From f8ed5c6f7e5b6bed4dce5bf5c2e4e636b69a817f Mon Sep 17 00:00:00 2001
From: "Ryan C. Gordon" <icculus@icculus.org>
Date: Sun, 9 Jul 2017 17:06:37 -0400
Subject: [PATCH] Replaced sprintf() calls with snprintf().

---
 src/archiver_dir.c     | 7 ++++---
 src/physfs.c           | 5 ++---
 src/platform_windows.c | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/archiver_dir.c b/src/archiver_dir.c
index 25ca8fd..59347d4 100644
--- a/src/archiver_dir.c
+++ b/src/archiver_dir.c
@@ -13,10 +13,11 @@
 
 
 
-static char *cvtToDependent(const char *prepend, const char *path, char *buf)
+static char *cvtToDependent(const char *prepend, const char *path,
+                            char *buf, const size_t buflen)
 {
     BAIL_IF(buf == NULL, PHYSFS_ERR_OUT_OF_MEMORY, NULL);
-    sprintf(buf, "%s%s", prepend ? prepend : "", path);
+    snprintf(buf, buflen, "%s%s", prepend ? prepend : "", path);
 
     if (__PHYSFS_platformDirSeparator != '/')
     {
@@ -31,7 +32,7 @@ static char *cvtToDependent(const char *prepend, const char *path, char *buf)
 
 #define CVT_TO_DEPENDENT(buf, pre, dir) { \
     const size_t len = ((pre) ? strlen((char *) pre) : 0) + strlen(dir) + 1; \
-    buf = cvtToDependent((char*)pre,dir,(char*)__PHYSFS_smallAlloc(len)); \
+    buf = cvtToDependent((char*)pre,dir,(char*)__PHYSFS_smallAlloc(len),len); \
 }
 
 
diff --git a/src/physfs.c b/src/physfs.c
index c2532ba..5ca0956 100644
--- a/src/physfs.c
+++ b/src/physfs.c
@@ -9,7 +9,6 @@
  */
 
 /* !!! FIXME: ERR_PAST_EOF shouldn't trigger for reads. Just return zero. */
-/* !!! FIXME: use snprintf(), not sprintf(). */
 
 #define __PHYSICSFS_INTERNAL__
 #include "physfs_internal.h"
@@ -1831,7 +1830,7 @@ static void setSaneCfgAddPath(const char *i, const size_t l, const char *dirsep,
     char *str = (char *) __PHYSFS_smallAlloc(allocsize);
     if (str != NULL)
     {
-        sprintf(str, "%s%s%s", d, dirsep, i);
+        snprintf(str, allocsize, "%s%s%s", d, dirsep, i);
         PHYSFS_mount(str, NULL, archivesFirst == 0);
         __PHYSFS_smallFree(str);
     } /* if */
@@ -2272,7 +2271,7 @@ static void enumCallbackFilterSymLinks(void *_data, const char *origdir,
         const DirHandle *dh = data->dirhandle;
         PHYSFS_Stat statbuf;
 
-        sprintf(path, "%s%s%s", trimmedDir, *trimmedDir ? "/" : "", fname);
+        snprintf(path, slen, "%s%s%s", trimmedDir, *trimmedDir ? "/" : "", fname);
         if (dh->funcs->stat(dh->opaque, path, &statbuf))
         {
             /* Pass it on to the application if it's not a symlink. */
diff --git a/src/platform_windows.c b/src/platform_windows.c
index 96a09a6..77e9ef1 100644
--- a/src/platform_windows.c
+++ b/src/platform_windows.c
@@ -413,7 +413,7 @@ char *__PHYSFS_platformCalcPrefDir(const char *org, const char *app)
         BAIL(PHYSFS_ERR_OUT_OF_MEMORY, NULL);
     } /* if */
 
-    sprintf(retval, "%s\\%s\\%s\\", utf8, org, app);
+    snprintf(retval, len, "%s\\%s\\%s\\", utf8, org, app);
     allocator.Free(utf8);
     return retval;
 } /* __PHYSFS_platformCalcPrefDir */