb_state_gtid->seq_no, glev->list[l].domain_id, - glev->list[l].server_id, glev->list[l].seq_no); + snprintf(errbuf, errbuf_size, + "having a gtid '%u-%u-%llu' which is less than " + "the '%u-%u-%llu' of the gtid list describing an earlier state. " + "The state may have been affected by manually injecting " + "a lower sequence number gtid or via replication", + rb_state_gtid->domain_id, rb_state_gtid->server_id, + rb_state_gtid->seq_no, glev->list[l].domain_id, + glev->list[l].server_id, glev->list[l].seq_no); if (strlen(errbuf)) // use strlen() as cheap flag push_warning_printf(current_thd, Sql_condition::WARN_LEVEL_WARN, ER_BINLOG_CANT_DELETE_GTID_DOMAIN, @@ -2250,9 +2250,10 @@ rpl_binlog_state::drop_domain(DYNAMIC_ARRAY *ids, if (!all_found) { - sprintf(errbuf, "binlog files may contain gtids from the domain ('%u') " - "being deleted. Make sure to first purge those files", - *ptr_domain_id); + snprintf(errbuf, errbuf_size, + "binlog files may contain gtids from the domain ('%u') " + "being deleted. Make sure to first purge those files", + *ptr_domain_id); errmsg= errbuf; goto end; } diff --git a/sql/rpl_gtid.h b/sql/rpl_gtid.h index 2259490b56b69..ac51820e7c533 100644 --- a/sql/rpl_gtid.h +++ b/sql/rpl_gtid.h @@ -345,7 +345,8 @@ struct rpl_binlog_state rpl_gtid *find_nolock(uint32 domain_id, uint32 server_id); rpl_gtid *find(uint32 domain_id, uint32 server_id); rpl_gtid *find_most_recent(uint32 domain_id); - const char* drop_domain(DYNAMIC_ARRAY *ids, Gtid_list_log_event *glev, char*); + const char* drop_domain(DYNAMIC_ARRAY *ids, Gtid_list_log_event *glev, + char*, size_t errbuf_size); }; diff --git a/sql/rpl_mi.cc b/sql/rpl_mi.cc index bb77c46d57f57..6a28a80daf3ed 100644 --- a/sql/rpl_mi.cc +++ b/sql/rpl_mi.cc @@ -761,19 +761,21 @@ int flush_master_info(Master_info* mi, */ char* ignore_server_ids_buf; { + size_t ignore_buf_size= + (sizeof(global_system_variables.server_id) * 3 + 1) * + (1 + mi->ignore_server_ids.elements); ignore_server_ids_buf= - (char *) my_malloc(PSI_INSTRUMENT_ME, - (sizeof(global_system_variables.server_id) * 3 + 1) * - (1 + mi->ignore_server_ids.elements), MYF(MY_WME)); + (char *) my_malloc(PSI_INSTRUMENT_ME, ignore_buf_size, MYF(MY_WME)); if (!ignore_server_ids_buf) DBUG_RETURN(1); /* error */ - ulong cur_len= sprintf(ignore_server_ids_buf, "%zu", - mi->ignore_server_ids.elements); + ulong cur_len= snprintf(ignore_server_ids_buf, ignore_buf_size, + "%zu", mi->ignore_server_ids.elements); for (ulong i= 0; i < mi->ignore_server_ids.elements; i++) { ulong s_id; get_dynamic(&mi->ignore_server_ids, (uchar*) &s_id, i); - cur_len+= sprintf(ignore_server_ids_buf + cur_len, " %lu", s_id); + cur_len+= snprintf(ignore_server_ids_buf + cur_len, + ignore_buf_size - cur_len, " %lu", s_id); } } @@ -1950,7 +1952,7 @@ char *Domain_id_filter::as_string(enum_list_type type) return NULL; // Store the total number of elements followed by the individual elements. - size_t cur_len= sprintf(buf, "%zu", ids->elements); + size_t cur_len= snprintf(buf, sz, "%zu", ids->elements); sz-= cur_len; for (uint i= 0; i < ids->elements; i++) @@ -2004,17 +2006,17 @@ void prot_store_ids(THD *thd, DYNAMIC_ARRAY *ids) ulong id, len; char dbuff[FN_REFLEN]; get_dynamic(ids, (void *) &id, i); - len= sprintf(dbuff, (i == 0 ? "%lu" : ", %lu"), id); + len= snprintf(dbuff, sizeof(dbuff), (i == 0 ? "%lu" : ", %lu"), id); if (cur_len + len + 4 > FN_REFLEN) { /* break the loop whenever remained space could not fit ellipses on the next cycle */ - cur_len+= sprintf(dbuff + cur_len, "..."); + cur_len+= snprintf(buff + cur_len, sizeof(buff) - cur_len, "..."); break; } - cur_len+= sprintf(buff + cur_len, "%s", dbuff); + cur_len+= snprintf(buff + cur_len, sizeof(buff) - cur_len, "%s", dbuff); } thd->protocol->store(buff, cur_len, &my_charset_bin); return; diff --git a/sql/slave.cc b/sql/slave.cc index 12700dd295412..a5ec283157998 100644 --- a/sql/slave.cc +++ b/sql/slave.cc @@ -1924,7 +1924,7 @@ static int get_master_version_and_clock(MYSQL* mysql, Master_info* mi) "Master reported unrecognized MariaDB version: %s", mysql->server_version); err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, ER_DEFAULT(err_code), err_buff2); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), err_buff2); } else { @@ -1943,7 +1943,7 @@ static int get_master_version_and_clock(MYSQL* mysql, Master_info* mi) "Master reported unrecognized MariaDB version: %s", mysql->server_version); err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, ER_DEFAULT(err_code), err_buff2); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), err_buff2); break; case 3: mi->rli.relay_log.description_event_for_queue= new @@ -1983,7 +1983,7 @@ static int get_master_version_and_clock(MYSQL* mysql, Master_info* mi) { errmsg= "default Format_description_log_event"; err_code= ER_SLAVE_CREATE_EVENT_FAILURE; - sprintf(err_buff, ER_DEFAULT(err_code), errmsg); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), errmsg); goto err; } @@ -2120,7 +2120,7 @@ MariaDB server ids; these ids must be different for replication to work (or \ the --replicate-same-server-id option must be used on slave but this does \ not always make sense; please check the manual before using it)."; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, ER_DEFAULT(err_code), errmsg); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), errmsg); goto err; } } @@ -2138,7 +2138,7 @@ not always make sense; please check the manual before using it)."; errmsg= "The slave I/O thread stops because a fatal error is encountered \ when it try to get the value of SERVER_ID variable from master."; err_code= mysql_errno(mysql); - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } else if (!master_row && master_res) @@ -2156,7 +2156,7 @@ maybe it is a *VERY OLD MASTER*."); { errmsg= "Slave configured with server id filtering could not detect the master server id."; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, ER_DEFAULT(err_code), errmsg); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), errmsg); goto err; } @@ -2196,7 +2196,7 @@ maybe it is a *VERY OLD MASTER*."); different values for the COLLATION_SERVER global variable. The values must \ be equal for the Statement-format replication to work"; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, ER_DEFAULT(err_code), errmsg); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), errmsg); goto err; } } @@ -2214,7 +2214,7 @@ be equal for the Statement-format replication to work"; errmsg= "The slave I/O thread stops because a fatal error is encountered \ when it try to get the value of COLLATION_SERVER global variable from master."; err_code= mysql_errno(mysql); - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } else @@ -2259,7 +2259,7 @@ inconsistency if replicated data deals with collation."); different values for the TIME_ZONE global variable. The values must \ be equal for the Statement-format replication to work"; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, ER_DEFAULT(err_code), errmsg); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), errmsg); goto err; } } @@ -2286,7 +2286,7 @@ be equal for the Statement-format replication to work"; /* Fatal error */ errmsg= "The slave I/O thread stops because a fatal error is encountered \ when it try to get the value of TIME_ZONE global variable from master."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } if (master_res) @@ -2331,7 +2331,7 @@ when it try to get the value of TIME_ZONE global variable from master."; errmsg= "The slave I/O thread stops because a fatal error is encountered " "when it tries to SET @master_heartbeat_period on master."; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); mysql_free_result(mysql_store_result(mysql)); goto err; } @@ -2391,7 +2391,7 @@ when it try to get the value of TIME_ZONE global variable from master."; errmsg= "The slave I/O thread stops because a fatal error is encountered " "when it tried to SET @master_binlog_checksum on master."; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); mysql_free_result(mysql_store_result(mysql)); goto err; } @@ -2425,7 +2425,7 @@ when it try to get the value of TIME_ZONE global variable from master."; errmsg= "The slave I/O thread stops because a fatal error is encountered " "when it tried to SELECT @master_binlog_checksum."; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); mysql_free_result(mysql_store_result(mysql)); goto err; } @@ -2482,7 +2482,7 @@ when it try to get the value of TIME_ZONE global variable from master."; errmsg= "The slave I/O thread stops because a fatal error is " "encountered when it tries to request filtering of events marked " "with the @@skip_replication flag."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } @@ -2514,7 +2514,7 @@ when it try to get the value of TIME_ZONE global variable from master."; /* Fatal error */ errmsg= "The slave I/O thread stops because a fatal error is " "encountered when it tries to set @mariadb_slave_capability."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } @@ -2566,7 +2566,7 @@ when it try to get the value of TIME_ZONE global variable from master."; errmsg= "The slave I/O thread stops because master does not support " "MariaDB global transaction id. A fatal error is encountered when " "it tries to SELECT @@GLOBAL.gtid_domain_id."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } @@ -2580,7 +2580,7 @@ when it try to get the value of TIME_ZONE global variable from master."; err_code= ER_OUTOFMEMORY; errmsg= "The slave I/O thread stops because a fatal out-of-memory " "error is encountered when it tries to compute @slave_connect_state."; - sprintf(err_buff, "%s Error: Out of memory", errmsg); + snprintf(err_buff, sizeof(err_buff), "%s Error: Out of memory", errmsg); goto err; } query_str.append(STRING_WITH_LEN("'"), system_charset_info); @@ -2604,7 +2604,7 @@ when it try to get the value of TIME_ZONE global variable from master."; /* Fatal error */ errmsg= "The slave I/O thread stops because a fatal error is " "encountered when it tries to set @slave_connect_state."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } @@ -2617,7 +2617,7 @@ when it try to get the value of TIME_ZONE global variable from master."; err_code= ER_OUTOFMEMORY; errmsg= "The slave I/O thread stops because a fatal out-of-memory " "error is encountered when it tries to set @slave_gtid_strict_mode."; - sprintf(err_buff, "%s Error: Out of memory", errmsg); + snprintf(err_buff, sizeof(err_buff), "%s Error: Out of memory", errmsg); goto err; } @@ -2640,7 +2640,7 @@ when it try to get the value of TIME_ZONE global variable from master."; /* Fatal error */ errmsg= "The slave I/O thread stops because a fatal error is " "encountered when it tries to set @slave_gtid_strict_mode."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } @@ -2653,7 +2653,7 @@ when it try to get the value of TIME_ZONE global variable from master."; err_code= ER_OUTOFMEMORY; errmsg= "The slave I/O thread stops because a fatal out-of-memory error " "is encountered when it tries to set @slave_gtid_ignore_duplicates."; - sprintf(err_buff, "%s Error: Out of memory", errmsg); + snprintf(err_buff, sizeof(err_buff), "%s Error: Out of memory", errmsg); goto err; } @@ -2676,7 +2676,7 @@ when it try to get the value of TIME_ZONE global variable from master."; /* Fatal error */ errmsg= "The slave I/O thread stops because a fatal error is " "encountered when it tries to set @slave_gtid_ignore_duplicates."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } @@ -2691,7 +2691,7 @@ when it try to get the value of TIME_ZONE global variable from master."; err_code= ER_OUTOFMEMORY; errmsg= "The slave I/O thread stops because a fatal out-of-memory " "error is encountered when it tries to compute @slave_until_gtid."; - sprintf(err_buff, "%s Error: Out of memory", errmsg); + snprintf(err_buff, sizeof(err_buff), "%s Error: Out of memory", errmsg); goto err; } query_str.append(STRING_WITH_LEN("'"), system_charset_info); @@ -2715,7 +2715,7 @@ when it try to get the value of TIME_ZONE global variable from master."; /* Fatal error */ errmsg= "The slave I/O thread stops because a fatal error is " "encountered when it tries to set @slave_until_gtid."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index d7910024cb15a..dab3f9a30eea3 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -4302,8 +4302,8 @@ bool change_password(THD *thd, LEX_USER *user) result= acl_cache_is_locked= 0; if (mysql_bin_log.is_open()) { - query_length= sprintf(buff, "SET PASSWORD FOR '%-.120s'@'%-.120s'='%-.120s'", - user->user.str, safe_str(user->host.str), auth.auth_string.str); + query_length= snprintf(buff, sizeof(buff), "SET PASSWORD FOR '%-.120s'@'%-.120s'='%-.120s'", + user->user.str, safe_str(user->host.str), auth.auth_string.str); DBUG_ASSERT(query_length); thd->clear_error(); result= thd->binlog_query(THD::STMT_QUERY_TYPE, buff, query_length, @@ -4370,8 +4370,8 @@ int acl_set_default_role(THD *thd, const char *host, const char *user, (WSREP(thd) && !IF_WSREP(thd->wsrep_applier, 0))) { query_length= - sprintf(buff,"SET DEFAULT ROLE '%-.120s' FOR '%-.120s'@'%-.120s'", - safe_str(rolename), user, safe_str(host)); + snprintf(buff, sizeof(buff), "SET DEFAULT ROLE '%-.120s' FOR '%-.120s'@'%-.120s'", + safe_str(rolename), user, safe_str(host)); } /* diff --git a/sql/sql_class.cc b/sql/sql_class.cc index a5155b9955dc3..73d41382e8549 100644 --- a/sql/sql_class.cc +++ b/sql/sql_class.cc @@ -7751,11 +7751,11 @@ static void reset_binlog_unsafe_suppression(ulonglong now) Auxiliary function to print warning in the error log. */ static void print_unsafe_warning_to_log(THD *thd, int unsafe_type, char* buf, - char* query) + size_t buf_size, char* query) { DBUG_ENTER("print_unsafe_warning_in_log"); - sprintf(buf, ER_THD(thd, ER_BINLOG_UNSAFE_STATEMENT), - ER_THD(thd, LEX::binlog_stmt_unsafe_errcode[unsafe_type])); + snprintf(buf, buf_size, ER_THD(thd, ER_BINLOG_UNSAFE_STATEMENT), + ER_THD(thd, LEX::binlog_stmt_unsafe_errcode[unsafe_type])); sql_print_warning(ER_THD(thd, ER_MESSAGE_AND_STATEMENT), buf, query); DBUG_VOID_RETURN; } @@ -7897,7 +7897,8 @@ void THD::issue_unsafe_warnings() ER_THD(this, LEX::binlog_stmt_unsafe_errcode[unsafe_type])); if (global_system_variables.log_warnings > 0 && !protect_against_unsafe_warning_flood(unsafe_type)) - print_unsafe_warning_to_log(this, unsafe_type, buf, query()); + print_unsafe_warning_to_log(this, unsafe_type, buf, + sizeof(buf), query()); } } DBUG_VOID_RETURN; diff --git a/sql/sql_insert.cc b/sql/sql_insert.cc index 71099011a53a6..1263abd2dfbd7 100644 --- a/sql/sql_insert.cc +++ b/sql/sql_insert.cc @@ -1430,14 +1430,14 @@ bool mysql_insert(THD *thd, TABLE_LIST *table_list, info.touched : info.updated); if (ignore) - sprintf(buff, ER_THD(thd, ER_INSERT_INFO), (ulong) info.records, - (lock_type == TL_WRITE_DELAYED) ? (ulong) 0 : - (ulong) (info.records - info.copied), - (long) thd->get_stmt_da()->current_statement_warn_count()); + snprintf(buff, sizeof(buff), ER_THD(thd, ER_INSERT_INFO), (ulong) info.records, + (lock_type == TL_WRITE_DELAYED) ? (ulong) 0 : + (ulong) (info.records - info.copied), + (long) thd->get_stmt_da()->current_statement_warn_count()); else - sprintf(buff, ER_THD(thd, ER_INSERT_INFO), (ulong) info.records, - (ulong) (info.deleted + updated), - (long) thd->get_stmt_da()->current_statement_warn_count()); + snprintf(buff, sizeof(buff), ER_THD(thd, ER_INSERT_INFO), (ulong) info.records, + (ulong) (info.deleted + updated), + (long) thd->get_stmt_da()->current_statement_warn_count()); if (returning) result->send_eof(); else if (!(thd->in_sub_stmt & SUB_STMT_TRIGGER)) diff --git a/sql/sql_load.cc b/sql/sql_load.cc index 26b64d99bf4f0..e01f2466a9ebb 100644 --- a/sql/sql_load.cc +++ b/sql/sql_load.cc @@ -796,10 +796,10 @@ int mysql_load(THD *thd, const sql_exchange *ex, TABLE_LIST *table_list, error= -1; // Error on read goto err; } - sprintf(name, ER_THD(thd, ER_LOAD_INFO), - (ulong) info.records, (ulong) info.deleted, - (ulong) (info.records - info.copied), - (long) thd->get_stmt_da()->current_statement_warn_count()); + snprintf(name, sizeof(name), ER_THD(thd, ER_LOAD_INFO), + (ulong) info.records, (ulong) info.deleted, + (ulong) (info.records - info.copied), + (long) thd->get_stmt_da()->current_statement_warn_count()); if (thd->transaction->stmt.modified_non_trans_table) thd->transaction->all.modified_non_trans_table= TRUE; diff --git a/sql/sql_prepare.cc b/sql/sql_prepare.cc index 6959dda90c714..abc7010c63751 100644 --- a/sql/sql_prepare.cc +++ b/sql/sql_prepare.cc @@ -3969,8 +3969,9 @@ void mysql_stmt_get_longdata(THD *thd, char *packet, ulong packet_length) /* Error will be sent in execute call */ stmt->state= Query_arena::STMT_ERROR; stmt->last_errno= ER_WRONG_ARGUMENTS; - sprintf(stmt->last_error, ER_THD(thd, ER_WRONG_ARGUMENTS), - "mysqld_stmt_send_long_data"); + snprintf(stmt->last_error, sizeof(stmt->last_error), + ER_THD(thd, ER_WRONG_ARGUMENTS), + "mysqld_stmt_send_long_data"); DBUG_VOID_RETURN; } #endif diff --git a/sql/sql_select.cc b/sql/sql_select.cc index d30d3647b48c3..34c9499cecd64 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -20672,13 +20672,14 @@ TABLE *Create_tmp_table::start(THD *thd, m_temp_pool_slot = temp_pool_set_next(); if (m_temp_pool_slot != MY_BIT_NONE) // we got a slot - sprintf(path, "%s-%s-%lx-%i", tmp_file_prefix, param->tmp_name, - current_pid, m_temp_pool_slot); + snprintf(path, sizeof(path), "%s-%s-%lx-%i", tmp_file_prefix, param->tmp_name, + current_pid, m_temp_pool_slot); else { /* if we run out of slots or we are not using tempool */ - sprintf(path, "%s-%s-%lx-%llx-%x", tmp_file_prefix, param->tmp_name, - current_pid, thd->thread_id, thd->tmp_table++); + snprintf(path, sizeof(path), "%s-%s-%lx-%llx-%x", + tmp_file_prefix, param->tmp_name, + current_pid, thd->thread_id, thd->tmp_table++); } /* diff --git a/sql/sql_tvc.cc b/sql/sql_tvc.cc index a6b87ff1fdcc6..3fa4675574c48 100644 --- a/sql/sql_tvc.cc +++ b/sql/sql_tvc.cc @@ -588,7 +588,7 @@ bool Item_func_in::create_value_list_for_tvc(THD *thd, { if (i == 1) { - sprintf(col_name, "_col_%i", j+1); + snprintf(col_name, sizeof(col_name), "_col_%i", j+1); row_list->element_index(j)->set_name(thd, col_name, strlen(col_name), thd->charset()); } @@ -601,7 +601,7 @@ bool Item_func_in::create_value_list_for_tvc(THD *thd, { if (i == 1) { - sprintf(col_name, "_col_%i", 1); + snprintf(col_name, sizeof(col_name), "_col_%i", 1); args[i]->set_name(thd, col_name, strlen(col_name), thd->charset()); } if (tvc_value->push_back(args[i])) diff --git a/sql/sql_view.cc b/sql/sql_view.cc index 6ba177473dd00..94dcf23c9b1f1 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -912,7 +912,7 @@ int mariadb_fix_view(THD *thd, TABLE_LIST *view, bool wrong_checksum, if ((view->md5.str= (char *)thd->alloc(VIEW_MD5_LEN + 1)) == NULL) DBUG_RETURN(HA_ADMIN_FAILED); } - view->calc_md5(const_cast(view->md5.str)); + view->calc_md5(const_cast(view->md5.str), VIEW_MD5_LEN + 1); view->md5.length= VIEW_MD5_LEN; } view->mariadb_version= MYSQL_VERSION_ID; @@ -1039,7 +1039,7 @@ static int mysql_register_view(THD *thd, DDL_LOG_STATE *ddl_log_state, */ view->file_version= 2; view->mariadb_version= MYSQL_VERSION_ID; - view->calc_md5(md5); + view->calc_md5(md5, sizeof(md5)); if (!(view->md5.str= (char*) thd->memdup(md5, VIEW_MD5_LEN))) { my_error(ER_OUT_OF_RESOURCES, MYF(0)); @@ -2230,7 +2230,7 @@ int view_checksum(THD *thd, TABLE_LIST *view) char md5[MD5_BUFF_LENGTH]; if (!view->view || view->md5.length != VIEW_MD5_LEN) return HA_ADMIN_NOT_IMPLEMENTED; - view->calc_md5(md5); + view->calc_md5(md5, sizeof(md5)); return (strncmp(md5, view->md5.str, VIEW_MD5_LEN) ? HA_ADMIN_WRONG_CHECKSUM : HA_ADMIN_OK); diff --git a/sql/table.cc b/sql/table.cc index cbd4c4e1eabbf..50103dbb79567 100644 --- a/sql/table.cc +++ b/sql/table.cc @@ -5960,17 +5960,17 @@ TABLE_LIST::TABLE_LIST(THD *thd, buffer buffer for md5 writing */ -void TABLE_LIST::calc_md5(char *buffer) +void TABLE_LIST::calc_md5(char *buffer, size_t buffer_size) { uchar digest[16]; compute_md5_hash(digest, select_stmt.str, select_stmt.length); - sprintf(buffer, - "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", - digest[0], digest[1], digest[2], digest[3], - digest[4], digest[5], digest[6], digest[7], - digest[8], digest[9], digest[10], digest[11], - digest[12], digest[13], digest[14], digest[15]); + snprintf(buffer, buffer_size, + "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", + digest[0], digest[1], digest[2], digest[3], + digest[4], digest[5], digest[6], digest[7], + digest[8], digest[9], digest[10], digest[11], + digest[12], digest[13], digest[14], digest[15]); } @@ -8525,8 +8525,7 @@ bool TABLE::add_tmp_key(uint key, uint key_parts, keyinfo->is_statistics_from_stat_tables= FALSE; if (unique) keyinfo->flags|= HA_NOSAME; - sprintf(buf, "key%i", key); - keyinfo->name.length= strlen(buf); + keyinfo->name.length= snprintf(buf, sizeof(buf), "key%i", key); if (!(keyinfo->name.str= strmake_root(&mem_root, buf, keyinfo->name.length))) return TRUE; keyinfo->rec_per_key= (ulong*) alloc_root(&mem_root, diff --git a/sql/table.h b/sql/table.h index e287ffb330abc..85e8df512d70d 100644 --- a/sql/table.h +++ b/sql/table.h @@ -2835,7 +2835,7 @@ struct TABLE_LIST List *partition_names; #endif /* WITH_PARTITION_STORAGE_ENGINE */ - void calc_md5(char *buffer); + void calc_md5(char *buffer, size_t buffer_size); int view_check_option(THD *thd, bool ignore_failure); bool create_field_translation(THD *thd); bool setup_underlying(THD *thd); diff --git a/sql/udf_example.c b/sql/udf_example.c index d87abdc9f1bc0..d6790b2abdd0a 100644 --- a/sql/udf_example.c +++ b/sql/udf_example.c @@ -849,11 +849,11 @@ char *reverse_lookup(UDF_INIT *initid __attribute__((unused)), UDF_ARGS *args, *null_value=1; return 0; } - sprintf(result,"%d.%d.%d.%d", - (int) *((longlong*) args->args[0]), - (int) *((longlong*) args->args[1]), - (int) *((longlong*) args->args[2]), - (int) *((longlong*) args->args[3])); + snprintf(result, MYSQL_UDF_MAX_RESULT_LENGTH, "%d.%d.%d.%d", + (int) *((longlong*) args->args[0]), + (int) *((longlong*) args->args[1]), + (int) *((longlong*) args->args[2]), + (int) *((longlong*) args->args[3])); } else { /* string argument */ @@ -1245,9 +1245,9 @@ char * is_const(UDF_INIT *initid, UDF_ARGS *args __attribute__((unused)), uchar *is_null,uchar *error __attribute__((unused))) { if (initid->ptr != 0) { - sprintf(result, "const"); + snprintf(result, MYSQL_UDF_MAX_RESULT_LENGTH, "const"); } else { - sprintf(result, "not const"); + snprintf(result, MYSQL_UDF_MAX_RESULT_LENGTH, "not const"); } *is_null= 0; *length= (uint) strlen(result); diff --git a/sql/wsrep_applier.cc b/sql/wsrep_applier.cc index dfd2070856143..130b203cee319 100644 --- a/sql/wsrep_applier.cc +++ b/sql/wsrep_applier.cc @@ -100,8 +100,8 @@ static void wsrep_store_error_rli(const THD* const thd, } os << " Error_code: " << error.number << ';'; std::string const err_str= os.str(); - dst.resize(err_str.length() + 1); - sprintf(dst.data(), "%s", err_str.c_str()); + dst.clear(); + dst.push_back(err_str); WSREP_DEBUG("Error buffer (RLI) for thd %u seqno %lld, %zu bytes: '%s'", thd->thread_id, (long long)wsrep_thd_trx_seqno(thd), diff --git a/sql/wsrep_sst.cc b/sql/wsrep_sst.cc index 83c510badccd6..7866d7d016625 100644 --- a/sql/wsrep_sst.cc +++ b/sql/wsrep_sst.cc @@ -1793,9 +1793,9 @@ static int sst_flush_tables(THD* thd) const char base_name[]= "tables_flushed"; ssize_t const full_len= strlen(mysql_real_data_home) + strlen(base_name)+2; char *real_name= (char*) my_malloc(key_memory_WSREP, full_len, 0); - sprintf(real_name, "%s/%s", mysql_real_data_home, base_name); + snprintf(real_name, full_len, "%s/%s", mysql_real_data_home, base_name); char *tmp_name= (char*) my_malloc(key_memory_WSREP, full_len + 4, 0); - sprintf(tmp_name, "%s.tmp", real_name); + snprintf(tmp_name, full_len + 4, "%s.tmp", real_name); FILE* file= fopen(tmp_name, "w+"); if (0 == file) diff --git a/storage/connect/array.cpp b/storage/connect/array.cpp index 1eeb4ac05ca29..442b3bd286d1d 100644 --- a/storage/connect/array.cpp +++ b/storage/connect/array.cpp @@ -1024,7 +1024,7 @@ void ARRAY::Prints(PGLOBAL, char *ps, uint z) if (z < 16) return; - sprintf(ps, "ARRAY: type=%d\n", Type); + snprintf(ps, z, "ARRAY: type=%d\n", Type); // More to be implemented later } // end of Prints diff --git a/storage/connect/bson.cpp b/storage/connect/bson.cpp index 44d53ba17bd32..fe91a59895925 100644 --- a/storage/connect/bson.cpp +++ b/storage/connect/bson.cpp @@ -1547,16 +1547,16 @@ PSZ BJSON::GetString(PBVAL vp, char* buff) p = MZP(vlp->To_Val); break; case TYPE_INTG: - sprintf(p, "%d", vlp->N); + snprintf(p, 32, "%d", vlp->N); break; case TYPE_FLOAT: - sprintf(p, "%.*f", vlp->Nd, vlp->F); + snprintf(p, 32, "%.*f", vlp->Nd, vlp->F); break; case TYPE_BINT: - sprintf(p, "%lld", *(longlong*)MP(vlp->To_Val)); + snprintf(p, 32, "%lld", *(longlong*)MP(vlp->To_Val)); break; case TYPE_DBL: - sprintf(p, "%.*lf", vlp->Nd, *(double*)MP(vlp->To_Val)); + snprintf(p, 32, "%.*lf", vlp->Nd, *(double*)MP(vlp->To_Val)); break; case TYPE_BOOL: p = (PSZ)((vlp->B) ? "true" : "false"); diff --git a/storage/connect/bsonudf.cpp b/storage/connect/bsonudf.cpp index 8b6b7e03156a4..c12eefb5b671d 100644 --- a/storage/connect/bsonudf.cpp +++ b/storage/connect/bsonudf.cpp @@ -3541,7 +3541,7 @@ my_bool bson_item_merge_init(UDF_INIT *initid, UDF_ARGS *args, char *message) return true; } else for (int i = 0; i < 2; i++) if (!IsArgJson(args, i) && args->arg_type[i] != STRING_RESULT) { - sprintf(message, "Argument %d must be a json item", i); + snprintf(message, MYSQL_ERRMSG_SIZE, "Argument %d must be a json item", i); return true; } // endif type @@ -4433,7 +4433,7 @@ my_bool bson_file_init(UDF_INIT *initid, UDF_ARGS *args, char *message) for (unsigned int i = 1; i < args->arg_count; i++) { if (!(args->arg_type[i] == INT_RESULT || args->arg_type[i] == STRING_RESULT)) { - sprintf(message, "Argument %d is not an integer or a string (pretty or path)", i); + snprintf(message, MYSQL_ERRMSG_SIZE, "Argument %d is not an integer or a string (pretty or path)", i); return true; } // endif arg_type @@ -4669,7 +4669,7 @@ my_bool bfile_convert_init(UDF_INIT* initid, UDF_ARGS* args, char* message) { return true; } else for (int i = 0; i < 2; i++) if (args->arg_type[i] != STRING_RESULT) { - sprintf(message, "Arguments %d must be a string (file name)", i+1); + snprintf(message, MYSQL_ERRMSG_SIZE, "Arguments %d must be a string (file name)", i+1); return true; } // endif args @@ -4726,7 +4726,7 @@ my_bool bfile_bjson_init(UDF_INIT* initid, UDF_ARGS* args, char* message) { return true; } else for (int i = 0; i < 2; i++) if (args->arg_type[i] != STRING_RESULT) { - sprintf(message, "Arguments %d must be a string (file name)", i + 1); + snprintf(message, MYSQL_ERRMSG_SIZE, "Arguments %d must be a string (file name)", i + 1); return true; } // endif args diff --git a/storage/connect/cmgoconn.cpp b/storage/connect/cmgoconn.cpp index e61806d42eb3f..3daa8e2a80273 100644 --- a/storage/connect/cmgoconn.cpp +++ b/storage/connect/cmgoconn.cpp @@ -867,7 +867,7 @@ char *CMgoConn::Mini(PGLOBAL g, PCOL colp, const bson_t *bson, bool b) } else if (dbl && n > m) { Mbuf[k] = 0; d = atof(Mbuf + j); - n = sprintf(Mbuf + j, "%.*f", m, d); + n = snprintf(Mbuf + j, (size_t)colp->GetLength() + 1 - j, "%.*f", m, d); k = j + n; j = n = 0; } else if (j) @@ -1019,7 +1019,7 @@ bool CMgoConn::AddValue(PGLOBAL g, PCOL colp, bson_t *doc, char *key, bool upd) bson_t *bsn = bson_new_from_json(val, -1, &Error); if (!bsn) { - sprintf (g->Message, "AddValue: %s", Error.message); + snprintf(g->Message, sizeof(g->Message), "AddValue: %s", Error.message); return true; } else if (*key) { if (*val == '[') diff --git a/storage/connect/colblk.cpp b/storage/connect/colblk.cpp index 79fc2a5e076cd..152a25a0ff1b2 100644 --- a/storage/connect/colblk.cpp +++ b/storage/connect/colblk.cpp @@ -237,9 +237,9 @@ void COLBLK::Printf(PGLOBAL, FILE *f, uint n) /***********************************************************************/ /* Make string output of a column descriptor block. */ /***********************************************************************/ -void COLBLK::Prints(PGLOBAL, char *ps, uint) +void COLBLK::Prints(PGLOBAL, char *ps, uint z) { - sprintf(ps, "R%d.%s", To_Tdb->GetTdb_No(), Name); + snprintf(ps, z, "R%d.%s", To_Tdb->GetTdb_No(), Name); } // end of Prints diff --git a/storage/connect/csort.cpp b/storage/connect/csort.cpp index 1e4ba674e2356..96d957587258e 100644 --- a/storage/connect/csort.cpp +++ b/storage/connect/csort.cpp @@ -118,7 +118,7 @@ int CSORT::Qsort(PGLOBAL g, int nb) Dup->ProgMax = Cmpnum(nb); Dup->ProgCur = 0; Dup->Step = (char*)PlugSubAlloc(g, NULL, 32); - sprintf((char*)Dup->Step, MSG(SORTING_VAL), nb); + snprintf((char*)Dup->Step, 32, MSG(SORTING_VAL), nb); } else Dup = NULL; diff --git a/storage/connect/domdoc.cpp b/storage/connect/domdoc.cpp index 13f3180a59ce3..4d82a27b57e70 100644 --- a/storage/connect/domdoc.cpp +++ b/storage/connect/domdoc.cpp @@ -163,7 +163,7 @@ bool DOMDOC::NewDoc(PGLOBAL g, PCSZ ver) char buf[64]; MSXML2::IXMLDOMProcessingInstructionPtr pip; - sprintf(buf, "version=\"%s\" encoding=\"%s\"", ver, Encoding); + snprintf(buf, sizeof(buf), "version=\"%s\" encoding=\"%s\"", ver, Encoding); pip = Docp->createProcessingInstruction("xml", buf); Docp->appendChild(pip); return false; diff --git a/storage/connect/filamdbf.cpp b/storage/connect/filamdbf.cpp index e2f9069498950..ee65e0cf5dbc0 100644 --- a/storage/connect/filamdbf.cpp +++ b/storage/connect/filamdbf.cpp @@ -437,7 +437,7 @@ PQRYRES DBFColumns(PGLOBAL g, PCSZ dp, PCSZ fn, PTOS topt, bool info) /************************************************************************/ char buf[64]; - sprintf(buf, + snprintf(buf, sizeof(buf), "Ver=%02x ncol=%hu nlin=%u lrecl=%hu headlen=%hu date=%02d/%02d/%02d", hp->Version, fields, hp->Records, hp->Reclen, hp->Headlen, hp->Filedate[0], hp->Filedate[1], diff --git a/storage/connect/ha_connect.cc b/storage/connect/ha_connect.cc index 97e6521afd354..05d858d2e74b0 100644 --- a/storage/connect/ha_connect.cc +++ b/storage/connect/ha_connect.cc @@ -5976,7 +5976,7 @@ static int connect_assisted_discovery(handlerton *, THD* thd, #if defined(REST_SUPPORT) case TAB_REST: if (!topt->http) - sprintf(g->Message, "Missing %s HTTP address", topt->type); + snprintf(g->Message, sizeof(g->Message), "Missing %s HTTP address", topt->type); else ok= true; diff --git a/storage/connect/json.cpp b/storage/connect/json.cpp index 10ce3fde92123..bc731ad980fa0 100644 --- a/storage/connect/json.cpp +++ b/storage/connect/json.cpp @@ -1670,13 +1670,13 @@ PSZ JVALUE::GetString(PGLOBAL g, char *buff) p = Strp; break; case TYPE_INTG: - sprintf(p, "%d", N); + snprintf(p, 32, "%d", N); break; case TYPE_BINT: - sprintf(p, "%lld", LLn); + snprintf(p, 32, "%lld", LLn); break; case TYPE_DBL: - sprintf(p, "%.*lf", Nd, F); + snprintf(p, 32, "%.*lf", Nd, F); break; case TYPE_BOOL: p = (char*)((B) ? "true" : "false"); diff --git a/storage/connect/jsonudf.cpp b/storage/connect/jsonudf.cpp index 9b51f957959ed..cc916feaeaa7a 100644 --- a/storage/connect/jsonudf.cpp +++ b/storage/connect/jsonudf.cpp @@ -4517,7 +4517,7 @@ my_bool json_file_init(UDF_INIT *initid, UDF_ARGS *args, char *message) for (unsigned int i = 1; i < args->arg_count; i++) { if (!(args->arg_type[i] == INT_RESULT || args->arg_type[i] == STRING_RESULT)) { - sprintf(message, "Argument %d is not an integer or a string (pretty or path)", i); + snprintf(message, MYSQL_ERRMSG_SIZE, "Argument %d is not an integer or a string (pretty or path)", i); return true; } // endif arg_type @@ -5774,7 +5774,7 @@ my_bool jbin_file_init(UDF_INIT *initid, UDF_ARGS *args, char *message) for (unsigned int i = 1; i < args->arg_count; i++) { if (!(args->arg_type[i] == INT_RESULT || args->arg_type[i] == STRING_RESULT)) { - sprintf(message, "Argument %d is not an integer or a string (pretty or path)", i); + snprintf(message, MYSQL_ERRMSG_SIZE, "Argument %d is not an integer or a string (pretty or path)", i); return true; } // endif arg_type @@ -5936,7 +5936,7 @@ my_bool jfile_convert_init(UDF_INIT* initid, UDF_ARGS* args, char* message) { return true; } else for (int i = 0; i < 2; i++) if (args->arg_type[i] != STRING_RESULT) { - sprintf(message, "Arguments %d must be a string (file name)", i+1); + snprintf(message, MYSQL_ERRMSG_SIZE, "Arguments %d must be a string (file name)", i+1); return true; } // endif args @@ -5993,7 +5993,7 @@ my_bool jfile_bjson_init(UDF_INIT* initid, UDF_ARGS* args, char* message) { return true; } else for (int i = 0; i < 2; i++) if (args->arg_type[i] != STRING_RESULT) { - sprintf(message, "Arguments %d must be a string (file name)", i + 1); + snprintf(message, MYSQL_ERRMSG_SIZE, "Arguments %d must be a string (file name)", i + 1); return true; } // endif args diff --git a/storage/connect/libdoc.cpp b/storage/connect/libdoc.cpp index 8226948f2407a..77e5b56efa7d8 100644 --- a/storage/connect/libdoc.cpp +++ b/storage/connect/libdoc.cpp @@ -195,7 +195,7 @@ void xtrc(char const *fmt, ...) va_start (ap, fmt); ; //vfprintf(stderr, fmt, ap); - vsprintf(s, fmt, ap); + vsnprintf(s, sizeof(s), fmt, ap); if (s[strlen(s)-1] == '\n') s[strlen(s)-1] = 0; va_end (ap); diff --git a/storage/connect/macutil.cpp b/storage/connect/macutil.cpp index fda47b538803d..2c14b7a39bd92 100644 --- a/storage/connect/macutil.cpp +++ b/storage/connect/macutil.cpp @@ -248,7 +248,7 @@ bool MACINFO::GetOneInfo(PGLOBAL g, int flag, void *v, int lv) if (i) strcat(p++, "-"); - p += sprintf(p, "%.2X", Curp->Address[i]); + p += snprintf(p, sizeof(buf) - (p - buf), "%.2X", Curp->Address[i]); } // endfor i p = buf; @@ -263,7 +263,7 @@ bool MACINFO::GetOneInfo(PGLOBAL g, int flag, void *v, int lv) case IF_LOOPBACK_ADAPTERTYPE: p = "Loop Back Adapter"; break; // case IF_SLIP_ADAPTERTYPE: p = "Generic Slip Adapter"; break; default: - sprintf(buf, "Other Adapter, type=%d", Curp->Type); + snprintf(buf, sizeof(buf), "Other Adapter, type=%d", Curp->Type); p = buf; } // endswitch Type #endif // 0 diff --git a/storage/connect/myconn.cpp b/storage/connect/myconn.cpp index 056647ce571ed..b9a665faf5765 100644 --- a/storage/connect/myconn.cpp +++ b/storage/connect/myconn.cpp @@ -598,7 +598,7 @@ int MYSQLC::KillQuery(ulong id) { char kill[20]; - sprintf(kill, "KILL QUERY %u", (unsigned int) id); + snprintf(kill, sizeof(kill), "KILL QUERY %u", (unsigned int) id); //return (m_DB) ? mysql_query(m_DB, kill) : 1; return (m_DB) ? mysql_real_query(m_DB, kill, strlen(kill)) : 1; } // end of KillQuery @@ -721,9 +721,10 @@ int MYSQLC::ExecSQL(PGLOBAL g, const char *query, int *w) //if (mysql_query(m_DB, query) != 0) { if (mysql_real_query(m_DB, query, strlen(query))) { - char *msg = (char*)PlugSubAlloc(g, NULL, 512 + strlen(query)); + size_t msg_size = 512 + strlen(query); + char *msg = (char*)PlugSubAlloc(g, NULL, msg_size); - sprintf(msg, "(%d) %s [%s]", mysql_errno(m_DB), + snprintf(msg, msg_size, "(%d) %s [%s]", mysql_errno(m_DB), mysql_error(m_DB), query); strncpy(g->Message, msg, sizeof(g->Message) - 1); g->Message[sizeof(g->Message) - 1] = 0; @@ -740,9 +741,10 @@ int MYSQLC::ExecSQL(PGLOBAL g, const char *query, int *w) m_Res = mysql_store_result(m_DB); if (!m_Res) { - char *msg = (char*)PlugSubAlloc(g, NULL, 512 + strlen(query)); + size_t msg_size = 512 + strlen(query); + char *msg = (char*)PlugSubAlloc(g, NULL, msg_size); - sprintf(msg, "mysql_store_result failed: %s", mysql_error(m_DB)); + snprintf(msg, msg_size, "mysql_store_result failed: %s", mysql_error(m_DB)); strncpy(g->Message, msg, sizeof(g->Message) - 1); g->Message[sizeof(g->Message) - 1] = 0; rc = RC_FX; @@ -777,9 +779,10 @@ int MYSQLC::GetTableSize(PGLOBAL g __attribute__((unused)), PSZ query) { if (mysql_real_query(m_DB, query, strlen(query))) { #if defined(_DEBUG) - char *msg = (char*)PlugSubAlloc(g, NULL, 512 + strlen(query)); + size_t msg_size = 512 + strlen(query); + char *msg = (char*)PlugSubAlloc(g, NULL, msg_size); - sprintf(msg, "(%d) %s [%s]", mysql_errno(m_DB), + snprintf(msg, msg_size, "(%d) %s [%s]", mysql_errno(m_DB), mysql_error(m_DB), query); strncpy(g->Message, msg, sizeof(g->Message) - 1); g->Message[sizeof(g->Message) - 1] = 0; diff --git a/storage/connect/odbconn.cpp b/storage/connect/odbconn.cpp index 520b82d51c2ed..327ed95223eb0 100644 --- a/storage/connect/odbconn.cpp +++ b/storage/connect/odbconn.cpp @@ -439,8 +439,9 @@ PQRYRES ODBCSrcCols(PGLOBAL g, char *dsn, char *src, POPARM sop) if (strstr(src, "%s")) { // Place holder for an eventual where clause - sqry = (char*)PlugSubAlloc(g, NULL, strlen(src) + 3); - sprintf(sqry, src, "1=1", "1=1"); // dummy where clause + size_t sqry_size = strlen(src) + 3; + sqry = (char*)PlugSubAlloc(g, NULL, sqry_size); + snprintf(sqry, sqry_size, src, "1=1", "1=1"); // dummy where clause } else sqry = src; diff --git a/storage/connect/plgdbutl.cpp b/storage/connect/plgdbutl.cpp index 68641129dc9c3..b962bdc62d3b9 100644 --- a/storage/connect/plgdbutl.cpp +++ b/storage/connect/plgdbutl.cpp @@ -1008,7 +1008,7 @@ bool WritePrivateProfileInt(LPCSTR sec, LPCSTR key, int n, LPCSTR ini) { char buf[12]; - sprintf(buf, "%d", n); + snprintf(buf, sizeof(buf), "%d", n); return WritePrivateProfileString(sec, key, buf, ini); } // end of WritePrivateProfileInt @@ -1115,7 +1115,7 @@ char *GetAmName(PGLOBAL g, AMT am, void *memp) case TYPE_AM_MAC: strcpy(amn, "MAC"); break; case TYPE_AM_OEM: strcpy(amn, "OEM"); break; case TYPE_AM_OUT: strcpy(amn, "OUT"); break; - default: sprintf(amn, "OEM(%d)", am); + default: snprintf(amn, 16, "OEM(%d)", am); } // endswitch am return amn; diff --git a/storage/connect/rcmsg.c b/storage/connect/rcmsg.c index e2fd08ba8661a..7e26d2133f74f 100644 --- a/storage/connect/rcmsg.c +++ b/storage/connect/rcmsg.c @@ -48,11 +48,11 @@ int GetRcString(int id, char *buf, int bufsize) char msg[32]; if (!(p = GetMsgid(id))) { - sprintf(msg, "ID=%d unknown", id); + snprintf(msg, sizeof(msg), "ID=%d unknown", id); p = msg; } // endif p - return sprintf(buf, "%.*s", bufsize-1, p); + return snprintf(buf, bufsize, "%.*s", bufsize-1, p); } // end of GetRcString #endif // !XMSG diff --git a/storage/connect/reldef.cpp b/storage/connect/reldef.cpp index 9af9faa333a3b..b6c135f590e98 100644 --- a/storage/connect/reldef.cpp +++ b/storage/connect/reldef.cpp @@ -754,9 +754,9 @@ bool OEMDEF::DefineAM(PGLOBAL g, LPCSTR, int) if (!*Module) Module = Subtype; - char *desc = (char*)PlugSubAlloc(g, NULL, strlen(Module) - + strlen(Subtype) + 3); - sprintf(desc, "%s(%s)", Module, Subtype); + size_t desc_size = strlen(Module) + strlen(Subtype) + 3; + char *desc = (char*)PlugSubAlloc(g, NULL, desc_size); + snprintf(desc, desc_size, "%s(%s)", Module, Subtype); Desc = desc; // If define block not here yet, get it now diff --git a/storage/connect/restget.cpp b/storage/connect/restget.cpp index 29dae23078066..bd75851596c06 100644 --- a/storage/connect/restget.cpp +++ b/storage/connect/restget.cpp @@ -79,7 +79,7 @@ int restGetFile(char *m, bool xt, PCSZ http, PCSZ uri, PCSZ fn) if (xt) fprintf(stderr, "Error exception: %s\n", e.what()); - sprintf(m, "Error exception: %s", e.what()); + snprintf(m, 4160, "Error exception: %s", e.what()); rc= 1; } // end try/catch diff --git a/storage/connect/tabcol.cpp b/storage/connect/tabcol.cpp index 93de0598fe816..75616c68c87fa 100644 --- a/storage/connect/tabcol.cpp +++ b/storage/connect/tabcol.cpp @@ -99,7 +99,7 @@ void XTAB::Prints(PGLOBAL, char *ps, uint z) *ps = '\0'; for (PTABLE tp = this; tp && n > 0; tp = tp->Next) { - i = sprintf(buf, "TABLE: %s.%s %s To_Tdb=%p ", + i = snprintf(buf, sizeof(buf), "TABLE: %s.%s %s To_Tdb=%p ", SVP(tp->Schema), tp->Name, SVP(tp->Srcdef), tp->To_Tdb); strncat(ps, buf, n); n -= i; @@ -159,10 +159,10 @@ void COLUMN::Prints(PGLOBAL, char *ps, uint z) char buf[80]; if (Name) - sprintf(buf, "COLUMN: %s.%s table=%p col=%p", + snprintf(buf, sizeof(buf), "COLUMN: %s.%s table=%p col=%p", ((!Qualifier) ? (PSZ)"?" : Qualifier), Name, To_Table, To_Col); else // LNA - sprintf(buf, "C%d", (!Qualifier) ? 0 : *(int *)Qualifier); + snprintf(buf, sizeof(buf), "C%d", (!Qualifier) ? 0 : *(int *)Qualifier); strncpy(ps, buf, z); ps[z - 1] = '\0'; diff --git a/storage/connect/tabdos.cpp b/storage/connect/tabdos.cpp index 0fdc182f6df23..a21b2ea62c2b6 100644 --- a/storage/connect/tabdos.cpp +++ b/storage/connect/tabdos.cpp @@ -2694,7 +2694,7 @@ void DOSCOL::WriteColumn(PGLOBAL g) for (; i < Dcm; i++) safe_strcat(fmt, sizeof(fmt), "0"); - len = sprintf(Buf, fmt, field - i, Value->GetShortValue()); + len = snprintf(Buf, field + 1, fmt, field - i, Value->GetShortValue()); break; case TYPE_INT: safe_strcpy(fmt, sizeof(fmt), (Ldz) ? "%0*d" : "%*.d"); @@ -2704,7 +2704,7 @@ void DOSCOL::WriteColumn(PGLOBAL g) for (; i < Dcm; i++) safe_strcat(fmt,sizeof(fmt), "0"); - len = sprintf(Buf, fmt, field - i, Value->GetIntValue()); + len = snprintf(Buf, field + 1, fmt, field - i, Value->GetIntValue()); break; case TYPE_TINY: safe_strcpy(fmt, sizeof(fmt), (Ldz) ? "%0*d" : "%*.d"); @@ -2714,7 +2714,7 @@ void DOSCOL::WriteColumn(PGLOBAL g) for (; i < Dcm; i++) safe_strcat(fmt, sizeof(fmt), "0"); - len = sprintf(Buf, fmt, field - i, Value->GetTinyValue()); + len = snprintf(Buf, field + 1, fmt, field - i, Value->GetTinyValue()); break; case TYPE_DOUBLE: case TYPE_DECIM: diff --git a/storage/connect/tabext.cpp b/storage/connect/tabext.cpp index f3a1faf92184a..f0b3358ae4498 100644 --- a/storage/connect/tabext.cpp +++ b/storage/connect/tabext.cpp @@ -355,22 +355,22 @@ bool TDBEXT::MakeSrcdef(PGLOBAL g) if (!stricmp(ph, "W") && n_placeholders <= 1) { Query = new(g)STRING(g, strlen(Srcdef) + strlen(fil1)); - Query->SetLength(sprintf(Query->GetStr(), Srcdef, fil1)); + Query->SetLength(snprintf(Query->GetStr(), Query->GetSize(), Srcdef, fil1)); } else if (!stricmp(ph, "WH") && n_placeholders <= 2) { Query = new(g)STRING(g, strlen(Srcdef) + strlen(fil1) + strlen(fil2)); - Query->SetLength(sprintf(Query->GetStr(), Srcdef, fil1, fil2)); + Query->SetLength(snprintf(Query->GetStr(), Query->GetSize(), Srcdef, fil1, fil2)); } else if (!stricmp(ph, "H") && n_placeholders <= 1) { Query = new(g)STRING(g, strlen(Srcdef) + strlen(fil2)); - Query->SetLength(sprintf(Query->GetStr(), Srcdef, fil2)); + Query->SetLength(snprintf(Query->GetStr(), Query->GetSize(), Srcdef, fil2)); } else if (!stricmp(ph, "HW") && n_placeholders <= 2) { Query = new(g)STRING(g, strlen(Srcdef) + strlen(fil1) + strlen(fil2)); - Query->SetLength(sprintf(Query->GetStr(), Srcdef, fil2, fil1)); + Query->SetLength(snprintf(Query->GetStr(), Query->GetSize(), Srcdef, fil2, fil1)); } else { safe_strcpy(g->Message, sizeof(g->Message), "MakeSQL: Wrong place holders specification"); return true; diff --git a/storage/connect/tabfmt.cpp b/storage/connect/tabfmt.cpp index 443d5a9c87f8b..210c372e9b8b9 100644 --- a/storage/connect/tabfmt.cpp +++ b/storage/connect/tabfmt.cpp @@ -416,7 +416,7 @@ PQRYRES CSVColumns(PGLOBAL g, PCSZ dp, PTOS topt, bool info) /*********************************************************************/ for (i = 0; i < imax; i++) { if (i >= hmax) { - sprintf(buf, "COL%.3d", i+1); + snprintf(buf, sizeof(buf), "COL%.3d", i+1); p = buf; } else p = colname[i]; diff --git a/storage/connect/tabjdbc.cpp b/storage/connect/tabjdbc.cpp index 0242832b02ff2..6842dcaa64eb7 100644 --- a/storage/connect/tabjdbc.cpp +++ b/storage/connect/tabjdbc.cpp @@ -177,7 +177,7 @@ int JDBCDEF::ParseURL(PGLOBAL g, char *url, bool b) if (server->port) { char buf[16]; - sprintf(buf, "%ld", server->port); + snprintf(buf, sizeof(buf), "%ld", server->port); strcat(strcat(Url, ":"), buf); } // endif port diff --git a/storage/connect/tabjson.cpp b/storage/connect/tabjson.cpp index e9c8ba0a804a3..f92b941dc4b6b 100644 --- a/storage/connect/tabjson.cpp +++ b/storage/connect/tabjson.cpp @@ -488,7 +488,7 @@ bool JSONDISC::Find(PGLOBAL g, PJVAL jvp, PCSZ key, int j) n = sizeof(fmt) - (strlen(fmt) + 1); if (!tdp->Xcol || stricmp(tdp->Xcol, key)) { - sprintf(buf, "%d", k); + snprintf(buf, sizeof(buf), "%d", k); if (tdp->Uri) { strncat(strncat(fmt, sep, n), buf, n - strlen(sep)); diff --git a/storage/connect/table.cpp b/storage/connect/table.cpp index b0b5b86ca3b91..e5a52816a5525 100644 --- a/storage/connect/table.cpp +++ b/storage/connect/table.cpp @@ -321,9 +321,9 @@ void TDB::Printf(PGLOBAL g, FILE *f, uint n) } // end of Printf -void TDB::Prints(PGLOBAL, char *ps, uint) +void TDB::Prints(PGLOBAL, char *ps, uint z) { - sprintf(ps, "R%d.%s", Tdb_No, Name); + snprintf(ps, z, "R%d.%s", Tdb_No, Name); } // end of Prints /* -------------------------- class TDBASE --------------------------- */ diff --git a/storage/connect/tabmac.cpp b/storage/connect/tabmac.cpp index a07f9de8507bd..97f1852bd6f0b 100644 --- a/storage/connect/tabmac.cpp +++ b/storage/connect/tabmac.cpp @@ -386,7 +386,7 @@ void MACCOL::ReadColumn(PGLOBAL g) if (i) strcat(p++, "-"); - p += sprintf(p, "%.2X", adp->Address[i]); + p += snprintf(p, sizeof(buf) - (p - buf), "%.2X", adp->Address[i]); } // endfor i p = buf; @@ -401,7 +401,7 @@ void MACCOL::ReadColumn(PGLOBAL g) case IF_LOOPBACK_ADAPTERTYPE: p = "Loop Back Adapter"; break; // case IF_SLIP_ADAPTERTYPE: p = "Generic Slip Adapter"; break; default: - sprintf(buf, "Other Adapter, type=%d", adp->Type); + snprintf(buf, sizeof(buf), "Other Adapter, type=%d", adp->Type); p = buf; } // endswitch Type #endif // 0 @@ -443,7 +443,7 @@ void MACCOL::ReadColumn(PGLOBAL g) break; default: if (Buf_Type == TYPE_STRING) { - sprintf(buf, "Invalid flag value %d", Flag); + snprintf(buf, sizeof(buf), "Invalid flag value %d", Flag); p = buf; } else n = 0; diff --git a/storage/connect/tabmul.cpp b/storage/connect/tabmul.cpp index 7e2857f17a088..5b0c333855ffe 100644 --- a/storage/connect/tabmul.cpp +++ b/storage/connect/tabmul.cpp @@ -957,7 +957,7 @@ void DIRCOL::SetTimeValue(PGLOBAL g, FILETIME& ftime) SYSTEMTIME stp; if (FileTimeToSystemTime(&ftime, &stp)) { - sprintf(tsp, "%04d-%02d-%02d %02d:%02d:%02d", + snprintf(tsp, sizeof(tsp), "%04d-%02d-%02d %02d:%02d:%02d", stp.wYear, stp.wMonth, stp.wDay, stp.wHour, stp.wMinute, stp.wSecond); if (Value->GetType() != TYPE_STRING) { diff --git a/storage/connect/tabodbc.cpp b/storage/connect/tabodbc.cpp index d60cd03995194..8b6076a8ffe97 100644 --- a/storage/connect/tabodbc.cpp +++ b/storage/connect/tabodbc.cpp @@ -286,7 +286,7 @@ void TDBODBC::SetFile(PGLOBAL g, PCSZ fn) } // endif n // Make the complete connect string - sprintf(Connect, MulConn, fn); + snprintf(Connect, BufSize, MulConn, fn); } // endif MultConn DBQ = PlugDup(g, fn); diff --git a/storage/connect/tabpivot.cpp b/storage/connect/tabpivot.cpp index da5885f9914da..3dcc066105f6e 100644 --- a/storage/connect/tabpivot.cpp +++ b/storage/connect/tabpivot.cpp @@ -243,8 +243,9 @@ PQRYRES PIVAID::MakePivotColumns(PGLOBAL g) // if (Myc.ExecSQL(g, "SET character_set_results=NULL", &w) == RC_FX) // goto err; + size_t query_size = strlen(Picol) + strlen(Tabname) + 30; query = (char*)PlugSubAlloc(g, NULL, 0); - sprintf(query, "SELECT DISTINCT `%s` FROM `%s`", Picol, Tabname); + snprintf(query, query_size, "SELECT DISTINCT `%s` FROM `%s`", Picol, Tabname); PlugSubAlloc(g, NULL, strlen(query) + 1); Myc.FreeResult(); diff --git a/storage/connect/tabrest.cpp b/storage/connect/tabrest.cpp index e75e200690560..43f7b4fd0b4af 100644 --- a/storage/connect/tabrest.cpp +++ b/storage/connect/tabrest.cpp @@ -73,7 +73,7 @@ int Xcurl(PGLOBAL g, PCSZ Http, PCSZ Uri, PCSZ filename) STARTUPINFO si; PROCESS_INFORMATION pi; - sprintf(cmd, "curl \"%s\" -o \"%s\"", buf, filename); + snprintf(cmd, sizeof(cmd), "curl \"%s\" -o \"%s\"", buf, filename); ZeroMemory(&si, sizeof(si)); si.cb = sizeof(si); @@ -118,7 +118,7 @@ int Xcurl(PGLOBAL g, PCSZ Http, PCSZ Uri, PCSZ filename) #else pID = fork(); #endif - sprintf(fn, "-o%s", filename); + snprintf(fn, sizeof(fn), "-o%s", filename); if (pID == 0) { // Code executed by child process diff --git a/storage/connect/tabutil.cpp b/storage/connect/tabutil.cpp index 9a4c0d457203f..8095632d7f5f5 100644 --- a/storage/connect/tabutil.cpp +++ b/storage/connect/tabutil.cpp @@ -86,8 +86,8 @@ TABLE_SHARE *GetTableShare(PGLOBAL g, THD *thd, const char *db, uint k; TABLE_SHARE *s; - k = sprintf(key, "%s", db) + 1; - k += sprintf(key + k, "%s", name); + k = snprintf(key, sizeof(key), "%s", db) + 1; + k += snprintf(key + k, sizeof(key) - k, "%s", name); key[++k] = 0; if (!(s = alloc_table_share(db, name, key, ++k))) { diff --git a/storage/connect/tabvct.cpp b/storage/connect/tabvct.cpp index f5710688d3c5c..1098c90bb36c5 100644 --- a/storage/connect/tabvct.cpp +++ b/storage/connect/tabvct.cpp @@ -143,7 +143,7 @@ bool VCTDEF::Erase(char *filename) MakeFnPattern(fpat); for (i = 1, cdp = To_Cols; cdp; i++, cdp = cdp->GetNext()) { - sprintf(filename, fpat, i); + snprintf(filename, _MAX_PATH, fpat, i); //#if defined(_WIN32) // rc |= !DeleteFile(filename); //#else // UNIX @@ -189,7 +189,7 @@ int VCTDEF::MakeFnPattern(char *fpat) for (n = 1, m = ncol; m /= 10; n++) ; - sprintf(pat, "%%0%dd", n); + snprintf(pat, sizeof(pat), "%%0%dd", n); _splitpath(Fn, drive, direc, fname, ftype); strcat(fname, pat); _makepath(fpat, drive, direc, fname, ftype); diff --git a/storage/connect/valblk.cpp b/storage/connect/valblk.cpp index 528c4abf3dbd2..5c7cec2d3405c 100644 --- a/storage/connect/valblk.cpp +++ b/storage/connect/valblk.cpp @@ -268,14 +268,14 @@ bool TYPBLK::Init(PGLOBAL g, bool check) template char *TYPBLK::GetCharString(char *p, int n) { - sprintf(p, Fmt, UnalignedRead(n)); + snprintf(p, 32, Fmt, UnalignedRead(n)); return p; } // end of GetCharString template <> char *TYPBLK::GetCharString(char *p, int n) { - sprintf(p, Fmt, Prec, UnalignedRead(n)); + snprintf(p, 32, Fmt, Prec, UnalignedRead(n)); return p; } // end of GetCharString diff --git a/storage/connect/value.cpp b/storage/connect/value.cpp index 344b0dea50f9f..b648aa1c95620 100644 --- a/storage/connect/value.cpp +++ b/storage/connect/value.cpp @@ -900,7 +900,7 @@ int TYPVAL::ShowValue(char *buf, int len) template char *TYPVAL::GetCharString(char *p) { - sprintf(p, Fmt, Tval); + snprintf(p, 32, Fmt, Tval); return p; } // end of GetCharString @@ -919,7 +919,7 @@ char *TYPVAL::GetCharString(char *p) template char *TYPVAL::GetShortString(char *p, int n) { - sprintf(p, "%*hd", n, (short)Tval); + snprintf(p, 32, "%*hd", n, (short)Tval); return p; } // end of GetShortString @@ -929,7 +929,7 @@ char *TYPVAL::GetShortString(char *p, int n) template char *TYPVAL::GetIntString(char *p, int n) { - sprintf(p, "%*d", n, (int)Tval); + snprintf(p, 32, "%*d", n, (int)Tval); return p; } // end of GetIntString @@ -939,7 +939,7 @@ char *TYPVAL::GetIntString(char *p, int n) template char *TYPVAL::GetBigintString(char *p, int n) { - sprintf(p, "%*lld", n, (longlong)Tval); + snprintf(p, 32, "%*lld", n, (longlong)Tval); return p; } // end of GetBigintString @@ -949,7 +949,7 @@ char *TYPVAL::GetBigintString(char *p, int n) template char *TYPVAL::GetFloatString(char *p, int n, int prec) { - sprintf(p, "%*.*lf", n, (prec < 0) ? 2 : prec, (double)Tval); + snprintf(p, 32, "%*.*lf", n, (prec < 0) ? 2 : prec, (double)Tval); return p; } // end of GetFloatString @@ -959,7 +959,7 @@ char *TYPVAL::GetFloatString(char *p, int n, int prec) template char *TYPVAL::GetTinyString(char *p, int n) { - sprintf(p, "%*d", n, (int)(char)Tval); + snprintf(p, 32, "%*d", n, (int)(char)Tval); return p; } // end of GetIntString #endif // 0 @@ -1208,7 +1208,7 @@ bool TYPVAL::FormatValue(PVAL vp, PCSZ fmt) // This function is wrong and should never be called assert(false); char *buf = (char*)vp->GetTo_Val(); // Not big enough - int n = sprintf(buf, fmt, Tval); + int n = snprintf(buf, vp->GetValLen() + 1, fmt, Tval); return (n > vp->GetValLen()); } // end of FormatValue @@ -1222,7 +1222,7 @@ bool TYPVAL::SetConstFormat(PGLOBAL g, FORMAT& fmt) char c[32]; fmt.Type[0] = *GetFormatType(Type); - fmt.Length = sprintf(c, Fmt, Tval); + fmt.Length = snprintf(c, sizeof(c), Fmt, Tval); fmt.Prec = Prec; return false; } // end of SetConstFormat @@ -1432,7 +1432,7 @@ void TYPVAL::SetValue(int n) { char buf[16]; PGLOBAL& g = Global; - int k = sprintf(buf, "%d", n); + int k = snprintf(buf, sizeof(buf), "%d", n); if (k > Len) { snprintf(g->Message, sizeof(g->Message), MSG(VALSTR_TOO_LONG), buf, Len); @@ -1450,7 +1450,7 @@ void TYPVAL::SetValue(uint n) { char buf[16]; PGLOBAL& g = Global; - int k = sprintf(buf, "%u", n); + int k = snprintf(buf, sizeof(buf), "%u", n); if (k > Len) { snprintf(g->Message, sizeof(g->Message), MSG(VALSTR_TOO_LONG), buf, Len); @@ -1486,7 +1486,7 @@ void TYPVAL::SetValue(longlong n) { char buf[24]; PGLOBAL& g = Global; - int k = sprintf(buf, "%lld", n); + int k = snprintf(buf, sizeof(buf), "%lld", n); if (k > Len) { snprintf(g->Message, sizeof(g->Message), MSG(VALSTR_TOO_LONG), buf, Len); @@ -1504,7 +1504,7 @@ void TYPVAL::SetValue(ulonglong n) { char buf[24]; PGLOBAL& g = Global; - int k = sprintf(buf, "%llu", n); + int k = snprintf(buf, sizeof(buf), "%llu", n); if (k > Len) { snprintf(g->Message, sizeof(g->Message), MSG(VALSTR_TOO_LONG), buf, Len); @@ -1522,7 +1522,7 @@ void TYPVAL::SetValue(double f) { char *p, buf[64]; PGLOBAL& g = Global; - int k = sprintf(buf, "%lf", f); + int k = snprintf(buf, sizeof(buf), "%lf", f); for (p = buf + k - 1; p >= buf; p--) if (*p == '0') { @@ -1717,7 +1717,7 @@ bool TYPVAL::Compute(PGLOBAL g, PVAL *vp, int np, OPVAL op) bool TYPVAL::FormatValue(PVAL vp, PCSZ fmt) { char *buf = (char*)vp->GetTo_Val(); // Should be big enough - int n = sprintf(buf, fmt, Strp); + int n = snprintf(buf, vp->GetValLen() + 1, fmt, Strp); return (n > vp->GetValLen()); } // end of FormatValue @@ -2295,7 +2295,7 @@ char *BINVAL::GetCharString(char *) if (!Chrp) Chrp = (char*)PlugSubAlloc(Global, NULL, Clen * 2 + 1); - sprintf(Chrp, GetXfmt(), Len, Binp); + snprintf(Chrp, Clen * 2 + 1, GetXfmt(), Len, Binp); return Chrp; } // end of GetCharString @@ -2331,7 +2331,7 @@ bool BINVAL::IsEqual(PVAL vp, bool chktype) bool BINVAL::FormatValue(PVAL vp, PCSZ fmt) { char *buf = (char*)vp->GetTo_Val(); // Should be big enough - int n = sprintf(buf, fmt, Len, Binp); + int n = snprintf(buf, vp->GetValLen() + 1, fmt, Len, Binp); return (n > vp->GetValLen()); } // end of FormatValue @@ -2774,7 +2774,7 @@ char *DTVAL::GetCharString(char *p) return Sdate; } else - sprintf(p, "%d", Tval); + snprintf(p, 32, "%d", Tval); //Null = false; ?????????????? return p; diff --git a/storage/connect/xindex.cpp b/storage/connect/xindex.cpp index 471339a712660..4bf9d77d809c2 100644 --- a/storage/connect/xindex.cpp +++ b/storage/connect/xindex.cpp @@ -434,7 +434,7 @@ bool XINDEX::Make(PGLOBAL g, PIXDEF sxp) /* Get the starting information for progress. */ /*********************************************************************/ dup->Step = (char*)PlugSubAlloc(g, NULL, 128); - sprintf((char*)dup->Step, MSG(BUILD_INDEX), Xdp->GetName(), Tdbp->Name); + snprintf((char*)dup->Step, 128, MSG(BUILD_INDEX), Xdp->GetName(), Tdbp->Name); dup->ProgMax = Tdbp->GetProgMax(g); dup->ProgCur = 0; #endif // 0 diff --git a/storage/connect/xobject.cpp b/storage/connect/xobject.cpp index 21a91653801dc..5dfaf77f765f5 100644 --- a/storage/connect/xobject.cpp +++ b/storage/connect/xobject.cpp @@ -141,25 +141,27 @@ bool CONSTANT::Compare(PXOB xp) /***********************************************************************/ bool CONSTANT::Rephrase(PGLOBAL g, PSZ work) { + size_t cur_len = strlen(work); + switch (Value->GetType()) { case TYPE_STRING: - sprintf(work + strlen(work), "'%s'", Value->GetCharValue()); + snprintf(work + cur_len, MAX_STR - cur_len, "'%s'", Value->GetCharValue()); break; case TYPE_SHORT: - sprintf(work + strlen(work), "%hd", Value->GetShortValue()); + snprintf(work + cur_len, MAX_STR - cur_len, "%hd", Value->GetShortValue()); break; case TYPE_INT: case TYPE_DATE: - sprintf(work + strlen(work), "%d", Value->GetIntValue()); + snprintf(work + cur_len, MAX_STR - cur_len, "%d", Value->GetIntValue()); break; case TYPE_DOUBLE: - sprintf(work + strlen(work), "%lf", Value->GetFloatValue()); + snprintf(work + cur_len, MAX_STR - cur_len, "%lf", Value->GetFloatValue()); break; case TYPE_BIGINT: - sprintf(work + strlen(work), "%lld", Value->GetBigintValue()); + snprintf(work + cur_len, MAX_STR - cur_len, "%lld", Value->GetBigintValue()); break; case TYPE_TINY: - sprintf(work + strlen(work), "%d", Value->GetTinyValue()); + snprintf(work + cur_len, MAX_STR - cur_len, "%d", Value->GetTinyValue()); break; default: snprintf(g->Message, sizeof(g->Message), MSG(BAD_CONST_TYPE), Value->GetType()); diff --git a/storage/federated/ha_federated.cc b/storage/federated/ha_federated.cc index 8e0ee5977c361..4e21c3295bd22 100644 --- a/storage/federated/ha_federated.cc +++ b/storage/federated/ha_federated.cc @@ -2447,8 +2447,8 @@ int ha_federated::index_read_idx_with_result_set(uchar *buf, uint index, if (real_query(sql_query.ptr(), sql_query.length())) { - sprintf(error_buffer, "error: %d '%s'", - mysql_errno(mysql), mysql_error(mysql)); + snprintf(error_buffer, sizeof(error_buffer), "error: %d '%s'", + mysql_errno(mysql), mysql_error(mysql)); retval= ER_QUERY_ON_FOREIGN_DATA_SOURCE; goto error; } diff --git a/storage/heap/hp_test1.c b/storage/heap/hp_test1.c index 03054843c7ef5..9f87ea6b33a4f 100644 --- a/storage/heap/hp_test1.c +++ b/storage/heap/hp_test1.c @@ -74,7 +74,7 @@ int main(int argc, char **argv) for (i=49 ; i>=1 ; i-=2 ) { j=i%25 +1; - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); bmove(record+1,key,6); error=heap_write(file,record); if (heap_check_heap(file,0)) @@ -96,7 +96,7 @@ int main(int argc, char **argv) for (i=1 ; i<=10 ; i++) { if (i == remove_ant) { (void) heap_close(file); return (0) ; } - sprintf((char*) key,"%6d",(j=(int) ((rand() & 32767)/32767.*25))); + snprintf((char*) key, sizeof(key), "%6d",(j=(int) ((rand() & 32767)/32767.*25))); if ((error = heap_rkey(file,record,0,key,6,HA_READ_KEY_EXACT))) { if (verbose || (flags[j] == 1 || @@ -120,7 +120,7 @@ int main(int argc, char **argv) printf("- Reading records with key\n"); for (i=1 ; i<=25 ; i++) { - sprintf((char*) key,"%6d",i); + snprintf((char*) key, sizeof(key), "%6d",i); bmove(record+1,key,6); my_errno=0; error=heap_rkey(file,record,0,key,6,HA_READ_KEY_EXACT); diff --git a/storage/heap/hp_test2.c b/storage/heap/hp_test2.c index 27d15077b86cd..2ca1dd77fbb7e 100644 --- a/storage/heap/hp_test2.c +++ b/storage/heap/hp_test2.c @@ -174,7 +174,7 @@ int main(int argc, char *argv[]) for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (j != 0) { - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (heap_rkey(file,record,0,key,6, HA_READ_KEY_EXACT)) { printf("can't find key1: \"%s\"\n",(char*) key); @@ -229,7 +229,7 @@ int main(int argc, char *argv[]) for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (!key1[j]) continue; - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (heap_rkey(file,record,0,key,6, HA_READ_KEY_EXACT)) { printf("can't find key1: \"%s\"\n",(char*) key); @@ -272,7 +272,7 @@ int main(int argc, char *argv[]) for (i=999, dupp_keys=found_key=0 ; i>0 ; i--) { if (key1[i] > dupp_keys) { dupp_keys=key1[i]; found_key=i; } - sprintf((char*) key,"%6d",found_key); + snprintf((char*) key, sizeof(key), "%6d",found_key); } if (dupp_keys > 3) @@ -461,7 +461,7 @@ int main(int argc, char *argv[]) for (i=999, dupp_keys=found_key=0 ; i>0 ; i--) { if (key1[i] > dupp_keys) { dupp_keys=key1[i]; found_key=i; } - sprintf((char*) key,"%6d",found_key); + snprintf((char*) key, sizeof(key), "%6d",found_key); } printf("- Read through all keys with first-next-last-prev\n"); ant=0; @@ -636,8 +636,8 @@ static void make_record(uchar *record, uint n1, uint n2, uint n3, const char *mark, uint count) { bfill(record,reclength,' '); - sprintf((char*) record,"%6d:%4d:%8d:%3.3s: %4d", - n1,n2,n3,mark,count); + snprintf((char*) record, reclength, "%6d:%4d:%8d:%3.3s: %4d", + n1,n2,n3,mark,count); record[37]='A'; /* Store A in null key */ record[38]=1; /* set as null */ } diff --git a/storage/innobase/buf/buf0dump.cc b/storage/innobase/buf/buf0dump.cc index ff46074e8d0b6..d3281b0fe8ff5 100644 --- a/storage/innobase/buf/buf0dump.cc +++ b/storage/innobase/buf/buf0dump.cc @@ -404,7 +404,7 @@ buf_dump( /* success */ - ut_sprintf_timestamp(now); + ut_sprintf_timestamp(now, sizeof(now)); buf_dump_status(STATUS_INFO, "Buffer pool(s) dump completed at %s", now); @@ -487,7 +487,7 @@ buf_load() dump_n * sizeof(*dump))); } else { fclose(f); - ut_sprintf_timestamp(now); + ut_sprintf_timestamp(now, sizeof(now)); buf_load_status(STATUS_INFO, "Buffer pool(s) load completed at %s" " (%s was empty)", now, full_filename); @@ -553,7 +553,7 @@ buf_load() if (dump_n == 0) { ut_free(dump); - ut_sprintf_timestamp(now); + ut_sprintf_timestamp(now, sizeof(now)); buf_load_status(STATUS_INFO, "Buffer pool(s) load completed at %s" " (%s was empty or had errors)", now, full_filename); @@ -668,7 +668,7 @@ buf_load() os_aio_wait_until_no_pending_reads(true); - ut_sprintf_timestamp(now); + ut_sprintf_timestamp(now, sizeof(now)); if (i == dump_n) { buf_load_status(STATUS_INFO, diff --git a/storage/innobase/dict/dict0dict.cc b/storage/innobase/dict/dict0dict.cc index d14dd7fea063d..76b5b86fea646 100644 --- a/storage/innobase/dict/dict0dict.cc +++ b/storage/innobase/dict/dict0dict.cc @@ -1734,13 +1734,15 @@ dict_table_rename_in_cache( char table_name[MAX_TABLE_NAME_LEN + 1]; uint errors = 0; + size_t id_alloc_len= + strlen(table->name.m_name) + + strlen(old_id) + 1; if (strlen(table->name.m_name) > strlen(old_name)) { foreign->id = static_cast( mem_heap_alloc( foreign->heap, - strlen(table->name.m_name) - + strlen(old_id) + 1)); + id_alloc_len)); } /* Convert the table name to UTF-8 */ @@ -1769,10 +1771,15 @@ dict_table_rename_in_cache( strcat(foreign->id, old_id + strlen(old_name)); } else { - sprintf(strchr(foreign->id, '/') + 1, - "%s%s", - strchr(table_name, '/') +1, - strstr(old_id, "_ibfk_") ); + char *slash= strchr(foreign->id, '/'); + size_t remaining= + id_alloc_len + - (size_t) (slash + 1 + - foreign->id); + snprintf(slash + 1, remaining, + "%s%s", + strchr(table_name, '/') + 1, + strstr(old_id, "_ibfk_")); } } else { diff --git a/storage/innobase/fts/fts0config.cc b/storage/innobase/fts/fts0config.cc index 524f648676eb7..35ed32238aa5d 100644 --- a/storage/innobase/fts/fts0config.cc +++ b/storage/innobase/fts/fts0config.cc @@ -144,7 +144,8 @@ fts_config_create_index_param_name( ::strcpy(name, param); name[len] = '_'; - fts_write_object_id(index->id, name + len + 1); + fts_write_object_id(index->id, name + len + 1, + FTS_AUX_MIN_TABLE_ID_LENGTH + 1); return(name); } diff --git a/storage/innobase/fts/fts0sql.cc b/storage/innobase/fts/fts0sql.cc index 1970f6f584feb..9127411b4239c 100644 --- a/storage/innobase/fts/fts0sql.cc +++ b/storage/innobase/fts/fts0sql.cc @@ -60,18 +60,21 @@ fts_get_table_id( switch (fts_table->type) { case FTS_COMMON_TABLE: - len = fts_write_object_id(fts_table->table_id, table_id); + len = fts_write_object_id(fts_table->table_id, table_id, + FTS_AUX_MIN_TABLE_ID_LENGTH); break; case FTS_INDEX_TABLE: - len = fts_write_object_id(fts_table->table_id, table_id); + len = fts_write_object_id(fts_table->table_id, table_id, + FTS_AUX_MIN_TABLE_ID_LENGTH); table_id[len] = '_'; ++len; table_id += len; - len += fts_write_object_id(fts_table->index_id, table_id); + len += fts_write_object_id(fts_table->index_id, table_id, + FTS_AUX_MIN_TABLE_ID_LENGTH - len); break; default: diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc index df5c3d80395cb..310d4724b7edc 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc @@ -21231,7 +21231,7 @@ ib_foreign_warn(trx_t* trx, /*!< in: trx */ } va_start(args, format); - vsprintf(buf, format, args); + vsnprintf(buf, MAX_BUF_SIZE, format, args); va_end(args); mysql_mutex_lock(&dict_foreign_err_mutex); diff --git a/storage/innobase/include/dict0crea.inl b/storage/innobase/include/dict0crea.inl index 5641206d313cd..2f972907135ba 100644 --- a/storage/innobase/include/dict0crea.inl +++ b/storage/innobase/include/dict0crea.inl @@ -54,8 +54,9 @@ dict_create_add_foreign_id( if (dict_table_t::is_temporary_name(name)) { /* no overflow if number < 1e13 */ - sprintf(id, "%s_ibfk_%lu", name, - (ulong) (*id_nr)++); + snprintf(id, namelen + 20, + "%s_ibfk_%lu", name, + (ulong) (*id_nr)++); } else { char table_name[MAX_TABLE_NAME_LEN + 21]; uint errors = 0; @@ -75,8 +76,9 @@ dict_create_add_foreign_id( } /* no overflow if number < 1e13 */ - sprintf(id, "%s_ibfk_%lu", table_name, - (ulong) (*id_nr)++); + snprintf(id, namelen + 20, + "%s_ibfk_%lu", table_name, + (ulong) (*id_nr)++); if (innobase_check_identifier_length( strchr(id,'/') + 1)) { diff --git a/storage/innobase/include/fts0priv.h b/storage/innobase/include/fts0priv.h index 04faceb995e09..4938747510077 100644 --- a/storage/innobase/include/fts0priv.h +++ b/storage/innobase/include/fts0priv.h @@ -415,7 +415,8 @@ int fts_write_object_id( /*================*/ ib_id_t id, /*!< in: a table/index id */ - char* str); /*!< in: buffer to write the id to */ + char* str, /*!< in: buffer to write the id to */ + size_t str_size); /*!< in: size of buffer */ /******************************************************************//** Read the table id from the string generated by fts_write_object_id(). @return TRUE if parse successful */ diff --git a/storage/innobase/include/fts0priv.inl b/storage/innobase/include/fts0priv.inl index 3d937bb3cd971..f8aa13a7fce74 100644 --- a/storage/innobase/include/fts0priv.inl +++ b/storage/innobase/include/fts0priv.inl @@ -32,9 +32,10 @@ int fts_write_object_id( /*================*/ ib_id_t id, /* in: a table/index id */ - char* str) /* in: buffer to write the id to */ + char* str, /* in: buffer to write the id to */ + size_t str_size) /* in: size of buffer */ { - return(sprintf(str, "%016llx", (ulonglong) id)); + return((int) snprintf(str, str_size, "%016llx", (ulonglong) id)); } /******************************************************************//** diff --git a/storage/innobase/include/ut0ut.h b/storage/innobase/include/ut0ut.h index 500b64552f9d6..736460cb62ff7 100644 --- a/storage/innobase/include/ut0ut.h +++ b/storage/innobase/include/ut0ut.h @@ -185,7 +185,8 @@ Sprintfs a timestamp to a buffer, 13..14 chars plus terminating NUL. */ void ut_sprintf_timestamp( /*=================*/ - char* buf); /*!< in: buffer where to sprintf */ + char* buf, /*!< in: buffer where to sprintf */ + size_t buf_size); /*!< in: size of the buffer */ /*************************************************************//** Prints the contents of a memory buffer in hex and ascii. */ diff --git a/storage/innobase/mem/mem0mem.cc b/storage/innobase/mem/mem0mem.cc index 8a342275a46db..e9e1b947f045e 100644 --- a/storage/innobase/mem/mem0mem.cc +++ b/storage/innobase/mem/mem0mem.cc @@ -125,7 +125,8 @@ mem_heap_printf_low( val = va_arg(ap, unsigned long); - plen = size_t(sprintf(tmp, "%lu", val)); + plen = size_t(snprintf(tmp, sizeof(tmp), + "%lu", val)); len += plen; if (buf) { diff --git a/storage/innobase/srv/srv0start.cc b/storage/innobase/srv/srv0start.cc index 397656fc0e59e..20861f4f4b849 100644 --- a/storage/innobase/srv/srv0start.cc +++ b/storage/innobase/srv/srv0start.cc @@ -1205,16 +1205,18 @@ dberr_t srv_start(bool create_new_db) if (!srv_read_only_mode) { if (srv_innodb_status) { + size_t srv_monitor_file_name_size= + strlen(fil_path_to_mysql_datadir) + + 20 + sizeof "/innodb_status."; srv_monitor_file_name = static_cast( - ut_malloc_nokey( - strlen(fil_path_to_mysql_datadir) - + 20 + sizeof "/innodb_status.")); - - sprintf(srv_monitor_file_name, - "%s/innodb_status." ULINTPF, - fil_path_to_mysql_datadir, - static_cast - (IF_WIN(GetCurrentProcessId(), getpid()))); + ut_malloc_nokey(srv_monitor_file_name_size)); + + snprintf(srv_monitor_file_name, + srv_monitor_file_name_size, + "%s/innodb_status." ULINTPF, + fil_path_to_mysql_datadir, + static_cast + (IF_WIN(GetCurrentProcessId(), getpid()))); srv_monitor_file = my_fopen(srv_monitor_file_name, O_RDWR|O_TRUNC|O_CREAT, diff --git a/storage/innobase/ut/ut0ut.cc b/storage/innobase/ut/ut0ut.cc index 6bf28d7bdbd86..eedc2de69383a 100644 --- a/storage/innobase/ut/ut0ut.cc +++ b/storage/innobase/ut/ut0ut.cc @@ -103,31 +103,32 @@ Sprintfs a timestamp to a buffer, 13..14 chars plus terminating NUL. */ void ut_sprintf_timestamp( /*=================*/ - char* buf) /*!< in: buffer where to sprintf */ + char* buf, /*!< in: buffer where to sprintf */ + size_t buf_size) /*!< in: size of the buffer */ { #ifdef _WIN32 SYSTEMTIME cal_tm; GetLocalTime(&cal_tm); - sprintf(buf, "%02u%02u%02u %2u:%02u:%02u", - cal_tm.wYear % 100, - cal_tm.wMonth, - cal_tm.wDay, - cal_tm.wHour, - cal_tm.wMinute, - cal_tm.wSecond); + snprintf(buf, buf_size, "%02u%02u%02u %2u:%02u:%02u", + cal_tm.wYear % 100, + cal_tm.wMonth, + cal_tm.wDay, + cal_tm.wHour, + cal_tm.wMinute, + cal_tm.wSecond); #else time_t tm; struct tm cal_tm; time(&tm); localtime_r(&tm, &cal_tm); - sprintf(buf, "%02d%02d%02d %2d:%02d:%02d", - cal_tm.tm_year % 100, - cal_tm.tm_mon + 1, - cal_tm.tm_mday, - cal_tm.tm_hour, - cal_tm.tm_min, - cal_tm.tm_sec); + snprintf(buf, buf_size, "%02d%02d%02d %2d:%02d:%02d", + cal_tm.tm_year % 100, + cal_tm.tm_mon + 1, + cal_tm.tm_mday, + cal_tm.tm_hour, + cal_tm.tm_min, + cal_tm.tm_sec); #endif } diff --git a/storage/maria/aria_chk.c b/storage/maria/aria_chk.c index 89dfcd3e26101..01788d751d1a6 100644 --- a/storage/maria/aria_chk.c +++ b/storage/maria/aria_chk.c @@ -1617,12 +1617,12 @@ static void descript(HA_CHECK *param, register MARIA_HA *info, char *name) (int) share->state.header.file_version[3]); if (share->state.create_time) { - get_date(buff,1,share->state.create_time); + get_date(buff,sizeof(buff),1,share->state.create_time); printf("Creation time: %s\n",buff); } if (share->state.check_time) { - get_date(buff,1,share->state.check_time); + get_date(buff,sizeof(buff),1,share->state.check_time); printf("Check/recover time: %s\n",buff); } if (share->base.born_transactional) @@ -1851,7 +1851,7 @@ static void descript(HA_CHECK *param, register MARIA_HA *info, char *name) end=strmov(end,"no empty, "); if (share->columndef[field].pack_type & PACK_TYPE_ZERO_FILL) { - sprintf(end,"zerofill(%d), ",share->columndef[field].space_length_bits); + snprintf(end, buff + sizeof(buff) - end, "zerofill(%d), ",share->columndef[field].space_length_bits); end=strend(end); } } @@ -1861,8 +1861,8 @@ static void descript(HA_CHECK *param, register MARIA_HA *info, char *name) null_bit[0]=null_pos[0]=0; if (share->columndef[field].null_bit) { - sprintf(null_bit,"%d",share->columndef[field].null_bit); - sprintf(null_pos,"%d",share->columndef[field].null_pos+1); + snprintf(null_bit, sizeof(null_bit), "%d",share->columndef[field].null_bit); + snprintf(null_pos, sizeof(null_pos), "%d",share->columndef[field].null_pos+1); } printf("%-6d%-6u%-7s%-8s%-8s%-35s",field+1, (uint) share->columndef[field].offset+1, diff --git a/storage/maria/ma_bitmap.c b/storage/maria/ma_bitmap.c index b3622786fa080..8f31f5afe9008 100644 --- a/storage/maria/ma_bitmap.c +++ b/storage/maria/ma_bitmap.c @@ -521,7 +521,8 @@ my_bool _ma_bitmap_flush_all(MARIA_SHARE *share) { char tmp[MAX_BITMAP_INFO_LENGTH]; size_t len; - len= _ma_get_bitmap_description(bitmap, bitmap->map, bitmap->page, tmp); + len= _ma_get_bitmap_description(bitmap, bitmap->map, bitmap->page, tmp, + sizeof(tmp)); (void) translog_log_debug_info(0, LOGREC_DEBUG_INFO_QUERY, (uchar*) tmp, len); } @@ -962,9 +963,10 @@ void _ma_print_bitmap(MARIA_FILE_BITMAP *bitmap, uchar *data, size_t _ma_get_bitmap_description(MARIA_FILE_BITMAP *bitmap, uchar *bitmap_data, pgcache_page_no_t page, - char *out) + char *out, size_t out_size) { uchar *pos, *end; + char *out_end= out + out_size; size_t count=0, dot_printed= 0, len; char buff[80], last[80]; @@ -982,7 +984,7 @@ size_t _ma_get_bitmap_description(MARIA_FILE_BITMAP *bitmap, if (memcmp(buff, last, count)) { memcpy(last, buff, count); - len= sprintf(out, "%8lu: ", (ulong) (page - count)); + len= snprintf(out, out_end - out, "%8lu: ", (ulong) (page - count)); memcpy(out+len, buff, count); out+= len + count + 1; out[-1]= '\n'; @@ -998,7 +1000,7 @@ size_t _ma_get_bitmap_description(MARIA_FILE_BITMAP *bitmap, page++; } } - len= sprintf(out, "%8lu: ", (ulong) (page - count)); + len= snprintf(out, out_end - out, "%8lu: ", (ulong) (page - count)); memcpy(out+len, buff, count); out[len + count]= '\n'; out[len + count + 1]= 0; diff --git a/storage/maria/ma_blockrec.h b/storage/maria/ma_blockrec.h index 42546ebdd3fb2..8bb84ef04a9e6 100644 --- a/storage/maria/ma_blockrec.h +++ b/storage/maria/ma_blockrec.h @@ -248,7 +248,7 @@ void _ma_print_bitmap(MARIA_FILE_BITMAP *bitmap, uchar *data, size_t _ma_get_bitmap_description(MARIA_FILE_BITMAP *bitmap, uchar *bitmap_data, pgcache_page_no_t page, - char *out); + char *out, size_t out_size); uint _ma_apply_redo_insert_row_head_or_tail(MARIA_HA *info, LSN lsn, uint page_type, diff --git a/storage/maria/ma_check.c b/storage/maria/ma_check.c index 8e7f038d04481..dd046b8f42b22 100644 --- a/storage/maria/ma_check.c +++ b/storage/maria/ma_check.c @@ -7134,7 +7134,8 @@ static void print_bitmap_description(MARIA_SHARE *share, MYF(MY_WME | MY_THREADSAFE)); if (!tmp) return; - _ma_get_bitmap_description(&share->bitmap, bitmap_data, page, tmp); + _ma_get_bitmap_description(&share->bitmap, bitmap_data, page, tmp, + MAX_BITMAP_INFO_LENGTH); printf("Bitmap page %lu\n%s", (ulong) page, tmp); my_free(tmp); } diff --git a/storage/maria/ma_control_file.c b/storage/maria/ma_control_file.c index 07bfce85c9673..71bf99db681b3 100644 --- a/storage/maria/ma_control_file.c +++ b/storage/maria/ma_control_file.c @@ -388,8 +388,8 @@ CONTROL_FILE_ERROR ma_control_file_open(my_bool create_if_missing, if (buffer[CF_VERSION_OFFSET] > CONTROL_FILE_VERSION) { error= CONTROL_FILE_BAD_VERSION; - sprintf(errmsg_buff, "File is from a future aria system: %d. Current version is: %d", - (int) buffer[CF_VERSION_OFFSET], CONTROL_FILE_VERSION); + snprintf(errmsg_buff, sizeof(errmsg_buff), "File is from a future aria system: %d. Current version is: %d", + (int) buffer[CF_VERSION_OFFSET], CONTROL_FILE_VERSION); errmsg= errmsg_buff; goto err; } @@ -402,10 +402,10 @@ CONTROL_FILE_ERROR ma_control_file_open(my_bool create_if_missing, new_cf_create_time_size + new_cf_changeable_size > file_size) { error= CONTROL_FILE_INCONSISTENT_INFORMATION; - sprintf(errmsg_buff, - "Sizes stored in control file are inconsistent. " - "create_time_size: %u changeable_size: %u file_size: %llu", - new_cf_create_time_size, new_cf_changeable_size, (ulonglong) file_size); + snprintf(errmsg_buff, sizeof(errmsg_buff), + "Sizes stored in control file are inconsistent. " + "create_time_size: %u changeable_size: %u file_size: %llu", + new_cf_create_time_size, new_cf_changeable_size, (ulonglong) file_size); errmsg= errmsg_buff; goto err; } @@ -414,9 +414,9 @@ CONTROL_FILE_ERROR ma_control_file_open(my_bool create_if_missing, if (new_block_size != maria_block_size && maria_block_size) { error= CONTROL_FILE_WRONG_BLOCKSIZE; - sprintf(errmsg_buff, - "Block size in control file (%u) is different than given aria_block_size: %u", - new_block_size, (uint) maria_block_size); + snprintf(errmsg_buff, sizeof(errmsg_buff), + "Block size in control file (%u) is different than given aria_block_size: %u", + new_block_size, (uint) maria_block_size); errmsg= errmsg_buff; goto err; } @@ -727,10 +727,10 @@ my_bool print_aria_log_control() new_cf_create_time_size + new_cf_changeable_size > file_size) { error= CONTROL_FILE_INCONSISTENT_INFORMATION; - sprintf(errmsg_buff, - "Sizes stored in control file are inconsistent. " - "create_time_size: %u changeable_size: %u file_size: %llu", - new_cf_create_time_size, new_cf_changeable_size, (ulonglong) file_size); + snprintf(errmsg_buff, sizeof(errmsg_buff), + "Sizes stored in control file are inconsistent. " + "create_time_size: %u changeable_size: %u file_size: %llu", + new_cf_create_time_size, new_cf_changeable_size, (ulonglong) file_size); errmsg= errmsg_buff; goto err; } diff --git a/storage/maria/ma_test1.c b/storage/maria/ma_test1.c index a14679d3a60b4..507ea1ed0caed 100644 --- a/storage/maria/ma_test1.c +++ b/storage/maria/ma_test1.c @@ -536,14 +536,14 @@ static void create_key_part(uchar *key,uint rownr) rownr&=7; /* Some identical keys */ if (keyinfo[0].seg[0].type == HA_KEYTYPE_NUM) { - sprintf((char*) key,"%*d",keyinfo[0].seg[0].length,rownr); + snprintf((char*) key, keyinfo[0].seg[0].length + 1, "%*d",keyinfo[0].seg[0].length,rownr); } else if (keyinfo[0].seg[0].type == HA_KEYTYPE_VARTEXT1 || keyinfo[0].seg[0].type == HA_KEYTYPE_VARTEXT2) { /* Alpha record */ /* Create a key that may be easily packed */ bfill(key,keyinfo[0].seg[0].length,rownr < 10 ? 'A' : 'B'); - sprintf((char*) key+keyinfo[0].seg[0].length-2,"%-2d",rownr); + snprintf((char*) key+keyinfo[0].seg[0].length-2, 3, "%-2d",rownr); if ((rownr & 7) == 0) { /* Change the key to force a unpack of the next key */ @@ -553,12 +553,12 @@ static void create_key_part(uchar *key,uint rownr) else { /* Alpha record */ if (keyinfo[0].seg[0].flag & HA_SPACE_PACK) - sprintf((char*) key,"%-*d",keyinfo[0].seg[0].length,rownr); + snprintf((char*) key, keyinfo[0].seg[0].length + 1, "%-*d",keyinfo[0].seg[0].length,rownr); else { /* Create a key that may be easily packed */ bfill(key,keyinfo[0].seg[0].length,rownr < 10 ? 'A' : 'B'); - sprintf((char*) key+keyinfo[0].seg[0].length-2,"%-2d",rownr); + snprintf((char*) key+keyinfo[0].seg[0].length-2, 3, "%-2d",rownr); if ((rownr & 7) == 0) { /* Change the key to force a unpack of the next key */ @@ -637,7 +637,7 @@ static void create_record(uchar *record,uint rownr) { size_t tmp; uchar *ptr;; - sprintf((char*) blob_record,"... row: %d", rownr); + snprintf((char*) blob_record, sizeof(blob_record), "... row: %d", rownr); strappend((char*) blob_record,MY_MAX(MAX_REC_LENGTH-rownr,10),' '); tmp=strlen((char*) blob_record); int4store(pos,tmp); @@ -647,7 +647,9 @@ static void create_record(uchar *record,uint rownr) else if (recinfo[1].type == FIELD_VARCHAR) { size_t tmp, pack_length= HA_VARCHAR_PACKLENGTH(recinfo[1].length-1); - sprintf((char*) pos+pack_length, "... row: %d", rownr); + snprintf((char*) pos+pack_length, + MAX_REC_LENGTH - ((char*) pos + pack_length - (char*) record), + "... row: %d", rownr); tmp= strlen((char*) pos+pack_length); if (pack_length == 1) *pos= (uchar) tmp; @@ -656,7 +658,8 @@ static void create_record(uchar *record,uint rownr) } else { - sprintf((char*) pos,"... row: %d", rownr); + snprintf((char*) pos, MAX_REC_LENGTH - ((char*) pos - (char*) record), + "... row: %d", rownr); strappend((char*) pos,recinfo[1].length,' '); } } diff --git a/storage/maria/ma_test2.c b/storage/maria/ma_test2.c index 400e6193695c1..216b19f2cc013 100644 --- a/storage/maria/ma_test2.c +++ b/storage/maria/ma_test2.c @@ -258,7 +258,7 @@ int main(int argc, char *argv[]) { ulong blob_length; n1=rnd(1000); n2=rnd(100); n3=rnd(5000); - sprintf((char*) record,"%6d:%4d:%8d:Pos: %4d ",n1,n2,n3,write_count); + snprintf((char*) record, sizeof(record), "%6d:%4d:%8d:Pos: %4d ",n1,n2,n3,write_count); int4store(record+STANDARD_LENGTH-4,(long) i); fix_length(record,(uint) STANDARD_LENGTH+rnd(60)); put_blob_in_record(record+blob_pos,&blob_buffer, &blob_length); @@ -289,7 +289,7 @@ int main(int argc, char *argv[]) for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (!j) for (j=999 ; j>0 && key1[j] == 0 ; j--) ; - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (maria_rkey(file,read_record,0,key,HA_WHOLE_KEY,HA_READ_KEY_EXACT)) { printf("Test in loop: Can't find key: \"%s\"\n",key); @@ -329,7 +329,7 @@ int main(int argc, char *argv[]) for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (j != 0) { - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (maria_rkey(file,read_record,0,key,HA_WHOLE_KEY,HA_READ_KEY_EXACT)) { printf("can't find key1: \"%s\"\n",key); @@ -373,14 +373,14 @@ int main(int argc, char *argv[]) for (i=0 ; i < update_count ; i++) { n1=rnd(1000); n2=rnd(100); n3=rnd(5000); - sprintf((char*) record2,"%6d:%4d:%8d:XXX: %4d ",n1,n2,n3,update); + snprintf((char*) record2, sizeof(record2), "%6d:%4d:%8d:XXX: %4d ",n1,n2,n3,update); int4store(record2+STANDARD_LENGTH-4,(long) i); fix_length(record2,(uint) STANDARD_LENGTH+rnd(60)); for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (j != 0) { - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (maria_rkey(file,read_record,0,key,HA_WHOLE_KEY,HA_READ_KEY_EXACT)) { printf("can't find key1: \"%s\"\n", (char*) key); @@ -436,7 +436,7 @@ int main(int argc, char *argv[]) dupp_keys=key1[i]; j=i; } } - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); start=keyinfo[0].seg[0].start; length=keyinfo[0].seg[0].length; if (dupp_keys) @@ -749,8 +749,8 @@ int main(int argc, char *argv[]) key_range min_key, max_key; if (j > k) swap_variables(int, j, k); - sprintf((char*) key,"%6d",j); - sprintf((char*) key2,"%6d",k); + snprintf((char*) key, sizeof(key), "%6d",j); + snprintf((char*) key2, sizeof(key2), "%6d",k); min_key.key= key; min_key.keypart_map= HA_WHOLE_KEY; @@ -794,11 +794,11 @@ int main(int argc, char *argv[]) if (verbose) { char buff[80]; - get_date(buff,3,info.create_time); + get_date(buff,sizeof(buff),3,info.create_time); printf("info: Created %s\n",buff); - get_date(buff,3,info.check_time); + get_date(buff,sizeof(buff),3,info.check_time); printf("info: checked %s\n",buff); - get_date(buff,3,info.update_time); + get_date(buff,sizeof(buff),3,info.update_time); printf("info: Modified %s\n",buff); } diff --git a/storage/maria/test_ma_backup.c b/storage/maria/test_ma_backup.c index 288491ff9a08c..fd9268acb328d 100644 --- a/storage/maria/test_ma_backup.c +++ b/storage/maria/test_ma_backup.c @@ -340,14 +340,14 @@ static void create_key_part(uchar *key,uint rownr) { if (keyinfo[0].seg[0].type == HA_KEYTYPE_NUM) { - sprintf((char*) key,"%*d",keyinfo[0].seg[0].length,rownr); + snprintf((char*) key, UINT_MAX, "%*d",keyinfo[0].seg[0].length,rownr); } else if (keyinfo[0].seg[0].type == HA_KEYTYPE_VARTEXT1 || keyinfo[0].seg[0].type == HA_KEYTYPE_VARTEXT2) { /* Alpha record */ /* Create a key that may be easily packed */ bfill(key,keyinfo[0].seg[0].length,rownr < 10 ? 'A' : 'B'); - sprintf((char*) key+keyinfo[0].seg[0].length-2,"%-2d",rownr % 100); + snprintf((char*) key+keyinfo[0].seg[0].length-2, 3, "%-2d",rownr % 100); if ((rownr & 7) == 0) { /* Change the key to force a unpack of the next key */ @@ -357,12 +357,12 @@ static void create_key_part(uchar *key,uint rownr) else { /* Alpha record */ if (keyinfo[0].seg[0].flag & HA_SPACE_PACK) - sprintf((char*) key,"%-*d",keyinfo[0].seg[0].length,rownr); + snprintf((char*) key, keyinfo[0].seg[0].length + 1, "%-*d",keyinfo[0].seg[0].length,rownr); else { /* Create a key that may be easily packed */ bfill(key,keyinfo[0].seg[0].length,rownr < 10 ? 'A' : 'B'); - sprintf((char*) key+keyinfo[0].seg[0].length-2,"%-2d",rownr % 100); + snprintf((char*) key+keyinfo[0].seg[0].length-2, 3, "%-2d",rownr % 100); if ((rownr & 7) == 0) { /* Change the key to force a unpack of the next key */ @@ -417,7 +417,7 @@ static void create_record(uchar *record,uint rownr) { size_t tmp; uchar *ptr;; - sprintf((char*) blob_record,"... row: %d", rownr); + snprintf((char*) blob_record, sizeof(blob_record), "... row: %d", rownr); strappend((char*) blob_record, rownr % MAX_REC_LENGTH,'x'); tmp=strlen((char*) blob_record); int4store(pos,tmp); @@ -427,7 +427,7 @@ static void create_record(uchar *record,uint rownr) else if (recinfo[1].type == FIELD_VARCHAR) { size_t tmp, pack_length= HA_VARCHAR_PACKLENGTH(recinfo[1].length-1); - sprintf((char*) pos+pack_length, "... row: %d", rownr); + snprintf((char*) pos+pack_length, MAX_REC_LENGTH, "... row: %d", rownr); tmp= strlen((char*) pos+pack_length); if (pack_length == 1) *pos= (uchar) tmp; @@ -436,7 +436,7 @@ static void create_record(uchar *record,uint rownr) } else { - sprintf((char*) pos,"... row: %d", rownr); + snprintf((char*) pos, MAX_REC_LENGTH, "... row: %d", rownr); strappend((char*) pos,recinfo[1].length,' '); } } diff --git a/storage/mroonga/ha_mroonga.cpp b/storage/mroonga/ha_mroonga.cpp index cd5f420a625b5..256ee00ca0801 100644 --- a/storage/mroonga/ha_mroonga.cpp +++ b/storage/mroonga/ha_mroonga.cpp @@ -3753,8 +3753,9 @@ bool ha_mroonga::storage_create_foreign_key(TABLE *table, if (!grn_table_ref) { error = ER_CANT_CREATE_TABLE; char err_msg[MRN_BUFFER_SIZE]; - sprintf(err_msg, "reference table [%s.%s] is not mroonga table", - table->s->db.str, ref_table_name.str); + snprintf(err_msg, MRN_BUFFER_SIZE, + "reference table [%s.%s] is not mroonga table", + table->s->db.str, ref_table_name.str); my_message(error, err_msg, MYF(0)); DBUG_RETURN(false); } @@ -3770,8 +3771,9 @@ bool ha_mroonga::storage_create_foreign_key(TABLE *table, grn_obj_unlink(ctx, grn_table_ref); error = ER_CANT_CREATE_TABLE; char err_msg[MRN_BUFFER_SIZE]; - sprintf(err_msg, "reference table [%s.%s] is not found", - table->s->db.str, ref_table_name.str); + snprintf(err_msg, MRN_BUFFER_SIZE, + "reference table [%s.%s] is not found", + table->s->db.str, ref_table_name.str); my_message(error, err_msg, MYF(0)); DBUG_RETURN(false); } @@ -3783,8 +3785,9 @@ bool ha_mroonga::storage_create_foreign_key(TABLE *table, grn_obj_unlink(ctx, grn_table_ref); error = ER_CANT_CREATE_TABLE; char err_msg[MRN_BUFFER_SIZE]; - sprintf(err_msg, "reference table [%s.%s] has no primary key", - table->s->db.str, ref_table_name.str); + snprintf(err_msg, MRN_BUFFER_SIZE, + "reference table [%s.%s] has no primary key", + table->s->db.str, ref_table_name.str); my_message(error, err_msg, MYF(0)); DBUG_RETURN(false); } @@ -3797,9 +3800,9 @@ bool ha_mroonga::storage_create_foreign_key(TABLE *table, grn_obj_unlink(ctx, grn_table_ref); error = ER_CANT_CREATE_TABLE; char err_msg[MRN_BUFFER_SIZE]; - sprintf(err_msg, - "reference table [%s.%s] primary key is multiple column", - table->s->db.str, ref_table_name.str); + snprintf(err_msg, MRN_BUFFER_SIZE, + "reference table [%s.%s] primary key is multiple column", + table->s->db.str, ref_table_name.str); my_message(error, err_msg, MYF(0)); DBUG_RETURN(false); } @@ -3811,9 +3814,9 @@ bool ha_mroonga::storage_create_foreign_key(TABLE *table, grn_obj_unlink(ctx, grn_table_ref); error = ER_CANT_CREATE_TABLE; char err_msg[MRN_BUFFER_SIZE]; - sprintf(err_msg, - "reference column [%s.%s.%s] is not used for primary key", - table->s->db.str, ref_table_name.str, ref_field_name.str); + snprintf(err_msg, MRN_BUFFER_SIZE, + "reference column [%s.%s.%s] is not used for primary key", + table->s->db.str, ref_table_name.str, ref_field_name.str); my_message(error, err_msg, MYF(0)); DBUG_RETURN(false); } @@ -9059,7 +9062,7 @@ void ha_mroonga::push_warning_unsupported_spatial_index_search(enum ha_rkey_func } else if (flag & HA_READ_MBR_EQUAL) { strcpy(search_name, "equal"); } else { - sprintf(search_name, "unknown: %d", flag); + snprintf(search_name, MRN_BUFFER_SIZE, "unknown: %d", flag); } push_warning_printf(ha_thd(), MRN_SEVERITY_WARNING, @@ -9648,11 +9651,11 @@ grn_obj *ha_mroonga::find_tokenizer(const char *name, int name_length) tokenizer = grn_ctx_get(ctx, name, name_length); if (!tokenizer) { char message[MRN_BUFFER_SIZE]; - sprintf(message, - "specified tokenizer for fulltext index <%.*s> doesn't exist. " - "The default tokenizer for fulltext index <%s> is used instead.", - name_length, name, - MRN_DEFAULT_TOKENIZER); + snprintf(message, MRN_BUFFER_SIZE, + "specified tokenizer for fulltext index <%.*s> doesn't exist. " + "The default tokenizer for fulltext index <%s> is used instead.", + name_length, name, + MRN_DEFAULT_TOKENIZER); push_warning(ha_thd(), MRN_SEVERITY_WARNING, ER_UNSUPPORTED_EXTENSION, message); @@ -9817,9 +9820,9 @@ bool ha_mroonga::find_token_filters_put(grn_obj *token_filters, return true; } else { char message[MRN_BUFFER_SIZE]; - sprintf(message, - "nonexistent token filter: <%.*s>", - token_filter_name_length, token_filter_name); + snprintf(message, MRN_BUFFER_SIZE, + "nonexistent token filter: <%.*s>", + token_filter_name_length, token_filter_name); push_warning(ha_thd(), MRN_SEVERITY_WARNING, ER_UNSUPPORTED_EXTENSION, message); @@ -9874,12 +9877,12 @@ bool ha_mroonga::find_token_filters_fill(grn_obj *token_filters, break_loop: if (!name_start) { char message[MRN_BUFFER_SIZE]; - sprintf(message, - "empty token filter name: " - "<%.*s|%.*s|%.*s>", - (int)(last_name_end - start), start, - (int)(current - last_name_end), last_name_end, - (int)(end - current), current); + snprintf(message, MRN_BUFFER_SIZE, + "empty token filter name: " + "<%.*s|%.*s|%.*s>", + (int)(last_name_end - start), start, + (int)(current - last_name_end), last_name_end, + (int)(end - current), current); push_warning(ha_thd(), MRN_SEVERITY_WARNING, ER_UNSUPPORTED_EXTENSION, message); diff --git a/storage/mroonga/udf/mrn_udf_highlight_html.cpp b/storage/mroonga/udf/mrn_udf_highlight_html.cpp index 5085a885fe030..8bc475fed7ed7 100644 --- a/storage/mroonga/udf/mrn_udf_highlight_html.cpp +++ b/storage/mroonga/udf/mrn_udf_highlight_html.cpp @@ -287,10 +287,10 @@ MRN_API my_bool mroonga_highlight_html_init(UDF_INIT *init, info->use_shared_db = false; } if (!info->db) { - sprintf(message, - "mroonga_highlight_html(): failed to %s: %s", - action, - info->ctx->errbuf); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_highlight_html(): failed to %s: %s", + action, + info->ctx->errbuf); goto error; } } diff --git a/storage/mroonga/udf/mrn_udf_normalize.cpp b/storage/mroonga/udf/mrn_udf_normalize.cpp index 5c34e9b0ec74f..6fb2d1d00e55d 100644 --- a/storage/mroonga/udf/mrn_udf_normalize.cpp +++ b/storage/mroonga/udf/mrn_udf_normalize.cpp @@ -64,9 +64,9 @@ MRN_API my_bool mroonga_normalize_init(UDF_INIT *init, UDF_ARGS *args, } if (!(1 <= args->arg_count && args->arg_count <= 2)) { - sprintf(message, - "mroonga_normalize(): Incorrect number of arguments: %u for 1..2", - args->arg_count); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_normalize(): Incorrect number of arguments: %u for 1..2", + args->arg_count); goto error; } if (args->arg_type[0] != STRING_RESULT) { @@ -111,10 +111,10 @@ MRN_API my_bool mroonga_normalize_init(UDF_INIT *init, UDF_ARGS *args, info->use_shared_db = false; } if (!info->db) { - sprintf(message, - "mroonga_normalize(): failed to %s: %s", - action, - info->ctx->errbuf); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_normalize(): failed to %s: %s", + action, + info->ctx->errbuf); goto error; } } @@ -125,8 +125,9 @@ MRN_API my_bool mroonga_normalize_init(UDF_INIT *init, UDF_ARGS *args, info->normalizer = grn_ctx_get(info->ctx, args->args[1], args->lengths[1]); } if (!info->normalizer) { - sprintf(message, "mroonga_normalize(): nonexistent normalizer %.*s", - (int)args->lengths[1], args->args[1]); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_normalize(): nonexistent normalizer %.*s", + (int)args->lengths[1], args->args[1]); goto error; } info->flags = 0; diff --git a/storage/mroonga/udf/mrn_udf_query_expand.cpp b/storage/mroonga/udf/mrn_udf_query_expand.cpp index 4ecafe1812b6d..433b98b303e83 100644 --- a/storage/mroonga/udf/mrn_udf_query_expand.cpp +++ b/storage/mroonga/udf/mrn_udf_query_expand.cpp @@ -85,9 +85,9 @@ MRN_API my_bool mroonga_query_expand_init(UDF_INIT *init, } if (args->arg_count != 4) { - sprintf(message, - "mroonga_query_expand(): wrong number of arguments: %u for 4", - args->arg_count); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_query_expand(): wrong number of arguments: %u for 4", + args->arg_count); goto error; } if (args->arg_type[0] != STRING_RESULT) { diff --git a/storage/mroonga/udf/mrn_udf_snippet.cpp b/storage/mroonga/udf/mrn_udf_snippet.cpp index 53058bf02f5e4..a0b5906267d5f 100644 --- a/storage/mroonga/udf/mrn_udf_snippet.cpp +++ b/storage/mroonga/udf/mrn_udf_snippet.cpp @@ -147,8 +147,9 @@ MRN_API my_bool mroonga_snippet_init(UDF_INIT *init, UDF_ARGS *args, char *messa } if (args->arg_count < 11 || (args->arg_count - 11) % 3) { - sprintf(message, "Incorrect number of arguments for mroonga_snippet(): %u", - args->arg_count); + snprintf(message, MYSQL_ERRMSG_SIZE, + "Incorrect number of arguments for mroonga_snippet(): %u", + args->arg_count); goto error; } if (args->arg_type[0] != STRING_RESULT) { @@ -181,8 +182,9 @@ MRN_API my_bool mroonga_snippet_init(UDF_INIT *init, UDF_ARGS *args, char *messa } for (i = 6; i < args->arg_count; i++) { if (args->arg_type[i] != STRING_RESULT) { - sprintf(message, "mroonga_snippet() requires string for %uth argument", - i); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_snippet() requires string for %uth argument", + i); goto error; } } @@ -213,10 +215,10 @@ MRN_API my_bool mroonga_snippet_init(UDF_INIT *init, UDF_ARGS *args, char *messa snip_info->use_shared_db = false; } if (!snip_info->db) { - sprintf(message, - "mroonga_snippet(): failed to %s: %s", - action, - snip_info->ctx->errbuf); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_snippet(): failed to %s: %s", + action, + snip_info->ctx->errbuf); goto error; } } diff --git a/storage/mroonga/udf/mrn_udf_snippet_html.cpp b/storage/mroonga/udf/mrn_udf_snippet_html.cpp index 3acdef03f54aa..bbba8820a7642 100644 --- a/storage/mroonga/udf/mrn_udf_snippet_html.cpp +++ b/storage/mroonga/udf/mrn_udf_snippet_html.cpp @@ -268,10 +268,10 @@ MRN_API my_bool mroonga_snippet_html_init(UDF_INIT *init, info->use_shared_db = false; } if (!info->db) { - sprintf(message, - "mroonga_snippet_html(): failed to %s: %s", - action, - info->ctx->errbuf); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_snippet_html(): failed to %s: %s", + action, + info->ctx->errbuf); goto error; } } diff --git a/storage/myisam/mi_test1.c b/storage/myisam/mi_test1.c index b64b5e101ca66..9b94b85bf54af 100644 --- a/storage/myisam/mi_test1.c +++ b/storage/myisam/mi_test1.c @@ -345,14 +345,14 @@ static void create_key_part(uchar *key,uint rownr) rownr&=7; /* Some identical keys */ if (keyinfo[0].seg[0].type == HA_KEYTYPE_NUM) { - sprintf((char*) key,"%*d",keyinfo[0].seg[0].length,rownr); + snprintf((char*) key, UINT_MAX, "%*d",keyinfo[0].seg[0].length,rownr); } else if (keyinfo[0].seg[0].type == HA_KEYTYPE_VARTEXT1 || keyinfo[0].seg[0].type == HA_KEYTYPE_VARTEXT2) { /* Alpha record */ /* Create a key that may be easily packed */ bfill(key,keyinfo[0].seg[0].length,rownr < 10 ? 'A' : 'B'); - sprintf((char*) key+keyinfo[0].seg[0].length-2,"%-2d",rownr); + snprintf((char*) key+keyinfo[0].seg[0].length-2, 3, "%-2d",rownr); if ((rownr & 7) == 0) { /* Change the key to force a unpack of the next key */ @@ -362,12 +362,12 @@ static void create_key_part(uchar *key,uint rownr) else { /* Alpha record */ if (keyinfo[0].seg[0].flag & HA_SPACE_PACK) - sprintf((char*) key,"%-*d",keyinfo[0].seg[0].length,rownr); + snprintf((char*) key, keyinfo[0].seg[0].length + 1, "%-*d",keyinfo[0].seg[0].length,rownr); else { /* Create a key that may be easily packed */ bfill(key,keyinfo[0].seg[0].length,rownr < 10 ? 'A' : 'B'); - sprintf((char*) key+keyinfo[0].seg[0].length-2,"%-2d",rownr); + snprintf((char*) key+keyinfo[0].seg[0].length-2, 3, "%-2d",rownr); if ((rownr & 7) == 0) { /* Change the key to force a unpack of the next key */ @@ -446,7 +446,7 @@ static void create_record(uchar *record,uint rownr) { size_t tmp; uchar *ptr;; - sprintf((char*) blob_record,"... row: %d", rownr); + snprintf((char*) blob_record, sizeof(blob_record), "... row: %d", rownr); strappend((char*) blob_record,MY_MAX(MAX_REC_LENGTH-rownr,10),' '); tmp=strlen((char*) blob_record); int4store(pos,tmp); @@ -456,7 +456,7 @@ static void create_record(uchar *record,uint rownr) else if (recinfo[2].type == FIELD_VARCHAR) { size_t tmp, pack_length= HA_VARCHAR_PACKLENGTH(recinfo[1].length-1); - sprintf((char*) pos+pack_length, "... row: %d", rownr); + snprintf((char*) pos+pack_length, MAX_REC_LENGTH, "... row: %d", rownr); tmp= strlen((char*) pos+pack_length); if (pack_length == 1) *pos= (uchar) tmp; @@ -465,7 +465,7 @@ static void create_record(uchar *record,uint rownr) } else { - sprintf((char*) pos,"... row: %d", rownr); + snprintf((char*) pos, MAX_REC_LENGTH, "... row: %d", rownr); strappend((char*) pos,recinfo[2].length,' '); } } diff --git a/storage/myisam/mi_test2.c b/storage/myisam/mi_test2.c index 4b5039eea5ba6..0eed61ae58731 100644 --- a/storage/myisam/mi_test2.c +++ b/storage/myisam/mi_test2.c @@ -226,7 +226,7 @@ int main(int argc, char *argv[]) for (i=0 ; i < recant ; i++) { n1=rnd(1000); n2=rnd(100); n3=rnd(5000); - sprintf((char*) record,"%6d:%4d:%8d:Pos: %4d ",n1,n2,n3,write_count); + snprintf((char*) record, sizeof(record), "%6d:%4d:%8d:Pos: %4d ",n1,n2,n3,write_count); int4store(record+STANDARD_LENGTH-4,(long) i); fix_length(record,(uint) STANDARD_LENGTH+rnd(60)); put_blob_in_record(record+blob_pos,&blob_buffer); @@ -257,7 +257,7 @@ int main(int argc, char *argv[]) for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (!j) for (j=999 ; j>0 && key1[j] == 0 ; j--) ; - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (mi_rkey(file,read_record,0,key,HA_WHOLE_KEY,HA_READ_KEY_EXACT)) { printf("Test in loop: Can't find key: \"%s\"\n",key); @@ -286,7 +286,7 @@ int main(int argc, char *argv[]) for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (j != 0) { - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (mi_rkey(file,read_record,0,key,HA_WHOLE_KEY,HA_READ_KEY_EXACT)) { printf("can't find key1: \"%s\"\n",key); @@ -313,14 +313,14 @@ int main(int argc, char *argv[]) for (i=0 ; i0 && key1[j] == 0 ; j--) ; if (j != 0) { - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (mi_rkey(file,read_record,0,key,HA_WHOLE_KEY,HA_READ_KEY_EXACT)) { printf("can't find key1: \"%s\"\n",(char*) key); @@ -363,7 +363,7 @@ int main(int argc, char *argv[]) dupp_keys=key1[i]; j=i; } } - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); start=keyinfo[0].seg[0].start; length=keyinfo[0].seg[0].length; if (dupp_keys) @@ -650,8 +650,8 @@ int main(int argc, char *argv[]) page_range pages; if (j > k) swap_variables(int, j, k); - sprintf((char*) key,"%6d",j); - sprintf((char*) key2,"%6d",k); + snprintf((char*) key, sizeof(key), "%6d",j); + snprintf((char*) key2, sizeof(key2), "%6d",k); min_key.key= key; min_key.keypart_map= HA_WHOLE_KEY; @@ -693,11 +693,11 @@ int main(int argc, char *argv[]) if (verbose) { char buff[80]; - get_date(buff,3,info.create_time); + get_date(buff,sizeof(buff),3,info.create_time); printf("info: Created %s\n",buff); - get_date(buff,3,info.check_time); + get_date(buff,sizeof(buff),3,info.check_time); printf("info: checked %s\n",buff); - get_date(buff,3,info.update_time); + get_date(buff,sizeof(buff),3,info.update_time); printf("info: Modified %s\n",buff); } diff --git a/storage/myisam/myisamchk.c b/storage/myisam/myisamchk.c index 21ded5a26dfae..6c4f1c70ff883 100644 --- a/storage/myisam/myisamchk.c +++ b/storage/myisam/myisamchk.c @@ -1293,12 +1293,12 @@ static void descript(HA_CHECK *param, register MI_INFO *info, char * name) (int) share->state.header.file_version[3]); if (share->state.create_time) { - get_date(buff,1,share->state.create_time); + get_date(buff,sizeof(buff),1,share->state.create_time); printf("Creation time: %s\n",buff); } if (share->state.check_time) { - get_date(buff,1,share->state.check_time); + get_date(buff,sizeof(buff),1,share->state.check_time); printf("Recover time: %s\n",buff); } pos=buff; @@ -1495,7 +1495,7 @@ static void descript(HA_CHECK *param, register MI_INFO *info, char * name) end=strmov(end,"no empty, "); if (share->rec[field].pack_type & PACK_TYPE_ZERO_FILL) { - sprintf(end,"zerofill(%d), ",share->rec[field].space_length_bits); + snprintf(end, buff + sizeof(buff) - end, "zerofill(%d), ",share->rec[field].space_length_bits); end=strend(end); } } @@ -1505,8 +1505,8 @@ static void descript(HA_CHECK *param, register MI_INFO *info, char * name) null_bit[0]=null_pos[0]=0; if (share->rec[field].null_bit) { - sprintf(null_bit,"%d",share->rec[field].null_bit); - sprintf(null_pos,"%d",share->rec[field].null_pos+1); + snprintf(null_bit, sizeof(null_bit), "%d",share->rec[field].null_bit); + snprintf(null_pos, sizeof(null_pos), "%d",share->rec[field].null_pos+1); } printf("%-6d%-6d%-7s%-8s%-8s%-35s",field+1,start,length, null_pos, null_bit, buff); diff --git a/storage/myisam/myisamlog.c b/storage/myisam/myisamlog.c index d39bc51087165..24133b2b6c435 100644 --- a/storage/myisam/myisamlog.c +++ b/storage/myisam/myisamlog.c @@ -414,18 +414,20 @@ static int examine_log(char * file_name, char **table_names) left_root_right); file_info.id=open_param.max_id+1; /* - * In the line below +10 is added to accommodate '<' and '>' chars - * plus '\0' at the end, so that there is place for 7 digits. - * It is improbable that same table can have that many entries in - * the table cache. - * The additional space is needed for the sprintf commands two lines - * below. - */ + * In the line below SHOW_NAME_SUFFIX_LENGTH is added to accommodate + * '<' and '>' chars plus '\0' at the end, so that there is place + * for 7 digits. It is improbable that same table can have that + * many entries in the table cache. + * The additional space is needed for the snprintf command below. + */ +#define SHOW_NAME_SUFFIX_LENGTH 10 file_info.show_name=my_memdup(PSI_NOT_INSTRUMENTED, isam_file_name, - (uint) strlen(isam_file_name)+10, + (uint) strlen(isam_file_name)+ + SHOW_NAME_SUFFIX_LENGTH, MYF(MY_WME)); if (file_info.id > 1) - sprintf(strend(file_info.show_name),"<%d>",file_info.id); + snprintf(strend(file_info.show_name), SHOW_NAME_SUFFIX_LENGTH, + "<%d>",file_info.id); file_info.closed=1; file_info.accessed=access_time; file_info.used=1; diff --git a/storage/perfschema/table_events_statements.cc b/storage/perfschema/table_events_statements.cc index 7801dab508600..22ba5331c6653 100644 --- a/storage/perfschema/table_events_statements.cc +++ b/storage/perfschema/table_events_statements.cc @@ -368,7 +368,8 @@ void table_events_statements_common::make_row_part_2(const sql_digest_storage *d { /* Generate the DIGEST string from the MD5 digest */ MD5_HASH_TO_STRING(digest->m_md5, - m_row.m_digest.m_digest); + m_row.m_digest.m_digest, + sizeof(m_row.m_digest.m_digest)); m_row.m_digest.m_digest_length= MD5_HASH_TO_STRING_LENGTH; /* Generate the DIGEST_TEXT string from the token array */ diff --git a/storage/perfschema/table_helper.cc b/storage/perfschema/table_helper.cc index dd5a765f4bf3b..6524511705879 100644 --- a/storage/perfschema/table_helper.cc +++ b/storage/perfschema/table_helper.cc @@ -135,7 +135,8 @@ int PFS_digest_row::make_row(PFS_statements_digest_stat* pfs) Calculate digest from MD5 HASH collected to be shown as DIGEST in this row. */ - MD5_HASH_TO_STRING(pfs->m_digest_storage.m_md5, m_digest); + MD5_HASH_TO_STRING(pfs->m_digest_storage.m_md5, m_digest, + sizeof(m_digest)); m_digest_length= MD5_HASH_TO_STRING_LENGTH; /* @@ -353,7 +354,7 @@ int PFS_index_row::make_row(PFS_table_share *pfs, { if (table_index < MAX_INDEXES) { - m_index_name_length= sprintf(m_index_name, "(index %d)", table_index); + m_index_name_length= snprintf(m_index_name, sizeof(m_index_name), "(index %d)", table_index); } else { diff --git a/storage/perfschema/table_helper.h b/storage/perfschema/table_helper.h index 87572ef2525e9..35039b47ccc8e 100644 --- a/storage/perfschema/table_helper.h +++ b/storage/perfschema/table_helper.h @@ -34,16 +34,17 @@ Write MD5 hash value in a string to be used as DIGEST for the statement. */ -#define MD5_HASH_TO_STRING(_hash, _str) \ - sprintf(_str, "%02x%02x%02x%02x%02x%02x%02x%02x" \ - "%02x%02x%02x%02x%02x%02x%02x%02x", \ - _hash[0], _hash[1], _hash[2], _hash[3], \ - _hash[4], _hash[5], _hash[6], _hash[7], \ - _hash[8], _hash[9], _hash[10], _hash[11], \ - _hash[12], _hash[13], _hash[14], _hash[15]) - #define MD5_HASH_TO_STRING_LENGTH 32 +#define MD5_HASH_TO_STRING(_hash, _str, _size) \ + snprintf(_str, _size, \ + "%02x%02x%02x%02x%02x%02x%02x%02x" \ + "%02x%02x%02x%02x%02x%02x%02x%02x", \ + _hash[0], _hash[1], _hash[2], _hash[3], \ + _hash[4], _hash[5], _hash[6], _hash[7], \ + _hash[8], _hash[9], _hash[10], _hash[11], \ + _hash[12], _hash[13], _hash[14], _hash[15]) + struct PFS_host; struct PFS_user; struct PFS_account; diff --git a/storage/perfschema/table_processlist.cc b/storage/perfschema/table_processlist.cc index 8c91a5230e92e..0f6c390f05086 100644 --- a/storage/perfschema/table_processlist.cc +++ b/storage/perfschema/table_processlist.cc @@ -267,7 +267,7 @@ void table_processlist::make_row(PFS_thread *pfs) { if (m_row.m_hostname_length > 0 && m_row.m_port != 0) { /* Create HOST:PORT. */ char str_port[10]; - sprintf(str_port, ":%d", m_row.m_port); + snprintf(str_port, sizeof(str_port), ":%d", m_row.m_port); std::string host(m_row.m_hostname, m_row.m_hostname_length); std::string host_ip = host + str_port; m_row.m_hostname_length = diff --git a/storage/spider/spd_conn.cc b/storage/spider/spd_conn.cc index 83262253f1272..553c4dfced27a 100644 --- a/storage/spider/spd_conn.cc +++ b/storage/spider/spd_conn.cc @@ -3307,8 +3307,8 @@ int spider_create_mon_threads( share->static_link_ids_lengths[roop_count] + 1); link_idx_str_length = share->static_link_ids_lengths[roop_count]; } else { - link_idx_str_length = my_sprintf(link_idx_str, (link_idx_str, - "%010d", roop_count)); + link_idx_str_length = snprintf(link_idx_str, sizeof(link_idx_str), + "%010d", roop_count); } conv_name_str.q_append(link_idx_str, link_idx_str_length + 1); conv_name_str.length(conv_name_str.length() - 1); diff --git a/storage/spider/spd_db_conn.cc b/storage/spider/spd_db_conn.cc index adca8dc0ea1ae..ea3d2978cf0ca 100644 --- a/storage/spider/spd_db_conn.cc +++ b/storage/spider/spd_db_conn.cc @@ -1130,7 +1130,7 @@ void spider_db_append_xid_str( DBUG_ENTER("spider_db_append_xid_str"); format_id_length = - my_sprintf(format_id, (format_id, "%lu", xid->formatID)); + snprintf(format_id, sizeof(format_id), "%lu", xid->formatID); spider_db_append_hex_string(tmp_str, (uchar *) xid->data, xid->gtrid_length); /* tmp_str->q_append(SPIDER_SQL_VALUE_QUOTE_STR, SPIDER_SQL_VALUE_QUOTE_LEN); @@ -1401,7 +1401,7 @@ int spider_db_append_key_columns( start_key_part_map >>= 1, key_count++ ) { - key_name_length = my_sprintf(tmp_buf, (tmp_buf, "c%u", key_count)); + key_name_length = snprintf(tmp_buf, sizeof(tmp_buf), "c%u", key_count); if (str->reserve(key_name_length + SPIDER_SQL_COMMA_LEN)) DBUG_RETURN(HA_ERR_OUT_OF_MEM); str->q_append(tmp_buf, key_name_length); @@ -8671,8 +8671,8 @@ int spider_db_udf_ping_table_append_mon_next( where_clause_str.init_calc_mem(SPD_MID_DB_UDF_PING_TABLE_APPEND_MON_NEXT_2); child_table_name_str.length(child_table_name_length); where_clause_str.length(where_clause_length); - limit_str_length = my_sprintf(limit_str, (limit_str, "%lld", limit)); - sid_str_length = my_sprintf(sid_str, (sid_str, "%lld", first_sid)); + limit_str_length = snprintf(limit_str, sizeof(limit_str), "%lld", limit); + sid_str_length = snprintf(sid_str, sizeof(sid_str), "%lld", first_sid); if (str->reserve( SPIDER_SQL_SELECT_LEN + SPIDER_SQL_PING_TABLE_LEN + @@ -8769,7 +8769,7 @@ int spider_db_udf_ping_table_append_select( str->append_escape_string(where_str->ptr(), where_str->length()); } } else { - limit_str_length = my_sprintf(limit_str, (limit_str, "%lld", limit)); + limit_str_length = snprintf(limit_str, sizeof(limit_str), "%lld", limit); if (str->reserve( (use_where ? (where_str->length() * 2) : 0) + SPIDER_SQL_LIMIT_LEN + limit_str_length diff --git a/storage/spider/spd_db_mysql.cc b/storage/spider/spd_db_mysql.cc index 81b0c67c17707..2858b56c36048 100644 --- a/storage/spider/spd_db_mysql.cc +++ b/storage/spider/spd_db_mysql.cc @@ -2751,7 +2751,7 @@ int spider_db_mbase::set_wait_timeout( sql_str.init_calc_mem(SPD_MID_DB_MBASE_SET_WAIT_TIMEOUT_1); sql_str.length(0); timeout_str_length = - my_sprintf(timeout_str, (timeout_str, "%d", wait_timeout)); + snprintf(timeout_str, sizeof(timeout_str), "%d", wait_timeout); if (sql_str.reserve(SPIDER_SQL_WAIT_TIMEOUT_LEN + timeout_str_length)) DBUG_RETURN(HA_ERR_OUT_OF_MEM); sql_str.q_append(SPIDER_SQL_WAIT_TIMEOUT_STR, SPIDER_SQL_WAIT_TIMEOUT_LEN); @@ -3750,7 +3750,7 @@ int spider_db_mbase_util::append_wait_timeout( DBUG_ENTER("spider_db_mbase_util::append_wait_timeout"); DBUG_PRINT("info",("spider this=%p", this)); timeout_str_length = - my_sprintf(timeout_str, (timeout_str, "%d", wait_timeout)); + snprintf(timeout_str, sizeof(timeout_str), "%d", wait_timeout); if (str->reserve(SPIDER_SQL_SEMICOLON_LEN + SPIDER_SQL_WAIT_TIMEOUT_LEN + timeout_str_length)) { @@ -7784,7 +7784,7 @@ int spider_mbase_handler::append_key_column_types( key_count++ ) { field = key_part->field; - key_name_length = my_sprintf(tmp_buf, (tmp_buf, "c%u", key_count)); + key_name_length = snprintf(tmp_buf, sizeof(tmp_buf), "c%u", key_count); if (str->reserve(key_name_length + SPIDER_SQL_SPACE_LEN)) DBUG_RETURN(HA_ERR_OUT_OF_MEM); str->q_append(tmp_buf, key_name_length); @@ -7864,7 +7864,7 @@ int spider_mbase_handler::append_key_join_columns_for_bka( field = key_part->field; key_name_length = mysql_share->column_name_str[field->field_index].length(); - length = my_sprintf(tmp_buf, (tmp_buf, "c%u", key_count)); + length = snprintf(tmp_buf, sizeof(tmp_buf), "c%u", key_count); if (str->reserve(length + table_alias_lengths[0] + key_name_length + /* SPIDER_SQL_NAME_QUOTE_LEN */ 2 + table_alias_lengths[1] + SPIDER_SQL_PF_EQUAL_LEN + SPIDER_SQL_AND_LEN)) @@ -7896,8 +7896,8 @@ int spider_mbase_handler::append_tmp_table_and_sql_for_bka( table_dot_alias_lengths[2]; tgt_table_name_str.init_calc_mem(SPD_MID_MBASE_HANDLER_APPEND_TMP_TABLE_AND_SQL_FOR_BKA_1); tgt_table_name_str.length(0); - create_tmp_bka_table_name(tmp_table_name, &tmp_table_name_length, - first_link_idx); + create_tmp_bka_table_name(tmp_table_name, sizeof(tmp_table_name), + &tmp_table_name_length, first_link_idx); if ((error_num = append_table_name_with_adjusting(&tgt_table_name_str, first_link_idx, SPIDER_SQL_TYPE_SELECT_SQL))) { @@ -7992,6 +7992,7 @@ int spider_mbase_handler::reuse_tmp_table_and_sql_for_bka() void spider_mbase_handler::create_tmp_bka_table_name( char *tmp_table_name, + size_t tmp_table_name_size, int *tmp_table_name_length, int link_idx ) { @@ -8013,9 +8014,9 @@ void spider_mbase_handler::create_tmp_bka_table_name( memcpy(tmp_table_name, mysql_share->db_names_str[link_idx].c_ptr(), mysql_share->db_names_str[link_idx].length()); tmp_table_name += mysql_share->db_names_str[link_idx].length(); - length = my_sprintf(tmp_table_name, (tmp_table_name, + length = snprintf(tmp_table_name, tmp_table_name_size, "%s%s%p%s", SPIDER_SQL_DOT_STR, SPIDER_SQL_TMP_BKA_STR, spider, - SPIDER_SQL_UNDERSCORE_STR)); + SPIDER_SQL_UNDERSCORE_STR); *tmp_table_name_length += length; tmp_table_name += length; memcpy(tmp_table_name, @@ -8031,8 +8032,8 @@ void spider_mbase_handler::create_tmp_bka_table_name( memcpy(tmp_table_name, mysql_share->db_names_str[link_idx].c_ptr(), mysql_share->db_names_str[link_idx].length()); tmp_table_name += mysql_share->db_names_str[link_idx].length(); - length = my_sprintf(tmp_table_name, (tmp_table_name, - "%s%s%p", SPIDER_SQL_DOT_STR, SPIDER_SQL_TMP_BKA_STR, spider)); + length = snprintf(tmp_table_name, tmp_table_name_size, + "%s%s%p", SPIDER_SQL_DOT_STR, SPIDER_SQL_TMP_BKA_STR, spider); *tmp_table_name_length += length; } DBUG_VOID_RETURN; @@ -9602,7 +9603,7 @@ int spider_mbase_handler::append_key_column_values_with_name( DBUG_RETURN(HA_ERR_OUT_OF_MEM); } - key_name_length = my_sprintf(tmp_buf, (tmp_buf, "c%u", key_count)); + key_name_length = snprintf(tmp_buf, sizeof(tmp_buf), "c%u", key_count); if (str->reserve(SPIDER_SQL_SPACE_LEN + key_name_length + SPIDER_SQL_COMMA_LEN)) DBUG_RETURN(HA_ERR_OUT_OF_MEM); @@ -11019,8 +11020,8 @@ int spider_mbase_handler::append_multi_range_cnt( char range_cnt_str[SPIDER_SQL_INT_LEN]; DBUG_ENTER("spider_mbase_handler::append_multi_range_cnt"); DBUG_PRINT("info",("spider this=%p", this)); - range_cnt_length = my_sprintf(range_cnt_str, (range_cnt_str, "%u", - multi_range_cnt)); + range_cnt_length = snprintf(range_cnt_str, sizeof(range_cnt_str), "%u", + multi_range_cnt); if (with_comma) { if (str->reserve(range_cnt_length + SPIDER_SQL_COMMA_LEN)) @@ -11066,8 +11067,8 @@ int spider_mbase_handler::append_multi_range_cnt_with_name( char range_cnt_str[SPIDER_SQL_INT_LEN]; DBUG_ENTER("spider_mbase_handler::append_multi_range_cnt_with_name"); DBUG_PRINT("info",("spider this=%p", this)); - range_cnt_length = my_sprintf(range_cnt_str, (range_cnt_str, "%u", - multi_range_cnt)); + range_cnt_length = snprintf(range_cnt_str, sizeof(range_cnt_str), "%u", + multi_range_cnt); if (str->reserve(range_cnt_length + SPIDER_SQL_SPACE_LEN + SPIDER_SQL_ID_LEN + SPIDER_SQL_COMMA_LEN)) DBUG_RETURN(HA_ERR_OUT_OF_MEM); @@ -12285,8 +12286,8 @@ int spider_mbase_handler::set_sql_for_exec( tgt_table_name_str.length(0); if (result_list->tmp_table_join && spider->bka_mode != 2) { - create_tmp_bka_table_name(tmp_table_name, &tmp_table_name_length, - link_idx); + create_tmp_bka_table_name(tmp_table_name, sizeof(tmp_table_name), + &tmp_table_name_length, link_idx); append_table_name_with_adjusting(&tgt_table_name_str, link_idx, SPIDER_SQL_TYPE_TMP_SQL); table_names[0] = tmp_table_name; diff --git a/storage/spider/spd_db_mysql.h b/storage/spider/spd_db_mysql.h index 3279bc99d5e25..5a1493d5cbf7a 100644 --- a/storage/spider/spd_db_mysql.h +++ b/storage/spider/spd_db_mysql.h @@ -767,6 +767,7 @@ class spider_mbase_handler: public spider_db_handler int reuse_tmp_table_and_sql_for_bka() override; void create_tmp_bka_table_name( char *tmp_table_name, + size_t tmp_table_name_size, int *tmp_table_name_length, int link_idx ); diff --git a/storage/spider/spd_direct_sql.cc b/storage/spider/spd_direct_sql.cc index 975e715f517c4..33d0158a7d58a 100644 --- a/storage/spider/spd_direct_sql.cc +++ b/storage/spider/spd_direct_sql.cc @@ -249,7 +249,7 @@ int spider_udf_direct_sql_create_conn_key( tmp_name= direct_sql->conn_key + 1; spider_create_conn_key_add_one(&counter, &tmp_name, direct_sql->tgt_wrapper); spider_create_conn_key_add_one(&counter, &tmp_name, direct_sql->tgt_host); - my_sprintf(port_str, (port_str, "%05ld", direct_sql->tgt_port)); + snprintf(port_str, sizeof(port_str), "%05ld", direct_sql->tgt_port); spider_create_conn_key_add_one(&counter, &tmp_name, port_str); spider_create_conn_key_add_one(&counter, &tmp_name, direct_sql->tgt_socket); counter++; diff --git a/storage/spider/spd_group_by_handler.cc b/storage/spider/spd_group_by_handler.cc index e907d4de33ac9..7672da2e55f56 100644 --- a/storage/spider/spd_group_by_handler.cc +++ b/storage/spider/spd_group_by_handler.cc @@ -840,8 +840,8 @@ static SPIDER_TABLE_HOLDER *spider_add_table_holder( DBUG_ENTER("spider_fields::add_table"); DBUG_PRINT("info",("spider idx_for_direct_join=%u", spider_arg->idx_for_direct_join)); - length = my_sprintf(tmp_buf, (tmp_buf, "t%u", - spider_arg->idx_for_direct_join)); + length = snprintf(tmp_buf, sizeof(tmp_buf), "t%u", + spider_arg->idx_for_direct_join); str = &spider_arg->result_list.tmp_sqls[0]; str->length(0); if (str->reserve(length + SPIDER_SQL_DOT_LEN)) diff --git a/storage/spider/spd_include.h b/storage/spider/spd_include.h index b822ef475de4c..8e99ef06516f3 100644 --- a/storage/spider/spd_include.h +++ b/storage/spider/spd_include.h @@ -64,7 +64,6 @@ #undef pthread_cond_destroy #endif #define pthread_cond_destroy mysql_cond_destroy -#define my_sprintf(A,B) sprintf B #define spider_stmt_da_message(A) thd_get_error_message(A) #define spider_stmt_da_sql_errno(A) thd_get_error_number(A) diff --git a/storage/spider/spd_ping_table.cc b/storage/spider/spd_ping_table.cc index c5632f1c12c8b..bdddd9ca44e75 100644 --- a/storage/spider/spd_ping_table.cc +++ b/storage/spider/spd_ping_table.cc @@ -237,8 +237,8 @@ int spider_release_ping_table_mon_list( DBUG_PRINT("info", ("spider conv_name=%s", conv_name)); DBUG_PRINT("info", ("spider conv_name_length=%u", conv_name_length)); DBUG_PRINT("info", ("spider link_idx=%d", link_idx)); - link_idx_str_length = my_sprintf(link_idx_str, (link_idx_str, "%010d", - link_idx)); + link_idx_str_length = snprintf(link_idx_str, sizeof(link_idx_str), "%010d", + link_idx); char *buf = (char *) my_alloca(conv_name_length + link_idx_str_length + 1); if (!buf) { @@ -1181,8 +1181,8 @@ long long spider_ping_table_body( } } else { link_idx = (int) (args->args[1] ? *((longlong *) args->args[1]) : 0); - link_idx_str_length = my_sprintf(link_idx_str, (link_idx_str, "%010d", - link_idx)); + link_idx_str_length = snprintf(link_idx_str, sizeof(link_idx_str), "%010d", + link_idx); } flags = (int) (args->args[2] ? *((longlong *) args->args[2]) : 0); limit = args->args[3] ? *((longlong *) args->args[3]) : 0; @@ -1640,8 +1640,8 @@ int spider_ping_table_mon_from_table( share->static_link_ids_lengths[all_link_idx] + 1); link_idx_str_length = share->static_link_ids_lengths[all_link_idx]; } else { - link_idx_str_length = my_sprintf(link_idx_str, (link_idx_str, "%010d", - all_link_idx)); + link_idx_str_length = snprintf(link_idx_str, sizeof(link_idx_str), "%010d", + all_link_idx); } char *buf = (char *) my_alloca(conv_name_length + link_idx_str_length + 1); if (!buf) diff --git a/storage/spider/spd_table.cc b/storage/spider/spd_table.cc index 72a6b2ac3b8f5..2aaab524c6542 100644 --- a/storage/spider/spd_table.cc +++ b/storage/spider/spd_table.cc @@ -4093,7 +4093,7 @@ int spider_create_conn_keys( int counter= 0; spider_create_conn_key_add_one(&counter, &tmp_name, share->tgt_wrappers[roop_count]); spider_create_conn_key_add_one(&counter, &tmp_name, share->tgt_hosts[roop_count]); - my_sprintf(port_str, (port_str, "%05ld", share->tgt_ports[roop_count])); + snprintf(port_str, sizeof(port_str), "%05ld", share->tgt_ports[roop_count]); spider_create_conn_key_add_one(&counter, &tmp_name, port_str); spider_create_conn_key_add_one(&counter, &tmp_name, share->tgt_sockets[roop_count]); counter++; @@ -4218,7 +4218,7 @@ SPIDER_SHARE *spider_create_share( for (roop_count = 0; roop_count < (int) share->all_link_count; roop_count++) { - my_sprintf(link_idx_str, (link_idx_str, "%010d", roop_count)); + snprintf(link_idx_str, sizeof(link_idx_str), "%010d", roop_count); buf_pos = strmov(buf, share->table_name); buf_pos = strmov(buf_pos, link_idx_str); *buf_pos = '\0'; @@ -6297,9 +6297,9 @@ int spider_db_init( bzero(addr,6); } spider_unique_id.str = spider_unique_id_buf; - spider_unique_id.length = my_sprintf(spider_unique_id_buf, - (spider_unique_id_buf, "-%02x%02x%02x%02x%02x%02x-%lx-", - addr[0], addr[1], addr[2], addr[3], addr[4], addr[5], (ulong) getpid())); + spider_unique_id.length = snprintf(spider_unique_id_buf, + sizeof(spider_unique_id_buf), "-%02x%02x%02x%02x%02x%02x-%lx-", + addr[0], addr[1], addr[2], addr[3], addr[4], addr[5], (ulong) getpid()); memset(&spider_alloc_func_name, 0, sizeof(spider_alloc_func_name)); memset(&spider_alloc_file_name, 0, sizeof(spider_alloc_file_name)); diff --git a/storage/spider/spd_trx.cc b/storage/spider/spd_trx.cc index aaab62379bb3f..fe507095cb8ee 100644 --- a/storage/spider/spd_trx.cc +++ b/storage/spider/spd_trx.cc @@ -1407,18 +1407,18 @@ int spider_internal_start_trx( if (spider_param_internal_xa_id_type(thd) == 0) { trx->xid.gtrid_length - = my_sprintf(trx->xid.data, - (trx->xid.data, "%lx", thd_get_thread_id(thd))); + = snprintf(trx->xid.data, sizeof(trx->xid.data), + "%lx", thd_get_thread_id(thd)); } else { trx->xid.gtrid_length - = my_sprintf(trx->xid.data, - (trx->xid.data, "%lx%016llx", thd_get_thread_id(thd), - thd->query_id)); + = snprintf(trx->xid.data, sizeof(trx->xid.data), + "%lx%016llx", thd_get_thread_id(thd), + thd->query_id); } trx->xid.bqual_length - = my_sprintf(trx->xid.data + trx->xid.gtrid_length, - (trx->xid.data + trx->xid.gtrid_length, "%lx", - thd->variables.server_id)); + = snprintf(trx->xid.data + trx->xid.gtrid_length, + sizeof(trx->xid.data) - trx->xid.gtrid_length, "%lx", + thd->variables.server_id); #ifdef SPIDER_XID_STATE_HAS_in_thd trx->internal_xid_state.in_thd = 1; diff --git a/strings/ctype.c b/strings/ctype.c index 99a65adcbf860..b4194c2b9870a 100644 --- a/strings/ctype.c +++ b/strings/ctype.c @@ -388,7 +388,8 @@ tailoring_append(MY_XML_PARSER *st, if (MY_XML_OK == my_charset_file_tailoring_realloc(i, newlen)) { char *dst= i->tailoring + i->tailoring_length; - sprintf(dst, fmt, (int) len, attr); + snprintf(dst, i->tailoring_alloced_length - i->tailoring_length, + fmt, (int) len, attr); i->tailoring_length+= strlen(dst); return MY_XML_OK; } @@ -407,7 +408,8 @@ tailoring_append2(MY_XML_PARSER *st, if (MY_XML_OK == my_charset_file_tailoring_realloc(i, newlen)) { char *dst= i->tailoring + i->tailoring_length; - sprintf(dst, fmt, (int) len1, attr1, (int) len2, attr2); + snprintf(dst, i->tailoring_alloced_length - i->tailoring_length, + fmt, (int) len1, attr1, (int) len2, attr2); i->tailoring_length+= strlen(dst); return MY_XML_OK; } @@ -830,10 +832,11 @@ my_parse_charset_xml(MY_CHARSET_LOADER *loader, const char *buf, size_t len) if (sizeof(loader->error) > 32 + strlen(errstr)) { /* We cannot use my_snprintf() here. See previous comment. */ - sprintf(loader->error, "at line %d pos %d: %s", - my_xml_error_lineno(&p)+1, - (int) my_xml_error_pos(&p), - my_xml_error_string(&p)); + snprintf(loader->error, sizeof(loader->error), + "at line %d pos %d: %s", + my_xml_error_lineno(&p)+1, + (int) my_xml_error_pos(&p), + my_xml_error_string(&p)); } } return rc; diff --git a/strings/decimal.c b/strings/decimal.c index 7d4e183ef63bd..015c2eb5eac55 100644 --- a/strings/decimal.c +++ b/strings/decimal.c @@ -2618,7 +2618,7 @@ void test_s2d(const char *s, const char *orig, int ex) { char s1[100], *end; int res; - sprintf(s1, "'%s'", s); + snprintf(s1, sizeof(s1), "'%s'", s); end= strend(s); printf("len=%2d %-30s => res=%d ", a.len, s1, (res= string2decimal(s, &a, &end))); @@ -2632,7 +2632,7 @@ void test_d2f(const char *s, int ex) double x; int res; - sprintf(s1, "'%s'", s); + snprintf(s1, sizeof(s1), "'%s'", s); end= strend(s); string2decimal(s, &a, &end); res=decimal2double(&a, &x); @@ -2647,7 +2647,7 @@ void test_d2b2d(const char *str, int p, int s, const char *orig, int ex) uchar buf[100]; int res, i, size=decimal_bin_size(p, s); - sprintf(s1, "'%s'", str); + snprintf(s1, sizeof(s1), "'%s'", str); end= strend(str); string2decimal(str, &a, &end); res=decimal2bin(&a, buf, p, s); @@ -2742,7 +2742,7 @@ void test_da(const char *s1, const char *s2, const char *orig, int ex) { char s[100], *end; int res; - sprintf(s, "'%s' + '%s'", s1, s2); + snprintf(s, sizeof(s), "'%s' + '%s'", s1, s2); end= strend(s1); string2decimal(s1, &a, &end); end= strend(s2); @@ -2757,7 +2757,7 @@ void test_ds(const char *s1, const char *s2, const char *orig, int ex) { char s[100], *end; int res; - sprintf(s, "'%s' - '%s'", s1, s2); + snprintf(s, sizeof(s), "'%s' - '%s'", s1, s2); end= strend(s1); string2decimal(s1, &a, &end); end= strend(s2); @@ -2772,7 +2772,7 @@ void test_dc(const char *s1, const char *s2, int orig) { char s[100], *end; int res; - sprintf(s, "'%s' <=> '%s'", s1, s2); + snprintf(s, sizeof(s), "'%s' <=> '%s'", s1, s2); end= strend(s1); string2decimal(s1, &a, &end); end= strend(s2); @@ -2790,7 +2790,7 @@ void test_dm(const char *s1, const char *s2, const char *orig, int ex) { char s[100], *end; int res; - sprintf(s, "'%s' * '%s'", s1, s2); + snprintf(s, sizeof(s), "'%s' * '%s'", s1, s2); end= strend(s1); string2decimal(s1, &a, &end); end= strend(s2); @@ -2805,7 +2805,7 @@ void test_dv(const char *s1, const char *s2, const char *orig, int ex) { char s[100], *end; int res; - sprintf(s, "'%s' / '%s'", s1, s2); + snprintf(s, sizeof(s), "'%s' / '%s'", s1, s2); end= strend(s1); string2decimal(s1, &a, &end); end= strend(s2); @@ -2824,7 +2824,7 @@ void test_md(const char *s1, const char *s2, const char *orig, int ex) { char s[100], *end; int res; - sprintf(s, "'%s' %% '%s'", s1, s2); + snprintf(s, sizeof(s), "'%s' %% '%s'", s1, s2); end= strend(s1); string2decimal(s1, &a, &end); end= strend(s2); @@ -2847,7 +2847,7 @@ void test_ro(const char *s1, int n, decimal_round_mode mode, const char *orig, { char s[100], *end; int res; - sprintf(s, "'%s', %d, %s", s1, n, round_mode[mode]); + snprintf(s, sizeof(s), "'%s', %d, %s", s1, n, round_mode[mode]); end= strend(s1); string2decimal(s1, &a, &end); res=decimal_round(&a, &b, n, mode); @@ -2860,7 +2860,7 @@ void test_ro(const char *s1, int n, decimal_round_mode mode, const char *orig, void test_mx(int precision, int frac, const char *orig) { char s[100]; - sprintf(s, "%d, %d", precision, frac); + snprintf(s, sizeof(s), "%d, %d", precision, frac); max_decimal(precision, frac, &a); printf("%-40s => ", s); print_decimal(&a, orig, 0, 0); @@ -2876,8 +2876,9 @@ void test_pr(const char *s1, int prec, int dec, char filler, const char *orig, int slen= sizeof(s2); int res; - sprintf(s, filler ? "'%s', %d, %d, '%c'" : "'%s', %d, %d, '\\0'", - s1, prec, dec, filler); + snprintf(s, sizeof(s), + filler ? "'%s', %d, %d, '%c'" : "'%s', %d, %d, '\\0'", + s1, prec, dec, filler); end= strend(s1); string2decimal(s1, &a, &end); res= decimal2string(&a, s2, &slen, prec, dec, filler); @@ -2896,7 +2897,7 @@ void test_sh(const char *s1, int shift, const char *orig, int ex) { char s[100], *end; int res; - sprintf(s, "'%s' %s %d", s1, ((shift < 0) ? ">>" : "<<"), abs(shift)); + snprintf(s, sizeof(s), "'%s' %s %d", s1, ((shift < 0) ? ">>" : "<<"), abs(shift)); end= strend(s1); string2decimal(s1, &a, &end); res= decimal_shift(&a, shift); @@ -2909,7 +2910,7 @@ void test_sh(const char *s1, int shift, const char *orig, int ex) void test_fr(const char *s1, const char *orig) { char s[100], *end; - sprintf(s, "'%s'", s1); + snprintf(s, sizeof(s), "'%s'", s1); printf("%-40s => ", s); end= strend(s1); string2decimal(s1, &a, &end); diff --git a/tests/insert_test.c b/tests/insert_test.c index f2e6b61f11d0a..179199e4205ed 100644 --- a/tests/insert_test.c +++ b/tests/insert_test.c @@ -46,7 +46,7 @@ int main(int argc, char **argv) count = 0; while (count < num) { - sprintf(qbuf,INSERT_QUERY,count,count); + snprintf(qbuf,sizeof(qbuf),INSERT_QUERY,count,count); if(mysql_query(sock,qbuf)) { fprintf(stderr,"Query failed (%s)\n",mysql_error(sock)); diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index 2c2c2b0b39312..db1835430f01e 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -1488,7 +1488,7 @@ static void test_prepare() /* now, execute the prepared statement to insert 10 records.. */ for (tiny_data= 0; tiny_data < 100; tiny_data++) { - length[1]= sprintf(str_data, "MySQL%d", int_data); + length[1]= snprintf(str_data, sizeof(str_data), "MySQL%d", int_data); rc= mysql_stmt_execute(stmt); check_execute(stmt, rc); int_data += 25; @@ -1527,7 +1527,7 @@ static void test_prepare() /* now, execute the prepared statement to insert 10 records.. */ for (o_tiny_data= 0; o_tiny_data < 100; o_tiny_data++) { - len= sprintf(data, "MySQL%d", o_int_data); + len= snprintf(data, sizeof(data), "MySQL%d", o_int_data); rc= mysql_stmt_fetch(stmt); check_execute(stmt, rc); @@ -2944,7 +2944,7 @@ static void test_simple_update() my_bind[0].buffer= szData; /* string data */ my_bind[0].buffer_length= sizeof(szData); my_bind[0].length= &length[0]; - length[0]= sprintf(szData, "updated-data"); + length[0]= snprintf(szData, sizeof(szData), "updated-data"); my_bind[1].buffer= (void *) &nData; my_bind[1].buffer_type= MYSQL_TYPE_LONG; @@ -3140,7 +3140,7 @@ static void test_long_data_str() DIE_UNLESS(rc == 1); mysql_free_result(result); - sprintf(data, "%d", i*5); + snprintf(data, sizeof(data), "%d", i*5); verify_col_data("test_long_data_str", "LENGTH(longstr)", data); data[0]= '\0'; while (i--) @@ -3198,7 +3198,7 @@ static void test_long_data_str1() rc= mysql_stmt_bind_param(stmt, my_bind); check_execute(stmt, rc); - length= sprintf(data, "MySQL AB"); + length= snprintf(data, sizeof(data), "MySQL AB"); /* supply data in pieces */ for (i= 0; i < 3; i++) @@ -3238,10 +3238,10 @@ static void test_long_data_str1() DIE_UNLESS(rc == 1); mysql_free_result(result); - sprintf(data, "%ld", (long)i*length); + snprintf(data, sizeof(data), "%ld", (long)i*length); verify_col_data("test_long_data_str", "length(longstr)", data); - sprintf(data, "%d", i*2); + snprintf(data, sizeof(data), "%d", i*2); verify_col_data("test_long_data_str", "length(blb)", data); /* Test length of field->max_length */ @@ -3513,7 +3513,7 @@ static void test_update() my_bind[0].buffer= szData; my_bind[0].buffer_length= sizeof(szData); my_bind[0].length= &length[0]; - length[0]= sprintf(szData, "inserted-data"); + length[0]= snprintf(szData, sizeof(szData), "inserted-data"); my_bind[1].buffer= (void *)&nData; my_bind[1].buffer_type= MYSQL_TYPE_LONG; @@ -3542,7 +3542,7 @@ static void test_update() my_bind[0].buffer= szData; my_bind[0].buffer_length= sizeof(szData); my_bind[0].length= &length[0]; - length[0]= sprintf(szData, "updated-data"); + length[0]= snprintf(szData, sizeof(szData), "updated-data"); my_bind[1].buffer= (void *)&nData; my_bind[1].buffer_type= MYSQL_TYPE_LONG; @@ -4111,7 +4111,7 @@ static void bind_fetch(int row_count) /* CHAR */ { char buff[20]; - long len= sprintf(buff, "%d", rc); + long len= snprintf(buff, sizeof(buff), "%d", rc); DIE_UNLESS(strcmp(s_data, buff) == 0); DIE_UNLESS(length[6] == (ulong) len); } @@ -4704,7 +4704,7 @@ static void test_insert() /* now, execute the prepared statement to insert 10 records.. */ for (tiny_data= 0; tiny_data < 3; tiny_data++) { - length= sprintf(str_data, "MySQL%d", tiny_data); + length= snprintf(str_data, sizeof(str_data), "MySQL%d", tiny_data); rc= mysql_stmt_execute(stmt); check_execute(stmt, rc); } @@ -8952,7 +8952,7 @@ static void test_mem_overun() strxmov(buffer, "create table t_mem_overun(", NullS); for (i= 0; i < 1000; i++) { - sprintf(field, "c%u int", i); + snprintf(field, sizeof(field), "c%u int", i); strxmov(buffer, buffer, field, ", ", NullS); } length= strlen(buffer); @@ -9399,7 +9399,7 @@ static void test_ts() { int row_count= 0; - sprintf(query, queries[field_count], name); + snprintf(query, sizeof(query), queries[field_count], name); if (!opt_silent) fprintf(stdout, "\n %s", query); @@ -11713,7 +11713,7 @@ static void test_view_star() myquery(rc); bzero((char*) my_bind, sizeof(my_bind)); for (i= 0; i < 2; i++) { - sprintf((char *)&parms[i], "%d", i); + snprintf((char *)&parms[i], sizeof(parms[i]), "%d", i); my_bind[i].buffer_type = MYSQL_TYPE_VAR_STRING; my_bind[i].buffer = (char *)&parms[i]; my_bind[i].buffer_length = 100; @@ -12068,7 +12068,7 @@ static void test_bug5399() for (stmt= stmt_list; stmt != stmt_list + NUM_OF_USED_STMT; ++stmt) { - sprintf(buff, "select %d", (int) (stmt - stmt_list)); + snprintf(buff, sizeof(buff), "select %d", (int) (stmt - stmt_list)); *stmt= mysql_stmt_init(mysql); rc= mysql_stmt_prepare(*stmt, buff, strlen(buff)); check_execute(*stmt, rc); @@ -12100,6 +12100,8 @@ static void test_bug5194() MYSQL_BIND *my_bind; char *query; char *param_str; + size_t param_str_size; + size_t query_size; int param_str_length; const char *stmt_text; int rc; @@ -12196,9 +12198,11 @@ static void test_bug5194() myquery(rc); my_bind= (MYSQL_BIND*) malloc(MAX_PARAM_COUNT * sizeof(MYSQL_BIND)); - query= (char*) malloc(strlen(query_template) + - MAX_PARAM_COUNT * CHARS_PER_PARAM + 1); - param_str= (char*) malloc(COLUMN_COUNT * CHARS_PER_PARAM); + query_size= strlen(query_template) + + MAX_PARAM_COUNT * CHARS_PER_PARAM + 1; + query= (char*) malloc(query_size); + param_str_size= COLUMN_COUNT * CHARS_PER_PARAM; + param_str= (char*) malloc(param_str_size); if (my_bind == 0 || query == 0 || param_str == 0) { @@ -12215,7 +12219,7 @@ static void test_bug5194() stmt= mysql_stmt_init(mysql); /* setup a template for one row of parameters */ - sprintf(param_str, "("); + snprintf(param_str, param_str_size, "("); for (i= 1; i < COLUMN_COUNT; ++i) strcat(param_str, "?, "); strcat(param_str, "?)"); @@ -12239,7 +12243,7 @@ static void test_bug5194() { char *query_ptr; /* Create statement text for current number of rows */ - sprintf(query, query_template, param_str); + snprintf(query, query_size, query_template, param_str); query_ptr= query + strlen(query); for (i= 1; i < nrows; ++i) { @@ -13744,7 +13748,7 @@ static void test_bug8378() /* No escaping should have actually happened. */ DIE_UNLESS(memcmp(out, TEST_BUG8378_OUT, len) == 0); - sprintf(buf, "SELECT '%s'", out); + snprintf(buf, sizeof(buf), "SELECT '%s'", out); rc=mysql_real_query(lmysql, buf, strlen(buf)); myquery(rc); @@ -14435,8 +14439,8 @@ static void test_bug10794() for (i= 0; i < 42; i++) { id_val= (i+1)*10; - sprintf(a, "a%d", i); - a_len= strlen(a); /* safety against broken sprintf */ + snprintf(a, sizeof(a), "a%d", i); + a_len= strlen(a); /* safety against broken snprintf */ rc= mysql_stmt_execute(stmt); check_execute(stmt, rc); } @@ -14798,7 +14802,7 @@ static void test_bug10760() for (; i < 42; ++i) { char buf[100]; - sprintf(buf, "insert into t1 (id) values (%d)", i+1); + snprintf(buf, sizeof(buf), "insert into t1 (id) values (%d)", i+1); rc= mysql_query(mysql, buf); myquery(rc); } @@ -16767,24 +16771,24 @@ static void test_bug27876() mytest(result); mysql_free_result(result); - sprintf(query, "DROP FUNCTION IF EXISTS %s", (char*) utf8_func); + snprintf(query, sizeof(query), "DROP FUNCTION IF EXISTS %s", (char*) utf8_func); rc= mysql_query(mysql, query); myquery(rc); - sprintf(query, + snprintf(query, sizeof(query), "CREATE FUNCTION %s( %s VARCHAR(25))" " RETURNS VARCHAR(25) DETERMINISTIC RETURN %s", (char*) utf8_func, (char*) utf8_param, (char*) utf8_param); rc= mysql_query(mysql, query); myquery(rc); - sprintf(query, "SELECT %s(VERSION())", (char*) utf8_func); + snprintf(query, sizeof(query), "SELECT %s(VERSION())", (char*) utf8_func); rc= mysql_query(mysql, query); myquery(rc); result= mysql_store_result(mysql); mytest(result); mysql_free_result(result); - sprintf(query, "DROP FUNCTION %s", (char*) utf8_func); + snprintf(query, sizeof(query), "DROP FUNCTION %s", (char*) utf8_func); rc= mysql_query(mysql, query); myquery(rc); @@ -16869,18 +16873,18 @@ static void test_change_user() myheader("test_change_user"); /* Prepare environment */ - sprintf(buff, "drop database if exists %s", db); + snprintf(buff, sizeof(buff), "drop database if exists %s", db); rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, "create database %s", db); + snprintf(buff, sizeof(buff), "create database %s", db); rc= mysql_query(mysql, buff); myquery(rc); rc= mysql_query(mysql, "SET SQL_MODE=''"); myquery(rc); - sprintf(buff, + snprintf(buff, sizeof(buff), "grant select on %s.* to %s@'%%' identified by '%s'", db, user_pw, @@ -16888,7 +16892,7 @@ static void test_change_user() rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, + snprintf(buff, sizeof(buff), "grant select on %s.* to %s@'localhost' identified by '%s'", db, user_pw, @@ -16896,14 +16900,14 @@ static void test_change_user() rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, + snprintf(buff, sizeof(buff), "grant select on %s.* to %s@'%%'", db, user_no_pw); rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, + snprintf(buff, sizeof(buff), "grant select on %s.* to %s@'localhost'", db, user_no_pw); @@ -17092,23 +17096,23 @@ static void test_change_user() mysql_close(conn); - sprintf(buff, "drop database %s", db); + snprintf(buff, sizeof(buff), "drop database %s", db); rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, "drop user %s@'%%'", user_pw); + snprintf(buff, sizeof(buff), "drop user %s@'%%'", user_pw); rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, "drop user %s@'%%'", user_no_pw); + snprintf(buff, sizeof(buff), "drop user %s@'%%'", user_no_pw); rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, "drop user %s@'localhost'", user_pw); + snprintf(buff, sizeof(buff), "drop user %s@'localhost'", user_pw); rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, "drop user %s@'localhost'", user_no_pw); + snprintf(buff, sizeof(buff), "drop user %s@'localhost'", user_no_pw); rc= mysql_query(mysql, buff); myquery(rc); @@ -18005,7 +18009,7 @@ static void test_wl4166_1() /* now, execute the prepared statement to insert 10 records.. */ for (tiny_data= 0; tiny_data < 10; tiny_data++) { - length[1]= sprintf(str_data, "MySQL%d", int_data); + length[1]= snprintf(str_data, sizeof(str_data), "MySQL%d", int_data); rc= mysql_stmt_execute(stmt); check_execute(stmt, rc); int_data += 25; @@ -18028,7 +18032,7 @@ static void test_wl4166_1() for (tiny_data= 50; tiny_data < 60; tiny_data++) { - length[1]= sprintf(str_data, "MySQL%d", int_data); + length[1]= snprintf(str_data, sizeof(str_data), "MySQL%d", int_data); rc= mysql_stmt_execute(stmt); check_execute(stmt, rc); int_data += 25; @@ -20030,7 +20034,7 @@ static void test_bug17512527() check_stmt(stmt2); thread_id= mysql_thread_id(conn); - sprintf(query, "KILL %lu", thread_id); + snprintf(query, sizeof(query), "KILL %lu", thread_id); if (thread_query(query)) exit(1); @@ -20580,7 +20584,7 @@ static void test_proxy_header_tcp(const char *ipaddr, int port) myheader("test_proxy_header_tcp"); memset(&v2_header, 0, sizeof(v2_header)); - sprintf(text_header,"PROXY %s %s %s %d 3306\r\n",family == AF_INET?"TCP4":"TCP6", ipaddr, ipaddr, port); + snprintf(text_header, sizeof(text_header), "PROXY %s %s %s %d 3306\r\n",family == AF_INET?"TCP4":"TCP6", ipaddr, ipaddr, port); inet_pton(family,ipaddr,addr_bin); @@ -20605,7 +20609,7 @@ static void test_proxy_header_tcp(const char *ipaddr, int port) memcpy(v2_header.addr.ip6.dst_addr,addr_bin, sizeof (v2_header.addr.ip6.dst_addr)); } - sprintf(query,"CREATE USER 'u'@'%s' IDENTIFIED BY 'password'",normalized_addr); + snprintf(query, sizeof(query), "CREATE USER 'u'@'%s' IDENTIFIED BY 'password'",normalized_addr); rc= mysql_query(mysql, query); myquery(rc); @@ -20645,7 +20649,7 @@ static void test_proxy_header_tcp(const char *ipaddr, int port) } mysql_close(m); } - sprintf(query,"DROP USER 'u'@'%s'",normalized_addr); + snprintf(query, sizeof(query), "DROP USER 'u'@'%s'",normalized_addr); rc = mysql_query(mysql, query); myquery(rc); } diff --git a/tests/select_test.c b/tests/select_test.c index 648a86135a8a0..73b810aaa875e 100644 --- a/tests/select_test.c +++ b/tests/select_test.c @@ -50,7 +50,7 @@ int main(int argc, char **argv) num = atoi(argv[2]); while (count < num) { - sprintf(qbuf,SELECT_QUERY,count); + snprintf(qbuf,sizeof(qbuf),SELECT_QUERY,count); if(mysql_query(sock,qbuf)) { fprintf(stderr,"Query failed (%s)\n",mysql_error(sock)); diff --git a/tests/showdb_test.c b/tests/showdb_test.c index e6b8989e36c34..1d3522149fa3b 100644 --- a/tests/showdb_test.c +++ b/tests/showdb_test.c @@ -51,7 +51,7 @@ int main(int argc, char **argv) num = atoi(argv[2]); while (count < num) { - sprintf(qbuf,SELECT_QUERY,count); + snprintf(qbuf,sizeof(qbuf),SELECT_QUERY,count); if(!(res=mysql_list_dbs(sock,NULL))) { fprintf(stderr,"Query failed (%s)\n",mysql_error(sock)); diff --git a/tests/ssl_test.c b/tests/ssl_test.c index d15d553b67a0e..cd07f21434125 100644 --- a/tests/ssl_test.c +++ b/tests/ssl_test.c @@ -56,7 +56,7 @@ int main(int argc, char **argv) num = atoi(argv[2]); while (count < num) { - sprintf(qbuf,SELECT_QUERY,count); + snprintf(qbuf,sizeof(qbuf),SELECT_QUERY,count); if(mysql_query(sock,qbuf)) { fprintf(stderr,"Query failed (%s)\n",mysql_error(sock)); diff --git a/unittest/mysys/base64-t.c b/unittest/mysys/base64-t.c index 590e285d45366..339f265525b34 100644 --- a/unittest/mysys/base64-t.c +++ b/unittest/mysys/base64-t.c @@ -71,19 +71,19 @@ main(int argc __attribute__((unused)),char *argv[]) diag(" --------- src --------- --------- dst ---------"); for (k= 0; k static ulong start_timer(void); -static void end_timer(ulong start_time,char *buff); -static void nice_time(double sec,char *buff,my_bool part_second); +static void end_timer(ulong start_time, char *buff, size_t buff_size); +static void nice_time(double sec,char *buff, size_t buff_size, + my_bool part_second); /* Visual Studio 2003 does not know vsnprintf but knows _vsnprintf. @@ -337,7 +338,7 @@ int exit_status() } if (start_time) { - end_timer(start_time, buff); + end_timer(start_time, buff, sizeof(buff)); printf("Test took %s\n", buff); fflush(stdout); } @@ -373,38 +374,44 @@ static ulong start_timer(void) len("4294967296 days, 23 hours, 59 minutes, 60.00 seconds") -> 52 */ -static void nice_time(double sec,char *buff, my_bool part_second) +static void nice_time(double sec,char *buff, size_t buff_size, + my_bool part_second) { ulong tmp; + char *end= buff + buff_size; + int len; if (sec >= 3600.0*24) { tmp=(ulong) (sec/(3600.0*24)); sec-=3600.0*24*tmp; - buff+= sprintf(buff, "%ld %s", tmp, tmp > 1 ? " days " : " day "); + len= snprintf(buff, end - buff, "%ld %s", tmp, tmp > 1 ? " days " : " day "); + buff+= len; } if (sec >= 3600.0) { tmp=(ulong) (sec/3600.0); sec-=3600.0*tmp; - buff+= sprintf(buff, "%ld %s", tmp, tmp > 1 ? " hours " : " hour "); + len= snprintf(buff, end - buff, "%ld %s", tmp, tmp > 1 ? " hours " : " hour "); + buff+= len; } if (sec >= 60.0) { tmp=(ulong) (sec/60.0); sec-=60.0*tmp; - buff+= sprintf(buff, "%ld min ", tmp); + len= snprintf(buff, end - buff, "%ld min ", tmp); + buff+= len; } if (part_second) - sprintf(buff,"%.2f sec",sec); + snprintf(buff, end - buff, "%.2f sec",sec); else - sprintf(buff,"%d sec",(int) sec); + snprintf(buff, end - buff, "%d sec",(int) sec); } -static void end_timer(ulong start_time,char *buff) +static void end_timer(ulong start_time, char *buff, size_t buff_size) { nice_time((double) (start_timer() - start_time) / - CLOCKS_PER_SEC,buff,1); + CLOCKS_PER_SEC, buff, buff_size, 1); } diff --git a/unittest/strings/strings-t.c b/unittest/strings/strings-t.c index a681a4d38a155..da2f9b4e35534 100644 --- a/unittest/strings/strings-t.c +++ b/unittest/strings/strings-t.c @@ -623,7 +623,7 @@ str2hex(char *dst, size_t dstlen, const char *src, size_t srclen) const char *srcend= src + srclen; for (*dst= '\0' ; dst + 3 < dstend && src < srcend; ) { - sprintf(dst, "%02X", (unsigned char) src[0]); + snprintf(dst, dstend - dst, "%02X", (unsigned char) src[0]); dst+=2; src++; } diff --git a/win/upgrade_wizard/upgradeDlg.cpp b/win/upgrade_wizard/upgradeDlg.cpp index 10a1787c23111..8c04443cdad33 100644 --- a/win/upgrade_wizard/upgradeDlg.cpp +++ b/win/upgrade_wizard/upgradeDlg.cpp @@ -196,7 +196,7 @@ void CUpgradeDlg::PopulateServicesList() if (service_props.version_major) { char ver[64]; - sprintf(ver, "%d.%d.%d", service_props.version_major, + snprintf(ver, sizeof(ver), "%d.%d.%d", service_props.version_major, service_props.version_minor, service_props.version_patch); props.version= ver; } @@ -221,7 +221,7 @@ void CUpgradeDlg::PopulateServicesList() else { char message[128]; - sprintf(message, + snprintf(message, sizeof(message), "There is no service that can be upgraded to " PRODUCT_NAME " %d.%d.%d", m_MajorVersion, m_MinorVersion, m_PatchVersion); MessageBox(message, PRODUCT_NAME " Upgrade Wizard", MB_ICONINFORMATION); @@ -254,7 +254,7 @@ BOOL CUpgradeDlg::OnInitDialog() GetMyVersion(&m_MajorVersion, &m_MinorVersion, &m_PatchVersion); char windowTitle[64]; - sprintf(windowTitle, PRODUCT_NAME " %d.%d.%d Upgrade Wizard", + snprintf(windowTitle, sizeof(windowTitle), PRODUCT_NAME " %d.%d.%d Upgrade Wizard", m_MajorVersion, m_MinorVersion, m_PatchVersion); SetWindowText(windowTitle); @@ -401,7 +401,7 @@ void CUpgradeDlg::UpgradeOneService(const string& servicename) if(!AssignProcessToJobObject(m_JobObject, pi.hProcess)) { char errmsg[128]; - sprintf(errmsg, "AssignProcessToJobObject failed, error %d", + snprintf(errmsg, sizeof(errmsg), "AssignProcessToJobObject failed, error %d", GetLastError()); ErrorExit(errmsg); }