MDEV-38499: cmake and compile errors on MacOSX when compiling mariadb from a git tree

client/mysqladmin.cc

@@ -684,7 +684,7 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
       }
       if (maybe_disable_binlog(mysql))
         return -1;
-      sprintf(buff,"create database `%.*s`",FN_REFLEN,argv[1]);
+      snprintf(buff, sizeof(buff), "create database `%.*s`",FN_REFLEN,argv[1]);
       if (mysql_query(mysql,buff))
       {
 	my_printf_error(0,"CREATE DATABASE failed; error: '%-.200s'",
@@ -725,7 +725,7 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
 
       if (opt_shutdown_wait_for_slaves)
       {
-        sprintf(buff, "SHUTDOWN WAIT FOR ALL SLAVES");
+        snprintf(buff, sizeof(buff), "SHUTDOWN WAIT FOR ALL SLAVES");
         if (mysql_query(mysql, buff))
         {
           my_printf_error(0, "%s failed; error: '%-.200s'",
@@ -1128,7 +1128,7 @@ static int execute_commands(MYSQL *mysql,int argc, char **argv)
       }
       else
 	crypted_pw[0]=0;			/* No password */
-      sprintf(buff,"set password='%s',sql_log_off=0",crypted_pw);
+      snprintf(buff, sizeof(buff), "set password='%s',sql_log_off=0",crypted_pw);
 
       if (mysql_query(mysql,"set sql_log_off=1"))
       {
@@ -1373,7 +1373,7 @@ static int drop_db(MYSQL *mysql, const char *db)
       return -1;
     }
   }
-  sprintf(name_buff,"drop database `%.*s`",FN_REFLEN,db);
+  snprintf(name_buff,sizeof(name_buff), "drop database `%.*s`",FN_REFLEN,db);
   if (mysql_query(mysql,name_buff))
   {
     my_printf_error(0, "DROP DATABASE %s failed;\nerror: '%s'", error_flags,

client/mysqlbinlog.cc

@@ -308,17 +308,18 @@ class Load_log_processor
     filename.  The numerical suffix will be written to this position.
     Note that there must be a least five bytes of allocated memory
     after file_name_end.
+    @param[in] file_name_end_size Size of the memory area pointed to file_name_end.
 
     @retval -1 Error (can't find new filename).
     @retval >=0 Found file.
   */
-  File create_unique_file(char *filename, char *file_name_end)
+  File create_unique_file(char *filename, char *file_name_end, size_t file_name_end_size)
     {
       File res;
       /* If we have to try more than 1000 times, something is seriously wrong */
       for (uint version= 0; version<1000; version++)
       {
-	sprintf(file_name_end,"-%x",version);
+	snprintf(file_name_end, file_name_end_size,"-%x",version);
 	if ((res= my_create(filename,0,
 			    O_CREAT|O_EXCL|O_BINARY|O_WRONLY,MYF(0)))!=-1)
 	  return res;
@@ -440,9 +441,9 @@ Exit_status Load_log_processor::process_first_event(const char *bname,
   ptr= fname + target_dir_name_len;
   memcpy(ptr,bname,blen);
   ptr+= blen;
-  ptr+= sprintf(ptr, "-%x", file_id);
+  ptr+= snprintf(ptr, full_len - (ptr - fname), "-%x", file_id);
 
-  if ((file= create_unique_file(fname,ptr)) < 0)
+  if ((file= create_unique_file(fname,ptr,full_len - (ptr - fname))) < 0)
   {
     error("Could not construct local filename %s%s.",
           target_dir_name,bname);
@@ -2546,7 +2547,7 @@ static Exit_status check_master_version()
       char buf[256];
       rpl_gtid *start_gtid= &start_gtids[gtid_idx];
 
-      sprintf(buf, "%u-%u-%llu",
+      snprintf(buf, sizeof(buf), "%u-%u-%llu",
               start_gtid->domain_id, start_gtid->server_id,
               start_gtid->seq_no);
       query_str.append(buf, strlen(buf));

client/mysqldump.cc

@@ -6352,7 +6352,7 @@ const char fmt_gtid_pos[]= "%sSET GLOBAL gtid_slave_pos='%s';\n";
 
 static int do_show_master_status(MYSQL *mysql_con, int consistent_binlog_pos,
                                  int have_mariadb_gtid, int use_gtid,
-                                 char *set_gtid_pos)
+                                 char *set_gtid_pos, size_t set_gtid_pos_size)
 {
   MYSQL_ROW row;
   MYSQL_RES *UNINIT_VAR(master);
@@ -6427,7 +6427,7 @@ static int do_show_master_status(MYSQL *mysql_con, int consistent_binlog_pos,
                     "CHANGE-MASTER settings to the slave gtid state is printed "
                     "later in the file.\n");
     }
-    sprintf(set_gtid_pos, fmt_gtid_pos,
+    snprintf(set_gtid_pos, set_gtid_pos_size, fmt_gtid_pos,
             (!use_gtid ? "-- " : comment_prefix), gtid_pos);
   }
 
@@ -6479,7 +6479,7 @@ static int do_stop_slave_sql(MYSQL *mysql_con)
       {
         char query[160];
         if (multi_source)
-          sprintf(query, "STOP SLAVE '%.80s' SQL_THREAD", row[0]);
+          snprintf(query, sizeof(query), "STOP SLAVE '%.80s' SQL_THREAD", row[0]);
         else
           strmov(query, "STOP SLAVE SQL_THREAD");
 
@@ -6518,7 +6518,8 @@ static int add_slave_statements(void)
 }
 
 static int do_show_slave_status(MYSQL *mysql_con, int have_mariadb_gtid,
-                                int use_gtid, char* set_gtid_pos)
+                                int use_gtid, char* set_gtid_pos,
+                                size_t set_gtid_pos_size)
 {
   MYSQL_RES *UNINIT_VAR(slave);
   MYSQL_ROW row;
@@ -6563,7 +6564,8 @@ static int do_show_slave_status(MYSQL *mysql_con, int have_mariadb_gtid,
                   "\n-- A corresponding to the below dump-slave "
                   "CHANGE-MASTER settings to the slave gtid state is printed "
                   "later in the file.\n");
-    sprintf(set_gtid_pos, fmt_gtid_pos, gtid_comment_prefix, gtid_pos);
+    snprintf(set_gtid_pos, set_gtid_pos_size,
+             fmt_gtid_pos, gtid_comment_prefix, gtid_pos);
   }
   if (use_gtid)
     print_comment(md_result_file, 0,
@@ -6639,7 +6641,8 @@ static int do_start_slave_sql(MYSQL *mysql_con)
       {
         char query[160];
         if (multi_source)
-          sprintf(query, "START SLAVE '%.80s' SQL_THREAD", row[0]);
+          snprintf(query, sizeof(query),
+                   "START SLAVE '%.80s' SQL_THREAD", row[0]);
         else
           strmov(query, "START SLAVE SQL_THREAD");
 
@@ -7738,11 +7741,13 @@ int main(int argc, char **argv)
 
   if (opt_master_data && do_show_master_status(mysql, consistent_binlog_pos,
                                                have_mariadb_gtid,
-                                               opt_use_gtid, master_set_gtid_pos))
+                                               opt_use_gtid, master_set_gtid_pos,
+                                               sizeof(master_set_gtid_pos)))
     goto err;
   if (opt_slave_data && do_show_slave_status(mysql,
                                              have_mariadb_gtid,
-                                             opt_use_gtid, slave_set_gtid_pos))
+                                             opt_use_gtid, slave_set_gtid_pos,
+                                             sizeof(slave_set_gtid_pos)))
     goto err;
   if (opt_single_transaction && do_unlock_tables(mysql)) /* unlock but no commit! */
     goto err;

client/mysqlimport.cc

@@ -727,7 +727,8 @@ int table_load_params::load_data(MYSQL *mysql)
   }
   mysql_real_escape_string(mysql, escaped_name, hard_path,
                            (unsigned long) strlen(hard_path));
-  sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'",
+  snprintf(sql_statement, sizeof(sql_statement),
+          "LOAD DATA %s %s INFILE '%s'",
           opt_low_priority ? "LOW_PRIORITY" : "",
           opt_local_file ? "LOCAL" : "", escaped_name);
 

extra/mariabackup/backup_copy.cc

@@ -1753,7 +1753,7 @@ copy_back()
 
 	for (uint i = 1; i <= TRX_SYS_MAX_UNDO_SPACES; i++) {
 		char filename[20];
-		sprintf(filename, "undo%03u", i);
+		snprintf(filename, sizeof(filename), "undo%03u", i);
 		if (!file_exists(filename)) {
 			break;
 		}

extra/mariabackup/backup_mysql.cc

@@ -148,7 +148,7 @@ xb_mysql_connect()
 	char mysql_port_str[std::numeric_limits<int>::digits10 + 3];
 	const char *user= opt_user ? opt_user : get_os_user();
 
-	sprintf(mysql_port_str, "%d", opt_port);
+	snprintf(mysql_port_str, sizeof(mysql_port_str), "%d", opt_port);
 
 	if (connection == NULL) {
 		msg("Failed to init MariaDB struct: %s.",

mysql-test/lib/My/SafeProcess/safe_process.cc

@@ -237,7 +237,8 @@ int main(int argc, char* const argv[] )
   sigaction(SIGCHLD, &sa,NULL);
   sigaction(SIGABRT, &sa_abort,NULL);
 
-  sprintf(safe_process_name, "safe_process[%ld]", (long) own_pid);
+  snprintf(safe_process_name, sizeof(safe_process_name),
+           "safe_process[%ld]", (long) own_pid);
 
   message("Started");
 

plugin/type_inet/sql_type_inet.cc

@@ -500,7 +500,7 @@ size_t Inet6::to_string(char *dst, size_t dstsize) const
       //
       // If it is not the last field, append closing ':'.
 
-      p += sprintf(p, "%x", ipv6_words[i]);
+      p += snprintf(p, dstend - p, "%x", ipv6_words[i]);
 
       if (i + 1 != IN6_ADDR_NUM_WORDS)
       {

sql/gcalc_slicescan.cc

@@ -98,9 +98,9 @@ const char *gcalc_ev_name(int ev)
 }
 
 
-static int gcalc_pi_str(char *str, const Gcalc_heap::Info *pi, const char *postfix)
+static int gcalc_pi_str(char *str, size_t str_size, const Gcalc_heap::Info *pi, const char *postfix)
 {
-  return sprintf(str, "%s %d %d | %s %d %d%s",
+  return snprintf(str, str_size, "%s %d %d | %s %d %d%s",
                      GCALC_SIGN(pi->node.shape.ix[0]) ? "-":"", FIRST_DIGIT(pi->node.shape.ix[0]),pi->node.shape.ix[1],
                      GCALC_SIGN(pi->node.shape.iy[0]) ? "-":"", FIRST_DIGIT(pi->node.shape.iy[0]),pi->node.shape.iy[1],
                      postfix);
@@ -130,7 +130,7 @@ static void GCALC_DBUG_PRINT_PI(const Gcalc_heap::Info *pi)
 #endif
     return;
   }
-  n_buf= gcalc_pi_str(buf, pi, "");
+  n_buf= gcalc_pi_str(buf, sizeof(buf), pi, "");
   buf[n_buf]= 0;
   GCALC_DBUG_PRINT(("%s", buf));
 }
@@ -146,14 +146,14 @@ static void GCALC_DBUG_PRINT_SLICE(const char *header,
   for (; slice; slice= slice->get_next())
   {
     size_t lnbuf= nbuf;
-    lnbuf+= sprintf(buf + lnbuf, "%d\t", slice->thread);
-    lnbuf+= sprintf(buf + lnbuf, "%s\t", gcalc_ev_name(slice->event));
+    lnbuf+= snprintf(buf + lnbuf, sizeof(buf) - lnbuf, "%d\t", slice->thread);
+    lnbuf+= snprintf(buf + lnbuf, sizeof(buf) - lnbuf, "%s\t", gcalc_ev_name(slice->event));
 
-    lnbuf+= gcalc_pi_str(buf + lnbuf, slice->pi, "\t");
+    lnbuf+= gcalc_pi_str(buf + lnbuf, sizeof(buf) - (lnbuf), slice->pi, "\t");
     if (slice->is_bottom())
-      lnbuf+= sprintf(buf+lnbuf, "bt\t");
+      lnbuf+= snprintf(buf+lnbuf, sizeof(buf) - lnbuf, "bt\t");
     else
-      lnbuf+= gcalc_pi_str(buf+lnbuf, slice->next_pi, "\t");
+      lnbuf+= gcalc_pi_str(buf+lnbuf, sizeof(buf) - lnbuf, slice->next_pi, "\t");
     buf[lnbuf]= 0;
     GCALC_DBUG_PRINT(("%s", buf));
   }

sql/log.cc

@@ -2031,13 +2031,14 @@ binlog_commit_flush_stmt_cache(THD *thd, bool all,
 }
 
 
-inline size_t serialize_with_xid(XID *xid, char *buf,
+inline size_t serialize_with_xid(XID *xid, char *buf, size_t buf_size,
                                  const char *query, size_t q_len)
 {
   memcpy(buf, query, q_len);
 
   return
-    q_len + strlen(static_cast<event_xid_t*>(xid)->serialize(buf + q_len));
+    q_len + strlen(static_cast<event_xid_t*>(xid)->serialize(buf + q_len,
+                                                             buf_size - q_len));
 }
 
 
@@ -2069,7 +2070,7 @@ binlog_commit_flush_trx_cache(THD *thd, bool all, binlog_cache_mngr *cache_mngr,
                 XA_PREPARED);
 
     buflen= serialize_with_xid(thd->transaction->xid_state.get_xid(),
-                               buf, query, q_len);
+                               buf, sizeof(buf), query, q_len);
   }
   Query_log_event end_evt(thd, buf, buflen, TRUE, TRUE, TRUE, 0);
 
@@ -2100,7 +2101,7 @@ binlog_rollback_flush_trx_cache(THD *thd, bool all,
     /* for not prepared use plain ROLLBACK */
     if (thd->transaction->xid_state.get_state_code() == XA_PREPARED)
       buflen= serialize_with_xid(thd->transaction->xid_state.get_xid(),
-                                 buf, query, q_len);
+                                 buf, sizeof(buf), query, q_len);
   }
   Query_log_event end_evt(thd, buf, buflen, TRUE, TRUE, TRUE, 0);
 
@@ -2332,7 +2333,8 @@ static int binlog_commit_flush_xa_prepare(THD *thd, bool all,
 
     memcpy(buf, query, q_len);
     buflen= q_len +
-      strlen(static_cast<event_xid_t*>(xid)->serialize(buf + q_len));
+      strlen(static_cast<event_xid_t*>(xid)->serialize(buf + q_len,
+                                                       sizeof(buf) - q_len));
     cache_data= cache_mngr->get_binlog_cache_data(true);
     file= &cache_data->cache_log;
     thd->lex->sql_command= SQLCOM_XA_END;

sql/log_event.cc

@@ -1368,7 +1368,7 @@ code_name(int code)
   case Q_GTID_FLAGS3: return "Q_GTID_FLAGS3";
   case Q_CHARACTER_SET_COLLATIONS: return "Q_CHARACTER_SET_COLLATIONS";
   }
-  sprintf(buf, "CODE#%d", code);
+  snprintf(buf, sizeof(buf), "CODE#%d", code);
   return buf;
 }
 #endif

sql/log_event.h

@@ -2892,6 +2892,7 @@ class Xid_log_event: public Xid_apply_log_event
   {MYSQL_,}XID definitions.
 
   @param buf  pointer to a buffer allocated for storing serialized data
+  @param sizeof_buf  size of the buffer pointed by buf
   @param fmt  formatID value
   @param gln  gtrid_length value
   @param bln  bqual_length value
@@ -2900,8 +2901,8 @@ class Xid_log_event: public Xid_apply_log_event
   @return  the value of the buffer pointer
 */
 
-inline char *serialize_xid(char *buf, long fmt, long gln, long bln,
-                           const char *dat)
+inline char *serialize_xid(char *buf, size_t sizeof_buf, long fmt, long gln,
+                           long bln, const char *dat)
 {
   int i;
   char *c= buf;
@@ -2933,7 +2934,7 @@ inline char *serialize_xid(char *buf, long fmt, long gln, long bln,
     c+= 2;
   }
   c[0]= '\'';
-  sprintf(c+1, ",%lu", fmt);
+  snprintf(c+1, sizeof_buf - (c+1 - buf), ",%lu", fmt);
 
  return buf;
 }
@@ -2954,7 +2955,8 @@ struct event_mysql_xid_t :  MYSQL_XID
   char buf[ser_buf_size];
   char *serialize()
   {
-    return serialize_xid(buf, formatID, gtrid_length, bqual_length, data);
+    return serialize_xid(buf, sizeof(buf), formatID, gtrid_length,
+                         bqual_length, data);
   }
 };
 
@@ -2963,13 +2965,14 @@ struct event_xid_t : XID
 {
   char buf[ser_buf_size];
 
-  char *serialize(char *buf_arg)
+  char *serialize(char *buf_arg, size_t sizeof_buf_arg)
   {
-    return serialize_xid(buf_arg, formatID, gtrid_length, bqual_length, data);
+    return serialize_xid(buf_arg, sizeof_buf_arg, formatID, gtrid_length,
+                         bqual_length, data);
   }
   char *serialize()
   {
-    return serialize(buf);
+    return serialize(buf, sizeof(buf));
   }
 };
 #endif
@@ -3017,7 +3020,7 @@ class XA_prepare_log_event: public Xid_apply_log_event
   int do_commit() override;
   const char* get_query() override
   {
-    sprintf(query,
+    snprintf(query, sizeof(query),
             (one_phase ? "XA COMMIT %s ONE PHASE" : "XA PREPARE %s"),
             m_xid.serialize());
     return query;