diff --git a/client/mysqladmin.cc b/client/mysqladmin.cc index 304e26afa3b4f..34d63db868407 100644 --- a/client/mysqladmin.cc +++ b/client/mysqladmin.cc @@ -684,7 +684,7 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv) } if (maybe_disable_binlog(mysql)) return -1; - sprintf(buff,"create database `%.*s`",FN_REFLEN,argv[1]); + snprintf(buff, sizeof(buff), "create database `%.*s`",FN_REFLEN,argv[1]); if (mysql_query(mysql,buff)) { my_printf_error(0,"CREATE DATABASE failed; error: '%-.200s'", @@ -725,7 +725,7 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv) if (opt_shutdown_wait_for_slaves) { - sprintf(buff, "SHUTDOWN WAIT FOR ALL SLAVES"); + snprintf(buff, sizeof(buff), "SHUTDOWN WAIT FOR ALL SLAVES"); if (mysql_query(mysql, buff)) { my_printf_error(0, "%s failed; error: '%-.200s'", @@ -1128,7 +1128,7 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv) } else crypted_pw[0]=0; /* No password */ - sprintf(buff,"set password='%s',sql_log_off=0",crypted_pw); + snprintf(buff, sizeof(buff), "set password='%s',sql_log_off=0",crypted_pw); if (mysql_query(mysql,"set sql_log_off=1")) { @@ -1373,7 +1373,7 @@ static int drop_db(MYSQL *mysql, const char *db) return -1; } } - sprintf(name_buff,"drop database `%.*s`",FN_REFLEN,db); + snprintf(name_buff,sizeof(name_buff), "drop database `%.*s`",FN_REFLEN,db); if (mysql_query(mysql,name_buff)) { my_printf_error(0, "DROP DATABASE %s failed;\nerror: '%s'", error_flags, diff --git a/client/mysqlbinlog.cc b/client/mysqlbinlog.cc index 92603f216cd3b..b78ccbef1879d 100644 --- a/client/mysqlbinlog.cc +++ b/client/mysqlbinlog.cc @@ -308,17 +308,18 @@ class Load_log_processor filename. The numerical suffix will be written to this position. Note that there must be a least five bytes of allocated memory after file_name_end. + @param[in] file_name_end_size Size of the memory area pointed to file_name_end. @retval -1 Error (can't find new filename). @retval >=0 Found file. */ - File create_unique_file(char *filename, char *file_name_end) + File create_unique_file(char *filename, char *file_name_end, size_t file_name_end_size) { File res; /* If we have to try more than 1000 times, something is seriously wrong */ for (uint version= 0; version<1000; version++) { - sprintf(file_name_end,"-%x",version); + snprintf(file_name_end, file_name_end_size,"-%x",version); if ((res= my_create(filename,0, O_CREAT|O_EXCL|O_BINARY|O_WRONLY,MYF(0)))!=-1) return res; @@ -440,9 +441,9 @@ Exit_status Load_log_processor::process_first_event(const char *bname, ptr= fname + target_dir_name_len; memcpy(ptr,bname,blen); ptr+= blen; - ptr+= sprintf(ptr, "-%x", file_id); + ptr+= snprintf(ptr, full_len - (ptr - fname), "-%x", file_id); - if ((file= create_unique_file(fname,ptr)) < 0) + if ((file= create_unique_file(fname,ptr,full_len - (ptr - fname))) < 0) { error("Could not construct local filename %s%s.", target_dir_name,bname); @@ -2546,7 +2547,7 @@ static Exit_status check_master_version() char buf[256]; rpl_gtid *start_gtid= &start_gtids[gtid_idx]; - sprintf(buf, "%u-%u-%llu", + snprintf(buf, sizeof(buf), "%u-%u-%llu", start_gtid->domain_id, start_gtid->server_id, start_gtid->seq_no); query_str.append(buf, strlen(buf)); diff --git a/client/mysqldump.cc b/client/mysqldump.cc index 811bf73ab9088..fc5d990478e34 100644 --- a/client/mysqldump.cc +++ b/client/mysqldump.cc @@ -6352,7 +6352,7 @@ const char fmt_gtid_pos[]= "%sSET GLOBAL gtid_slave_pos='%s';\n"; static int do_show_master_status(MYSQL *mysql_con, int consistent_binlog_pos, int have_mariadb_gtid, int use_gtid, - char *set_gtid_pos) + char *set_gtid_pos, size_t set_gtid_pos_size) { MYSQL_ROW row; MYSQL_RES *UNINIT_VAR(master); @@ -6427,7 +6427,7 @@ static int do_show_master_status(MYSQL *mysql_con, int consistent_binlog_pos, "CHANGE-MASTER settings to the slave gtid state is printed " "later in the file.\n"); } - sprintf(set_gtid_pos, fmt_gtid_pos, + snprintf(set_gtid_pos, set_gtid_pos_size, fmt_gtid_pos, (!use_gtid ? "-- " : comment_prefix), gtid_pos); } @@ -6479,7 +6479,7 @@ static int do_stop_slave_sql(MYSQL *mysql_con) { char query[160]; if (multi_source) - sprintf(query, "STOP SLAVE '%.80s' SQL_THREAD", row[0]); + snprintf(query, sizeof(query), "STOP SLAVE '%.80s' SQL_THREAD", row[0]); else strmov(query, "STOP SLAVE SQL_THREAD"); @@ -6518,7 +6518,8 @@ static int add_slave_statements(void) } static int do_show_slave_status(MYSQL *mysql_con, int have_mariadb_gtid, - int use_gtid, char* set_gtid_pos) + int use_gtid, char* set_gtid_pos, + size_t set_gtid_pos_size) { MYSQL_RES *UNINIT_VAR(slave); MYSQL_ROW row; @@ -6563,7 +6564,8 @@ static int do_show_slave_status(MYSQL *mysql_con, int have_mariadb_gtid, "\n-- A corresponding to the below dump-slave " "CHANGE-MASTER settings to the slave gtid state is printed " "later in the file.\n"); - sprintf(set_gtid_pos, fmt_gtid_pos, gtid_comment_prefix, gtid_pos); + snprintf(set_gtid_pos, set_gtid_pos_size, + fmt_gtid_pos, gtid_comment_prefix, gtid_pos); } if (use_gtid) print_comment(md_result_file, 0, @@ -6639,7 +6641,8 @@ static int do_start_slave_sql(MYSQL *mysql_con) { char query[160]; if (multi_source) - sprintf(query, "START SLAVE '%.80s' SQL_THREAD", row[0]); + snprintf(query, sizeof(query), + "START SLAVE '%.80s' SQL_THREAD", row[0]); else strmov(query, "START SLAVE SQL_THREAD"); @@ -7738,11 +7741,13 @@ int main(int argc, char **argv) if (opt_master_data && do_show_master_status(mysql, consistent_binlog_pos, have_mariadb_gtid, - opt_use_gtid, master_set_gtid_pos)) + opt_use_gtid, master_set_gtid_pos, + sizeof(master_set_gtid_pos))) goto err; if (opt_slave_data && do_show_slave_status(mysql, have_mariadb_gtid, - opt_use_gtid, slave_set_gtid_pos)) + opt_use_gtid, slave_set_gtid_pos, + sizeof(slave_set_gtid_pos))) goto err; if (opt_single_transaction && do_unlock_tables(mysql)) /* unlock but no commit! */ goto err; diff --git a/client/mysqlimport.cc b/client/mysqlimport.cc index 918a981d9ae5b..8f92b8b86e1d7 100644 --- a/client/mysqlimport.cc +++ b/client/mysqlimport.cc @@ -727,7 +727,8 @@ int table_load_params::load_data(MYSQL *mysql) } mysql_real_escape_string(mysql, escaped_name, hard_path, (unsigned long) strlen(hard_path)); - sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'", + snprintf(sql_statement, sizeof(sql_statement), + "LOAD DATA %s %s INFILE '%s'", opt_low_priority ? "LOW_PRIORITY" : "", opt_local_file ? "LOCAL" : "", escaped_name); diff --git a/extra/mariabackup/backup_copy.cc b/extra/mariabackup/backup_copy.cc index ed308c75c9e10..1385eb5cfe816 100644 --- a/extra/mariabackup/backup_copy.cc +++ b/extra/mariabackup/backup_copy.cc @@ -1753,7 +1753,7 @@ copy_back() for (uint i = 1; i <= TRX_SYS_MAX_UNDO_SPACES; i++) { char filename[20]; - sprintf(filename, "undo%03u", i); + snprintf(filename, sizeof(filename), "undo%03u", i); if (!file_exists(filename)) { break; } diff --git a/extra/mariabackup/backup_mysql.cc b/extra/mariabackup/backup_mysql.cc index 2bc0579fb7a95..d47f0bf253c52 100644 --- a/extra/mariabackup/backup_mysql.cc +++ b/extra/mariabackup/backup_mysql.cc @@ -148,7 +148,7 @@ xb_mysql_connect() char mysql_port_str[std::numeric_limits::digits10 + 3]; const char *user= opt_user ? opt_user : get_os_user(); - sprintf(mysql_port_str, "%d", opt_port); + snprintf(mysql_port_str, sizeof(mysql_port_str), "%d", opt_port); if (connection == NULL) { msg("Failed to init MariaDB struct: %s.", diff --git a/mysql-test/lib/My/SafeProcess/safe_process.cc b/mysql-test/lib/My/SafeProcess/safe_process.cc index dcaea161097db..204351bbc4014 100644 --- a/mysql-test/lib/My/SafeProcess/safe_process.cc +++ b/mysql-test/lib/My/SafeProcess/safe_process.cc @@ -237,7 +237,8 @@ int main(int argc, char* const argv[] ) sigaction(SIGCHLD, &sa,NULL); sigaction(SIGABRT, &sa_abort,NULL); - sprintf(safe_process_name, "safe_process[%ld]", (long) own_pid); + snprintf(safe_process_name, sizeof(safe_process_name), + "safe_process[%ld]", (long) own_pid); message("Started"); diff --git a/plugin/type_inet/sql_type_inet.cc b/plugin/type_inet/sql_type_inet.cc index 5907a3a9d481b..8fa8502c27546 100644 --- a/plugin/type_inet/sql_type_inet.cc +++ b/plugin/type_inet/sql_type_inet.cc @@ -500,7 +500,7 @@ size_t Inet6::to_string(char *dst, size_t dstsize) const // // If it is not the last field, append closing ':'. - p += sprintf(p, "%x", ipv6_words[i]); + p += snprintf(p, dstend - p, "%x", ipv6_words[i]); if (i + 1 != IN6_ADDR_NUM_WORDS) { diff --git a/sql/gcalc_slicescan.cc b/sql/gcalc_slicescan.cc index c1ba9e7cf60cc..2bc8bc3f41098 100644 --- a/sql/gcalc_slicescan.cc +++ b/sql/gcalc_slicescan.cc @@ -98,9 +98,9 @@ const char *gcalc_ev_name(int ev) } -static int gcalc_pi_str(char *str, const Gcalc_heap::Info *pi, const char *postfix) +static int gcalc_pi_str(char *str, size_t str_size, const Gcalc_heap::Info *pi, const char *postfix) { - return sprintf(str, "%s %d %d | %s %d %d%s", + return snprintf(str, str_size, "%s %d %d | %s %d %d%s", GCALC_SIGN(pi->node.shape.ix[0]) ? "-":"", FIRST_DIGIT(pi->node.shape.ix[0]),pi->node.shape.ix[1], GCALC_SIGN(pi->node.shape.iy[0]) ? "-":"", FIRST_DIGIT(pi->node.shape.iy[0]),pi->node.shape.iy[1], postfix); @@ -130,7 +130,7 @@ static void GCALC_DBUG_PRINT_PI(const Gcalc_heap::Info *pi) #endif return; } - n_buf= gcalc_pi_str(buf, pi, ""); + n_buf= gcalc_pi_str(buf, sizeof(buf), pi, ""); buf[n_buf]= 0; GCALC_DBUG_PRINT(("%s", buf)); } @@ -146,14 +146,14 @@ static void GCALC_DBUG_PRINT_SLICE(const char *header, for (; slice; slice= slice->get_next()) { size_t lnbuf= nbuf; - lnbuf+= sprintf(buf + lnbuf, "%d\t", slice->thread); - lnbuf+= sprintf(buf + lnbuf, "%s\t", gcalc_ev_name(slice->event)); + lnbuf+= snprintf(buf + lnbuf, sizeof(buf) - lnbuf, "%d\t", slice->thread); + lnbuf+= snprintf(buf + lnbuf, sizeof(buf) - lnbuf, "%s\t", gcalc_ev_name(slice->event)); - lnbuf+= gcalc_pi_str(buf + lnbuf, slice->pi, "\t"); + lnbuf+= gcalc_pi_str(buf + lnbuf, sizeof(buf) - (lnbuf), slice->pi, "\t"); if (slice->is_bottom()) - lnbuf+= sprintf(buf+lnbuf, "bt\t"); + lnbuf+= snprintf(buf+lnbuf, sizeof(buf) - lnbuf, "bt\t"); else - lnbuf+= gcalc_pi_str(buf+lnbuf, slice->next_pi, "\t"); + lnbuf+= gcalc_pi_str(buf+lnbuf, sizeof(buf) - lnbuf, slice->next_pi, "\t"); buf[lnbuf]= 0; GCALC_DBUG_PRINT(("%s", buf)); } diff --git a/sql/log.cc b/sql/log.cc index 138115e2b42c6..9fd79fffe19e5 100644 --- a/sql/log.cc +++ b/sql/log.cc @@ -2031,13 +2031,14 @@ binlog_commit_flush_stmt_cache(THD *thd, bool all, } -inline size_t serialize_with_xid(XID *xid, char *buf, +inline size_t serialize_with_xid(XID *xid, char *buf, size_t buf_size, const char *query, size_t q_len) { memcpy(buf, query, q_len); return - q_len + strlen(static_cast(xid)->serialize(buf + q_len)); + q_len + strlen(static_cast(xid)->serialize(buf + q_len, + buf_size - q_len)); } @@ -2069,7 +2070,7 @@ binlog_commit_flush_trx_cache(THD *thd, bool all, binlog_cache_mngr *cache_mngr, XA_PREPARED); buflen= serialize_with_xid(thd->transaction->xid_state.get_xid(), - buf, query, q_len); + buf, sizeof(buf), query, q_len); } Query_log_event end_evt(thd, buf, buflen, TRUE, TRUE, TRUE, 0); @@ -2100,7 +2101,7 @@ binlog_rollback_flush_trx_cache(THD *thd, bool all, /* for not prepared use plain ROLLBACK */ if (thd->transaction->xid_state.get_state_code() == XA_PREPARED) buflen= serialize_with_xid(thd->transaction->xid_state.get_xid(), - buf, query, q_len); + buf, sizeof(buf), query, q_len); } Query_log_event end_evt(thd, buf, buflen, TRUE, TRUE, TRUE, 0); @@ -2332,7 +2333,8 @@ static int binlog_commit_flush_xa_prepare(THD *thd, bool all, memcpy(buf, query, q_len); buflen= q_len + - strlen(static_cast(xid)->serialize(buf + q_len)); + strlen(static_cast(xid)->serialize(buf + q_len, + sizeof(buf) - q_len)); cache_data= cache_mngr->get_binlog_cache_data(true); file= &cache_data->cache_log; thd->lex->sql_command= SQLCOM_XA_END; diff --git a/sql/log_event.cc b/sql/log_event.cc index 5aabde565d9c3..aa73ba9e83b13 100644 --- a/sql/log_event.cc +++ b/sql/log_event.cc @@ -1368,7 +1368,7 @@ code_name(int code) case Q_GTID_FLAGS3: return "Q_GTID_FLAGS3"; case Q_CHARACTER_SET_COLLATIONS: return "Q_CHARACTER_SET_COLLATIONS"; } - sprintf(buf, "CODE#%d", code); + snprintf(buf, sizeof(buf), "CODE#%d", code); return buf; } #endif diff --git a/sql/log_event.h b/sql/log_event.h index 5c174a9e403b4..b80a204eb4c22 100644 --- a/sql/log_event.h +++ b/sql/log_event.h @@ -2892,6 +2892,7 @@ class Xid_log_event: public Xid_apply_log_event {MYSQL_,}XID definitions. @param buf pointer to a buffer allocated for storing serialized data + @param sizeof_buf size of the buffer pointed by buf @param fmt formatID value @param gln gtrid_length value @param bln bqual_length value @@ -2900,8 +2901,8 @@ class Xid_log_event: public Xid_apply_log_event @return the value of the buffer pointer */ -inline char *serialize_xid(char *buf, long fmt, long gln, long bln, - const char *dat) +inline char *serialize_xid(char *buf, size_t sizeof_buf, long fmt, long gln, + long bln, const char *dat) { int i; char *c= buf; @@ -2933,7 +2934,7 @@ inline char *serialize_xid(char *buf, long fmt, long gln, long bln, c+= 2; } c[0]= '\''; - sprintf(c+1, ",%lu", fmt); + snprintf(c+1, sizeof_buf - (c+1 - buf), ",%lu", fmt); return buf; } @@ -2954,7 +2955,8 @@ struct event_mysql_xid_t : MYSQL_XID char buf[ser_buf_size]; char *serialize() { - return serialize_xid(buf, formatID, gtrid_length, bqual_length, data); + return serialize_xid(buf, sizeof(buf), formatID, gtrid_length, + bqual_length, data); } }; @@ -2963,13 +2965,14 @@ struct event_xid_t : XID { char buf[ser_buf_size]; - char *serialize(char *buf_arg) + char *serialize(char *buf_arg, size_t sizeof_buf_arg) { - return serialize_xid(buf_arg, formatID, gtrid_length, bqual_length, data); + return serialize_xid(buf_arg, sizeof_buf_arg, formatID, gtrid_length, + bqual_length, data); } char *serialize() { - return serialize(buf); + return serialize(buf, sizeof(buf)); } }; #endif @@ -3017,7 +3020,7 @@ class XA_prepare_log_event: public Xid_apply_log_event int do_commit() override; const char* get_query() override { - sprintf(query, + snprintf(query, sizeof(query), (one_phase ? "XA COMMIT %s ONE PHASE" : "XA PREPARE %s"), m_xid.serialize()); return query; diff --git a/sql/log_event_client.cc b/sql/log_event_client.cc index 57f41d5897152..03f6c6010fc7d 100644 --- a/sql/log_event_client.cc +++ b/sql/log_event_client.cc @@ -633,7 +633,7 @@ log_event_print_value(IO_CACHE *file, PRINT_EVENT_INFO *print_event_info, goto return_null; char tmp[320]; - sprintf(tmp, "%-20g", (double) get_float(ptr)); + snprintf(tmp, sizeof(tmp), "%-20g", (double) get_float(ptr)); my_b_printf(file, "%s", tmp); /* my_snprintf doesn't support %-20g */ return 4; } @@ -647,7 +647,7 @@ log_event_print_value(IO_CACHE *file, PRINT_EVENT_INFO *print_event_info, float8get(dbl, ptr); char tmp[320]; - sprintf(tmp, "%-.20g", dbl); /* strmake doesn't support %-20g */ + snprintf(tmp, sizeof(tmp), "%-.20g", dbl); /* strmake doesn't support %-20g */ my_b_printf(file, tmp, "%s"); return 8; } @@ -2506,7 +2506,7 @@ bool User_var_log_event::print(FILE* file, PRINT_EVENT_INFO* print_event_info) double real_val; char real_buf[FMT_G_BUFSIZE(14)]; float8get(real_val, val); - sprintf(real_buf, "%.14g", real_val); + snprintf(real_buf, sizeof(real_buf), "%.14g", real_val); if (my_b_printf(&cache, ":=%s%s\n", real_buf, print_event_info->delimiter)) goto err; @@ -2836,12 +2836,13 @@ bool copy_cache_to_string_wrapped(IO_CACHE *cache, sizeof(fmt_delim) + sizeof(fmt_n_delim) + sizeof(fmt_binlog2) + 3*PRINT_EVENT_INFO::max_delimiter_size; + size_t str_size; if (reinit_io_cache(cache, READ_CACHE, 0L, FALSE, FALSE)) goto err; - if (!(to->str= (char*) my_malloc(PSI_NOT_INSTRUMENTED, (size_t)cache->end_of_file + fmt_size, - MYF(0)))) + str_size= (size_t)cache->end_of_file + fmt_size; + if (!(to->str= (char*) my_malloc(PSI_NOT_INSTRUMENTED, str_size, MYF(0)))) { perror("Out of memory: can't allocate memory in " "copy_cache_to_string_wrapped()."); @@ -2871,36 +2872,36 @@ bool copy_cache_to_string_wrapped(IO_CACHE *cache, char *str= to->str; size_t add_to_len; - str += (to->length= sprintf(str, fmt_frag, 0)); + str += (to->length= snprintf(str, str_size - (str - to->str), fmt_frag, 0)); if (my_b_read(cache, (uchar*) str, (uint32) (cache_size/2 + 1))) goto err; str += (add_to_len = (uint32) (cache_size/2 + 1)); to->length += add_to_len; - str += (add_to_len= sprintf(str, fmt_n_delim, delimiter)); + str += (add_to_len= snprintf(str, str_size - (str - to->str), fmt_n_delim, delimiter)); to->length += add_to_len; - str += (add_to_len= sprintf(str, fmt_frag, 1)); + str += (add_to_len= snprintf(str, str_size - (str - to->str), fmt_frag, 1)); to->length += add_to_len; if (my_b_read(cache, (uchar*) str, uint32(cache->end_of_file - (cache_size/2 + 1)))) goto err; str += (add_to_len= uint32(cache->end_of_file - (cache_size/2 + 1))); to->length += add_to_len; { - str += (add_to_len= sprintf(str , fmt_delim, delimiter)); + str += (add_to_len= snprintf(str, str_size - (str - to->str), fmt_delim, delimiter)); to->length += add_to_len; } - to->length += sprintf(str, fmt_binlog2, delimiter); + to->length += snprintf(str, str_size - (str - to->str), fmt_binlog2, delimiter); } else { char *str= to->str; - str += (to->length= sprintf(str, str_binlog)); + str += (to->length= snprintf(str, str_size - (str - to->str), str_binlog)); if (my_b_read(cache, (uchar*) str, (size_t)cache->end_of_file)) goto err; str += cache->end_of_file; to->length += (size_t)cache->end_of_file; - to->length += sprintf(str , fmt_delim, delimiter); + to->length += snprintf(str, str_size - (str - to->str), fmt_delim, delimiter); } reinit_io_cache(cache, WRITE_CACHE, 0, FALSE, TRUE); diff --git a/sql/password.c b/sql/password.c index 6ad5cd1620275..c1129faf68aea 100644 --- a/sql/password.c +++ b/sql/password.c @@ -122,7 +122,13 @@ void my_make_scrambled_password_323(char *to, const char *password, { ulong hash_res[2]; hash_password(hash_res, password, (uint) pass_len); - sprintf(to, "%08lx%08lx", hash_res[0], hash_res[1]); + /* + we assume that to has at least 17 bytes allocated: + 2 ulongs in hex + NUL + TODO: add a new API with to_size parameter to avoid buffer + overflows. + */ + snprintf(to, 17, "%08lx%08lx", hash_res[0], hash_res[1]); } @@ -270,7 +276,13 @@ void get_salt_from_password_323(ulong *res, const char *password) void make_password_from_salt_323(char *to, const ulong *salt) { - sprintf(to,"%08lx%08lx", salt[0], salt[1]); + /* + Here we assume that to has at least 17 bytes allocated: + 2 ulongs in hex + NUL. + TODO: make a new API with to_size parameter to avoid buffer + overflows. + */ + snprintf(to,17,"%08lx%08lx", salt[0], salt[1]); } diff --git a/storage/federated/ha_federated.cc b/storage/federated/ha_federated.cc index ef4c0a011b6e1..6d3faa6cd7cce 100644 --- a/storage/federated/ha_federated.cc +++ b/storage/federated/ha_federated.cc @@ -2452,7 +2452,8 @@ int ha_federated::index_read_idx_with_result_set(uchar *buf, uint index, if (real_query(sql_query.ptr(), sql_query.length())) { - sprintf(error_buffer, "error: %d '%s'", + snprintf(error_buffer, sizeof(error_buffer), + "error: %d '%s'", mysql_errno(mysql), mysql_error(mysql)); retval= ER_QUERY_ON_FOREIGN_DATA_SOURCE; goto error; diff --git a/storage/innobase/buf/buf0dump.cc b/storage/innobase/buf/buf0dump.cc index 1003e9a5235bc..ace236f3abe4f 100644 --- a/storage/innobase/buf/buf0dump.cc +++ b/storage/innobase/buf/buf0dump.cc @@ -404,7 +404,7 @@ buf_dump( /* success */ - ut_sprintf_timestamp(now); + ut_sprintf_timestamp(now, sizeof(now)); buf_dump_status(STATUS_INFO, "Buffer pool(s) dump completed at %s", now); @@ -487,7 +487,7 @@ buf_load() dump_n * sizeof(*dump))); } else { fclose(f); - ut_sprintf_timestamp(now); + ut_sprintf_timestamp(now, sizeof(now)); buf_load_status(STATUS_INFO, "Buffer pool(s) load completed at %s" " (%s was empty)", now, full_filename); @@ -553,7 +553,7 @@ buf_load() if (dump_n == 0) { ut_free(dump); - ut_sprintf_timestamp(now); + ut_sprintf_timestamp(now, sizeof(now)); buf_load_status(STATUS_INFO, "Buffer pool(s) load completed at %s" " (%s was empty or had errors)", now, full_filename); @@ -661,7 +661,7 @@ buf_load() os_aio_wait_until_no_pending_reads(true); - ut_sprintf_timestamp(now); + ut_sprintf_timestamp(now, sizeof(now)); if (i == dump_n) { buf_load_status(STATUS_INFO, diff --git a/storage/innobase/include/fts0priv.inl b/storage/innobase/include/fts0priv.inl index 3d937bb3cd971..941555fb8ffa3 100644 --- a/storage/innobase/include/fts0priv.inl +++ b/storage/innobase/include/fts0priv.inl @@ -34,7 +34,8 @@ fts_write_object_id( ib_id_t id, /* in: a table/index id */ char* str) /* in: buffer to write the id to */ { - return(sprintf(str, "%016llx", (ulonglong) id)); + return(snprintf(str, FTS_AUX_MIN_TABLE_ID_LENGTH, + "%016llx", (ulonglong) id)); } /******************************************************************//** diff --git a/storage/innobase/include/ut0ut.h b/storage/innobase/include/ut0ut.h index e3930fb3caf1d..9bf079bee41cf 100644 --- a/storage/innobase/include/ut0ut.h +++ b/storage/innobase/include/ut0ut.h @@ -124,7 +124,8 @@ Sprintfs a timestamp to a buffer, 13..14 chars plus terminating NUL. */ void ut_sprintf_timestamp( /*=================*/ - char* buf); /*!< in: buffer where to sprintf */ + char* buf, /*!< in: buffer where to sprintf */ + size_t size); /*!< in: size of buf, in bytes */ /*************************************************************//** Prints the contents of a memory buffer in hex and ascii. */ diff --git a/storage/innobase/mem/mem0mem.cc b/storage/innobase/mem/mem0mem.cc index 01e119b9f2781..62c0d121b3d68 100644 --- a/storage/innobase/mem/mem0mem.cc +++ b/storage/innobase/mem/mem0mem.cc @@ -125,7 +125,8 @@ mem_heap_printf_low( val = va_arg(ap, unsigned long); - plen = size_t(sprintf(tmp, "%lu", val)); + plen = size_t(snprintf(tmp, sizeof(tmp), + "%lu", val)); len += plen; if (buf) { diff --git a/storage/innobase/srv/srv0start.cc b/storage/innobase/srv/srv0start.cc index 24b41f7602fdf..73764a26d8666 100644 --- a/storage/innobase/srv/srv0start.cc +++ b/storage/innobase/srv/srv0start.cc @@ -1375,17 +1375,17 @@ dberr_t srv_start(bool create_new_db) if (!srv_read_only_mode) { if (srv_innodb_status) { - + const size_t len = strlen(fil_path_to_mysql_datadir) + + 20 + sizeof "/innodb_status."; srv_monitor_file_name = static_cast( - ut_malloc_nokey( - strlen(fil_path_to_mysql_datadir) - + 20 + sizeof "/innodb_status.")); - - sprintf(srv_monitor_file_name, - "%s/innodb_status." ULINTPF, - fil_path_to_mysql_datadir, - static_cast - (IF_WIN(GetCurrentProcessId(), getpid()))); + ut_malloc_nokey(len)); + + snprintf(srv_monitor_file_name, + len, + "%s/innodb_status." ULINTPF, + fil_path_to_mysql_datadir, + static_cast + (IF_WIN(GetCurrentProcessId(), getpid()))); srv_monitor_file = my_fopen(srv_monitor_file_name, O_RDWR|O_TRUNC|O_CREAT, diff --git a/storage/innobase/ut/ut0ut.cc b/storage/innobase/ut/ut0ut.cc index 679342c90db27..b5799689d979e 100644 --- a/storage/innobase/ut/ut0ut.cc +++ b/storage/innobase/ut/ut0ut.cc @@ -103,13 +103,14 @@ Sprintfs a timestamp to a buffer, 13..14 chars plus terminating NUL. */ void ut_sprintf_timestamp( /*=================*/ - char* buf) /*!< in: buffer where to sprintf */ + char* buf, /*!< in: buffer where to sprintf */ + size_t size) /*!< in: size of buf, in bytes */ { #ifdef _WIN32 SYSTEMTIME cal_tm; GetLocalTime(&cal_tm); - sprintf(buf, "%02u%02u%02u %2u:%02u:%02u", + snprintf(buf, size, "%02u%02u%02u %2u:%02u:%02u", cal_tm.wYear % 100, cal_tm.wMonth, cal_tm.wDay, @@ -121,7 +122,7 @@ ut_sprintf_timestamp( struct tm cal_tm; time(&tm); localtime_r(&tm, &cal_tm); - sprintf(buf, "%02d%02d%02d %2d:%02d:%02d", + snprintf(buf, size, "%02d%02d%02d %2d:%02d:%02d", cal_tm.tm_year % 100, cal_tm.tm_mon + 1, cal_tm.tm_mday,