MDEV-39173 Replace sprintf with snprintf

client/mysql.cc

@@ -1162,8 +1162,9 @@ static void print_table_data_xml(MYSQL_RES *result);
 static void print_tab_data(MYSQL_RES *result);
 static void print_table_data_vertically(MYSQL_RES *result);
 static void print_warnings(void);
-static void end_timer(ulonglong start_time, char *buff);
-static void nice_time(double sec,char *buff,bool part_second);
+static void end_timer(ulonglong start_time, char *buff, size_t buff_size);
+static void nice_time(double sec, char *buff, size_t buff_size,
+                      bool part_second);
 extern "C" sig_handler mysql_end(int sig) __attribute__ ((noreturn));
 extern "C" sig_handler handle_sigint(int sig);
 #if defined(HAVE_TERMIOS_H) && defined(GWINSZ_IN_SYS_IOCTL)
@@ -1418,10 +1419,13 @@ int main(int argc,char *argv[])
       histfile=my_strdup(PSI_NOT_INSTRUMENTED, getenv("MYSQL_HISTFILE"),MYF(MY_WME));
     else if (getenv("HOME"))
     {
+      size_t histfile_size=
+        strlen(getenv("HOME")) + strlen("/.mysql_history") + 2;
       histfile=(char*) my_malloc(PSI_NOT_INSTRUMENTED,
-            strlen(getenv("HOME")) + strlen("/.mysql_history")+2, MYF(MY_WME));
+            histfile_size, MYF(MY_WME));
       if (histfile)
-	sprintf(histfile,"%s/.mysql_history",getenv("HOME"));
+	snprintf(histfile, histfile_size,
+                 "%s/.mysql_history", getenv("HOME"));
       char link_name[FN_REFLEN];
       if (my_readlink(link_name, histfile, 0) == 0 &&
           strncmp(link_name, "/dev/null", 10) == 0)
@@ -3661,7 +3665,7 @@ static int com_go(String *buffer, char *)
     }
 
     if (verbose >= 3 || !opt_silent)
-      end_timer(timer, time_buff);
+      end_timer(timer, time_buff, sizeof(time_buff));
     else
       time_buff[0]= '\0';
 
@@ -3697,9 +3701,9 @@ static int com_go(String *buffer, char *)
 	  print_tab_data(result);
 	else
 	  print_table_data(result);
-	snprintf(buff, sizeof(buff), "%ld %s in set",
-		(long) mysql_num_rows(result),
-		(long) mysql_num_rows(result) == 1 ? "row" : "rows");
+	snprintf(buff, sizeof(buff), "%llu %s in set",
+		mysql_num_rows(result),
+		mysql_num_rows(result) == 1 ? "row" : "rows");
 	end_pager();
         if (mysql_errno(&mysql))
         {
@@ -3890,7 +3894,7 @@ static char *fieldflags2str(uint f) {
   ff2s_check_flag(ON_UPDATE_NOW);
 #undef ff2s_check_flag
   if (f)
-    snprintf(s, sizeof(buf), " unknows=0x%04x", f);
+    snprintf(s, sizeof(buf) - (size_t)(s - buf), " unknown=0x%04x", f);
   return buf;
 }
 
@@ -4604,7 +4608,7 @@ com_edit(String *buffer,char *)
   strxmov(buff,editor," ",filename,NullS);
   if ((error= system(buff)))
   {
-    char errmsg[100];
+    char errmsg[sizeof("Command '%.40s' failed") - 1 + 40];
     snprintf(errmsg, sizeof(errmsg), "Command '%.40s' failed", buff);
     put_info(errmsg, INFO_ERROR, 0, NullS);
     goto err;
@@ -5289,7 +5293,7 @@ static int com_status(String *, char *)
     tee_fprintf(stdout, "%.*s\t\t\t", (int) (pos-status_str), status_str);
     if ((status_str= str2int(pos,10,0,LONG_MAX,(long*) &sec)))
     {
-      nice_time((double) sec,buff,0);
+      nice_time((double) sec,buff, sizeof(buff),0);
       tee_puts(buff, stdout);			/* print nice time */
       while (*status_str == ' ')
         status_str++;  /* to next info */
@@ -5508,8 +5512,10 @@ void tee_putc(int c, FILE *file)
 
   len("4294967296 days, 23 hours, 59 minutes, 60.000 seconds")  ->  53
 */
-static void nice_time(double sec, char *buff, bool part_second)
+static void nice_time(double sec, char *buff, size_t buff_size,
+                      bool part_second)
 {
+  char *buff_end= buff + buff_size;
   ulong tmp;
   if (sec >= 3600.0*24)
   {
@@ -5533,21 +5539,23 @@ static void nice_time(double sec, char *buff, bool part_second)
     buff=strmov(buff," min ");
   }
   if (part_second)
-    sprintf(buff,"%.3f sec",sec);
+    snprintf(buff, buff_end - buff, "%.3f sec", sec);
   else
-    sprintf(buff,"%d sec",(int) sec);
+    snprintf(buff, buff_end - buff, "%d sec", (int) sec);
 }
 
 
-static void end_timer(ulonglong start_time, char *buff)
+static void end_timer(ulonglong start_time, char *buff, size_t buff_size)
 {
   double sec;
 
+  if (buff_size < 4)
+    return;
   buff[0]=' ';
   buff[1]='(';
   sec= (microsecond_interval_timer() - start_time) / (double) (1000 * 1000);
-  nice_time(sec, buff + 2, 1);
-  strmov(strend(buff),")");
+  nice_time(sec, buff + 2, buff_size - 2, 1);
+  snprintf(strend(buff), buff_size - (strend(buff) - buff), ")");
 }
 
 static const char *construct_prompt()

client/mysqladmin.cc

@@ -752,7 +752,7 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
 
       if (opt_shutdown_wait_for_slaves)
       {
-        sprintf(buff, "SHUTDOWN WAIT FOR ALL SLAVES");
+        snprintf(buff, sizeof(buff), "SHUTDOWN WAIT FOR ALL SLAVES");
         if (mysql_query(mysql, buff))
         {
           my_printf_error(0, "%s failed; error: '%-.200s'",

client/mysqlbinlog.cc

@@ -318,13 +318,14 @@ class Load_log_processor
     @retval -1 Error (can't find new filename).
     @retval >=0 Found file.
   */
-  File create_unique_file(char *filename, char *file_name_end)
+  File create_unique_file(char *filename, char *file_name_end,
+                          size_t buf_remaining)
     {
       File res;
       /* If we have to try more than 1000 times, something is seriously wrong */
       for (uint version= 0; version<1000; version++)
       {
-	sprintf(file_name_end,"-%x",version);
+	snprintf(file_name_end, buf_remaining, "-%x", version);
 	if ((res= my_create(filename,0,
 			    O_CREAT|O_EXCL|O_BINARY|O_WRONLY,MYF(0)))!=-1)
 	  return res;
@@ -462,7 +463,8 @@ File Load_log_processor::prepare_new_file_for_old_format(Load_log_event *le,
   len= strlen(filename);
   tail= filename + len;
 
-  if ((file= create_unique_file(filename,tail)) < 0)
+  if ((file= create_unique_file(filename, tail,
+                                FN_REFLEN + 1 - len)) < 0)
   {
     error("Could not construct local filename %s.",filename);
     return -1;
@@ -587,7 +589,8 @@ Exit_status Load_log_processor::process_first_event(const char *bname,
   //so the rest of fname has size full_len - target_dir_name_len
   ptr+= snprintf(ptr, full_len - target_dir_name_len, "-%x", file_id);
 
-  if ((file= create_unique_file(fname,ptr)) < 0)
+  if ((file= create_unique_file(fname, ptr,
+                                full_len - (size_t) (ptr - fname))) < 0)
   {
     error("Could not construct local filename %s%s.",
           target_dir_name,bname);
@@ -1460,7 +1463,6 @@ Exit_status process_event(PRINT_EVENT_INFO *print_event_info, Log_event *ev,
             exit(1);
           }
 
-          memset(tmp_sql, 0, sizeof(tmp_sql));
           snprintf(tmp_sql, sizeof(tmp_sql), " "
                   "SELECT Group_concat(cols) "
                   "FROM   (SELECT 'op_type char(1)' cols "
@@ -1507,11 +1509,9 @@ Exit_status process_event(PRINT_EVENT_INFO *print_event_info, Log_event *ev,
             }
             else
             {
-              memset(tmp_sql, 0, sizeof(tmp_sql));
               snprintf(tmp_sql, sizeof(tmp_sql), "__%s", map->get_table_name());
               ev->set_flashback_review_tablename(tmp_sql);
             }
-            memset(tmp_sql, 0, sizeof(tmp_sql));
             tmp_sql_offset= snprintf(tmp_sql, sizeof(tmp_sql), "CREATE TABLE IF NOT EXISTS");
             tmp_sql_offset+= snprintf(tmp_sql + tmp_sql_offset, sizeof(tmp_sql) - (uint) tmp_sql_offset, " `%s`.`%s` (%s) %s",
                                      ev->get_flashback_review_dbname(),
@@ -1537,7 +1537,7 @@ Exit_status process_event(PRINT_EVENT_INFO *print_event_info, Log_event *ev,
           else
           {
             memset(tmp_str, 0, sizeof(tmp_str));
-            snprintf(tmp_str, sizeof(tmp_sql), "__%s", map->get_table_name());
+            snprintf(tmp_str, sizeof(tmp_str), "__%s", map->get_table_name());
             ev->set_flashback_review_tablename(tmp_str);
           }
         }
@@ -2801,9 +2801,9 @@ static Exit_status check_master_version()
       char buf[256];
       rpl_gtid *start_gtid= &start_gtids[gtid_idx];
 
-      sprintf(buf, "%u-%u-%llu",
-              start_gtid->domain_id, start_gtid->server_id,
-              start_gtid->seq_no);
+      snprintf(buf, sizeof(buf), "%u-%u-%llu",
+               start_gtid->domain_id, start_gtid->server_id,
+               start_gtid->seq_no);
       query_str.append(buf, strlen(buf));
       if (gtid_idx < n_start_gtids - 1)
         query_str.append(',');

client/mysqldump.c

@@ -838,7 +838,7 @@ static void write_footer(FILE *sql_file)
     if (opt_dump_date)
     {
       char time_str[20];
-      get_date(time_str, GETDATE_DATE_TIME, 0);
+      get_date(time_str, sizeof(time_str), GETDATE_DATE_TIME, 0);
       print_comment(sql_file, 0, "-- Dump completed on %s\n", time_str);
     }
     else
@@ -6165,7 +6165,8 @@ const char fmt_gtid_pos[]= "%sSET GLOBAL gtid_slave_pos='%s';\n";
 
 static int do_show_master_status(MYSQL *mysql_con, int consistent_binlog_pos,
                                  int have_mariadb_gtid, int use_gtid,
-                                 char *set_gtid_pos)
+                                 char *set_gtid_pos,
+                                 size_t set_gtid_pos_size)
 {
   MYSQL_ROW row;
   MYSQL_RES *UNINIT_VAR(master);
@@ -6240,8 +6241,8 @@ static int do_show_master_status(MYSQL *mysql_con, int consistent_binlog_pos,
                     "CHANGE-MASTER settings to the slave gtid state is printed "
                     "later in the file.\n");
     }
-    sprintf(set_gtid_pos, fmt_gtid_pos,
-            (!use_gtid ? "-- " : comment_prefix), gtid_pos);
+    snprintf(set_gtid_pos, set_gtid_pos_size, fmt_gtid_pos,
+             (!use_gtid ? "-- " : comment_prefix), gtid_pos);
   }
 
   /* SHOW MASTER STATUS reports file and position */
@@ -6331,7 +6332,8 @@ static int add_slave_statements(void)
 }
 
 static int do_show_slave_status(MYSQL *mysql_con, int have_mariadb_gtid,
-                                int use_gtid, char* set_gtid_pos)
+                                int use_gtid, char *set_gtid_pos,
+                                size_t set_gtid_pos_size)
 {
   MYSQL_RES *UNINIT_VAR(slave);
   MYSQL_ROW row;
@@ -6376,7 +6378,8 @@ static int do_show_slave_status(MYSQL *mysql_con, int have_mariadb_gtid,
                   "\n-- A corresponding to the below dump-slave "
                   "CHANGE-MASTER settings to the slave gtid state is printed "
                   "later in the file.\n");
-    sprintf(set_gtid_pos, fmt_gtid_pos, gtid_comment_prefix, gtid_pos);
+    snprintf(set_gtid_pos, set_gtid_pos_size, fmt_gtid_pos,
+             gtid_comment_prefix, gtid_pos);
   }
   if (use_gtid)
     print_comment(md_result_file, 0,
@@ -7248,11 +7251,15 @@ int main(int argc, char **argv)
 
   if (opt_master_data && do_show_master_status(mysql, consistent_binlog_pos,
                                                have_mariadb_gtid,
-                                               opt_use_gtid, master_set_gtid_pos))
+                                               opt_use_gtid,
+                                               master_set_gtid_pos,
+                                               sizeof(master_set_gtid_pos)))
     goto err;
   if (opt_slave_data && do_show_slave_status(mysql,
                                              have_mariadb_gtid,
-                                             opt_use_gtid, slave_set_gtid_pos))
+                                             opt_use_gtid,
+                                             slave_set_gtid_pos,
+                                             sizeof(slave_set_gtid_pos)))
     goto err;
   if (opt_single_transaction && do_unlock_tables(mysql)) /* unlock but no commit! */
     goto err;

client/mysqlimport.c

@@ -378,9 +378,9 @@ static int write_to_table(char *filename, MYSQL *mysql)
   }
   mysql_real_escape_string(mysql, escaped_name, hard_path,
                            (unsigned long) strlen(hard_path));
-  sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'",
-	  opt_low_priority ? "LOW_PRIORITY" : "",
-	  opt_local_file ? "LOCAL" : "", escaped_name);
+  snprintf(sql_statement, sizeof(sql_statement), "LOAD DATA %s %s INFILE '%s'",
+	   opt_low_priority ? "LOW_PRIORITY" : "",
+	   opt_local_file ? "LOCAL" : "", escaped_name);
   end= strend(sql_statement);
   if (replace)
     end= strmov(end, " REPLACE");

client/mysqltest.cc

@@ -2908,7 +2908,7 @@ VAR* var_get(const char *var_name, const char **var_name_end, my_bool raw,
 
   if (!raw && v->int_dirty)
   {
-    sprintf(v->str_val, "%d", v->int_val);
+    snprintf(v->str_val, v->alloced_len, "%d", v->int_val);
     v->int_dirty= false;
     v->str_val_len = strlen(v->str_val);
   }
@@ -2970,7 +2970,7 @@ void var_set(const char *var_name, const char *var_name_end,
   {
     if (v->int_dirty)
     {
-      sprintf(v->str_val, "%d", v->int_val);
+      snprintf(v->str_val, v->alloced_len, "%d", v->int_val);
       v->int_dirty=false;
       v->str_val_len= strlen(v->str_val);
     }
@@ -5234,7 +5234,8 @@ void do_sync_with_master2(struct st_command *command, long offset,
   if (!master_pos.file[0])
     die("Calling 'sync_with_master' without calling 'save_master_pos'");
 
-  snprintf(query_buf, sizeof(query_buf), "select master_pos_wait('%s', %ld, %d, '%s')",
+  snprintf(query_buf, sizeof(query_buf),
+          "select master_pos_wait('%s', %ld, %d, '%s')",
           master_pos.file, master_pos.pos + offset, timeout,
           connection_name);
 
@@ -10821,7 +10822,7 @@ void append_info(DYNAMIC_STRING *ds, ulonglong affected_rows,
                  const char *info)
 {
   char buf[40], buff2[21];
-  size_t len= sprintf(buf,"affected rows: %s\n", llstr(affected_rows, buff2));
+  size_t len= snprintf(buf, sizeof(buf), "affected rows: %s\n", llstr(affected_rows, buff2));
   dynstr_append_mem(ds, buf, len);
   if (info)
   {

extra/mariabackup/backup_copy.cc

@@ -1747,7 +1747,7 @@ copy_back()
 
 	for (uint i = 1; i <= TRX_SYS_MAX_UNDO_SPACES; i++) {
 		char filename[20];
-		sprintf(filename, "undo%03u", i);
+		snprintf(filename, sizeof(filename), "undo%03u", i);
 		if (!file_exists(filename)) {
 			break;
 		}

extra/mariabackup/backup_mysql.cc

@@ -148,7 +148,7 @@ xb_mysql_connect()
 	char mysql_port_str[std::numeric_limits<int>::digits10 + 3];
 	const char *user= opt_user ? opt_user : get_os_user();
 
-	sprintf(mysql_port_str, "%d", opt_port);
+	snprintf(mysql_port_str, sizeof(mysql_port_str), "%d", opt_port);
 
 	if (connection == NULL) {
 		msg("Failed to init MariaDB struct: %s.",

extra/mariabackup/common.h

@@ -54,7 +54,7 @@ static inline int vasprintf(char **strp, const char *fmt, va_list args)
   {
     return -1;
   }
-  vsprintf(*strp, fmt, args);
+  vsnprintf(*strp, len + 1, fmt, args);
   return len;
 }
 

extra/mariabackup/xbcloud.cc

@@ -491,7 +491,7 @@ static char *hex_md5(const unsigned char *hash, char *out)
 	int i;
 
 	for (i = 0, p = out; i < hash_len; i++, p+=2) {
-		sprintf(p, "%02x", hash[i]);
+		snprintf(p, 3, "%02x", hash[i]);
 	}
 
 	return out;
@@ -549,6 +549,7 @@ swift_temp_auth(const char *auth_url, swift_auth_info *info)
 	CURLcode res;
 	long http_code;
 	char *hdr_buf = NULL;
+	size_t hdr_buf_size = 0;
 	struct curl_slist *slist = NULL;
 
 	if (opt_swift_user == NULL) {
@@ -565,18 +566,19 @@ swift_temp_auth(const char *auth_url, swift_auth_info *info)
 
 	if (curl != NULL) {
 
-		hdr_buf = (char *)(calloc(14 + max(strlen(opt_swift_user),
-						   strlen(opt_swift_key)), 1));
+		hdr_buf_size = 14 + max(strlen(opt_swift_user),
+					strlen(opt_swift_key));
+		hdr_buf = (char *)(calloc(hdr_buf_size, 1));
 
 		if (!hdr_buf) {
 			res = CURLE_FAILED_INIT;
 			goto cleanup;
 		}
 
-		sprintf(hdr_buf, "X-Auth-User: %s", opt_swift_user);
+		snprintf(hdr_buf, hdr_buf_size, "X-Auth-User: %s", opt_swift_user);
 		slist = curl_slist_append(slist, hdr_buf);
 
-		sprintf(hdr_buf, "X-Auth-Key: %s", opt_swift_key);
+		snprintf(hdr_buf, hdr_buf_size, "X-Auth-Key: %s", opt_swift_key);
 		slist = curl_slist_append(slist, hdr_buf);
 
 		curl_easy_setopt(curl, CURLOPT_VERBOSE, opt_verbose);