git:master:a62d7118: core: utils/srjson - use snprintf() for silenting analyzers - sr-dev

8 Nov 2023

Module: kamailio
Branch: master
Commit: a62d7118a2f86a82fd080ed4a89a0833e8c4d1a2
URL: https://github.com/kamailio/kamailio/commit/a62d7118a2f86a82fd080ed4a89a0833...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2023-11-08T18:44:58+01:00
core: utils/srjson - use snprintf() for silenting analyzers
---
Modified: src/core/utils/srjson.c
---
Diff:  https://github.com/kamailio/kamailio/commit/a62d7118a2f86a82fd080ed4a89a0833...
Patch: https://github.com/kamailio/kamailio/commit/a62d7118a2f86a82fd080ed4a89a0833...
---

diff --git a/src/core/utils/srjson.c b/src/core/utils/srjson.c
index 76ef80a1555..5960932f545 100644
--- a/src/core/utils/srjson.c
+++ b/src/core/utils/srjson.c
@@ -205,20 +205,20 @@ static char *print_number(srjson_doc_t *doc, srjson_t *item)
    int i = (int)d;
    if(fabs(((double)i) - d) <= DBL_EPSILON && d <= INT_MAX && d >= INT_MIN) {
    	str = (char *)doc->malloc_fn(21); /* 2^64+1 can be
-							 * represented in 21
-							 * chars. */
+							 * represented in 20+1
+							 * chars (including 0-termination). */
    	if(str)
-			sprintf(str, "%d", i);
+			snprintf(str, 21, "%d", i);
    } else {
    	str = (char *)doc->malloc_fn(64); /* This is a nice
    						 * tradeoff. */
    	if(str) {
    		if(fabs(floor(d) - d) <= DBL_EPSILON)
-				sprintf(str, "%.0f", d);
+				snprintf(str, 21, "%.0f", d);
    		else if(fabs(d) < 1.0e-6 || fabs(d) > 1.0e9)
-				sprintf(str, "%e", d);
+				snprintf(str, 21, "%e", d);
    		else
-				sprintf(str, "%f", d);
+				snprintf(str, 21, "%f", d);
    	}
    }
    return str;
@@ -384,7 +384,7 @@ static char *print_string_ptr(srjson_doc_t *doc, const char *str)
    				*ptr2++ = 't';
    				break;
    			default:
-					sprintf(ptr2, "u%04x", token);
+					snprintf(ptr2, 6, "u%04x", token);
    				ptr2 += 5;
    				break; /* escape and print */
    		}

    