Skip to content

Replace sprintf with snprintf #13468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 8 commits into
base: main
Choose a base branch
from
+82 −79
Open

Replace sprintf with snprintf #13468

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
01f60b8
Replace sprintf with snprintf
devreal Oct 25, 2025
fa2d6e0
acoll: remove unused module variables
devreal Oct 25, 2025
bfee6d7
comm_cid: initialize remote_cid64
devreal Oct 25, 2025
296713c
comm_cid: fix printf warnings
devreal Oct 25, 2025
2fbeaa7
reduce-local: add parans around min/max macro
devreal Oct 25, 2025
67ccb23
Make _ucount int instead of size_t in mpi_image_info
devreal Oct 25, 2025
f298795
Use PRIu64 for uint64_t
devreal Oct 25, 2025
c9ba524
Name buffer size in ompi_report_comm_methods
devreal Oct 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions ompi/communicator/comm_cid.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -417,7 +417,7 @@ static int ompi_comm_ext_cid_new_block (ompi_communicator_t *newcomm, ompi_commu
char msg_string[1024];
switch (rc) {
case PMIX_ERR_UNREACH:
sprintf(msg_string,"PMIx server unreachable");
snprintf(msg_string, sizeof(msg_string), "PMIx server unreachable");
opal_show_help("help-comm.txt",
"MPI function not supported",
true,
Expand All @@ -427,7 +427,7 @@ static int ompi_comm_ext_cid_new_block (ompi_communicator_t *newcomm, ompi_commu
rc = MPI_ERR_UNSUPPORTED_OPERATION;
break;
case PMIX_ERR_NOT_SUPPORTED:
sprintf(msg_string,"PMIx server does not support PMIx Group operations");
snprintf(msg_string, sizeof(msg_string), "PMIx server does not support PMIx Group operations");
opal_show_help("help-comm.txt",
"MPI function not supported",
true,
Expand Down Expand Up @@ -577,7 +577,7 @@ int ompi_comm_nextcid_nb (ompi_communicator_t *newcomm, ompi_communicator_t *com
functions but the pml does not support these functions so return not supported */
if (NULL == comm) {
char msg_string[1024];
sprintf(msg_string,"The PML being used - %s - does not support MPI sessions related features",
snprintf(msg_string, sizeof(msg_string), "The PML being used - %s - does not support MPI sessions related features",
mca_pml_base_selected_component.pmlm_version.mca_component_name);
opal_show_help("help-comm.txt",
"MPI function not supported",
Expand Down
4 changes: 2 additions & 2 deletions ompi/instance/instance.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1292,7 +1292,7 @@ static int ompi_instance_group_pmix_pset (ompi_instance_t *instance, const char
ret = MPI_ERR_ARG; /* pset_name not valid */
break;
case PMIX_ERR_UNREACH:
sprintf(msg_string,"PMIx server unreachable");
snprintf(msg_string, sizeof(msg_string), "PMIx server unreachable");
opal_show_help("help-comm.txt",
"MPI function not supported",
true,
Expand All @@ -1301,7 +1301,7 @@ static int ompi_instance_group_pmix_pset (ompi_instance_t *instance, const char
ret = MPI_ERR_UNSUPPORTED_OPERATION;
break;
case PMIX_ERR_NOT_SUPPORTED:
sprintf(msg_string,"PMIx server does not support PMIX_QUERY_PSET_MEMBERSHIP operation");
snprintf(msg_string, sizeof(msg_string), "PMIx server does not support PMIX_QUERY_PSET_MEMBERSHIP operation");
opal_show_help("help-comm.txt",
"MPI function not supported",
true,
Expand Down
4 changes: 2 additions & 2 deletions ompi/mca/coll/ftagree/coll_ftagree_earlyreturning.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -497,7 +497,7 @@ static void era_debug_print_group(int lvl, ompi_group_t *group, ompi_communicato
}
s = 128 + n * 16;
str = (char*)malloc(s);
sprintf(str, "Group of size %d. Ranks in %d.%d: (", n, comm->c_index, comm->c_epoch);
snprintf(str, s, "Group of size %d. Ranks in %d.%d: (", n, comm->c_index, comm->c_epoch);
p = strlen(str);
for(i = 0; i < n; i++) {
snprintf(str + p, s - p, "%d%s", gra[i], i==n-1 ? "" : ", ");
Expand Down Expand Up @@ -2283,7 +2283,7 @@ static void send_msg(ompi_communicator_t *comm,
b++;
} while(w < 256);
if( strlen(strbytes) >= 252 ) {
sprintf(strbytes + 252, "...");
snprintf(strbytes + 252, 256 - 252, "...");
}

OPAL_OUTPUT_VERBOSE((30, ompi_ftmpi_output_handle,
Expand Down
6 changes: 3 additions & 3 deletions ompi/mca/coll/ucc/coll_ucc_module.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -312,22 +312,22 @@ static int mca_coll_ucc_init_ctx(ompi_communicator_t* comm)
goto cleanup_lib;
}

sprintf(str_buf, "%u", ompi_proc_world_size());
snprintf(str_buf, sizeof(str_buf), "%u", ompi_proc_world_size());
if (UCC_OK != ucc_context_config_modify(ctx_config, NULL, "ESTIMATED_NUM_EPS",
str_buf)) {
UCC_ERROR("UCC context config modify failed for estimated_num_eps");
goto cleanup_lib;
}

sprintf(str_buf, "%u", opal_process_info.num_local_peers + 1);
snprintf(str_buf, sizeof(str_buf), "%u", opal_process_info.num_local_peers + 1);
if (UCC_OK != ucc_context_config_modify(ctx_config, NULL, "ESTIMATED_NUM_PPN",
str_buf)) {
UCC_ERROR("UCC context config modify failed for estimated_num_eps");
goto cleanup_lib;
}

if (ucc_api_major > 1 || (ucc_api_major == 1 && ucc_api_minor >= 6)) {
sprintf(str_buf, "%u", opal_process_info.my_local_rank);
snprintf(str_buf, sizeof(str_buf), "%u", opal_process_info.my_local_rank);
if (UCC_OK != ucc_context_config_modify(ctx_config, NULL, "NODE_LOCAL_ID",
str_buf)) {
UCC_ERROR("UCC context config modify failed for node_local_id");
Expand Down
5 changes: 3 additions & 2 deletions ompi/mca/common/monitoring/common_monitoring_coll.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,15 +70,16 @@ static inline void mca_common_monitoring_coll_cache(mca_monitoring_coll_data_t*d
assert( 0 < size );
/* Allocate enough space for list (add 1 to keep the final '\0' if already exact size) */
max_length = snprintf(NULL, 0, "%d,", world_size - 1) + 1;
tmp_procs = malloc((1 + max_length * size) * sizeof(char));
int bufsize = (1 + max_length * size) * sizeof(char);
tmp_procs = malloc(bufsize);
if( NULL == tmp_procs ) {
OPAL_MONITORING_PRINT_ERR("Cannot allocate memory for caching proc list.");
} else {
tmp_procs[0] = '\0';
/* Build procs list */
for(i = 0; i < size; ++i) {
if( OPAL_SUCCESS == mca_common_monitoring_get_world_rank(i, data->p_comm->c_remote_group, &world_rank) )
pos += sprintf(&tmp_procs[pos], "%d,", world_rank);
pos += snprintf(&tmp_procs[pos], bufsize - pos, "%d,", world_rank);
}
tmp_procs[pos - 1] = '\0'; /* Remove final coma */
data->procs = realloc(tmp_procs, pos * sizeof(char)); /* Adjust to size required */
Expand Down
36 changes: 19 additions & 17 deletions ompi/mca/hook/comm_method/hook_comm_method_fns.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -325,9 +325,9 @@ abbreviate_list_into_string(char *str, int max, int *list, int nlist)
strcpy(&str[strlen(str)], ", ");
}
if (lo != hi) {
sprintf(&str[strlen(str)], "%d - %d", lo, hi);
snprintf(&str[strlen(str)], max - strlen(str), "%d - %d", lo, hi);
} else {
sprintf(&str[strlen(str)], "%d", lo);
snprintf(&str[strlen(str)], max - strlen(str), "%d", lo);
}
}
/*
Expand All @@ -352,9 +352,9 @@ abbreviate_list_into_string(char *str, int max, int *list, int nlist)
strcpy(&str[strlen(str)], ", ");
}
if (lo != hi) {
sprintf(&str[strlen(str)], "%d - %d", lo, hi);
snprintf(&str[strlen(str)], max - strlen(str), "%d - %d", lo, hi);
} else {
sprintf(&str[strlen(str)], "%d", lo);
snprintf(&str[strlen(str)], max - strlen(str), "%d", lo);
}
}
}
Expand Down Expand Up @@ -460,7 +460,7 @@ ompi_report_comm_methods(int called_from_location)

len = strlen(opal_process_info.nodename) + 100;
hoststring = malloc(len + 1);
sprintf(hoststring, "Host %d [%s] ranks ",
snprintf(hoststring, len + 1, "Host %d [%s] ranks ",
myleaderrank, opal_process_info.nodename);

abbreviate_list_into_string(&hoststring[strlen(hoststring)],
Expand Down Expand Up @@ -642,7 +642,7 @@ ompi_report_comm_methods(int called_from_location)
// 2: 2d table
if (nleaderranks <= max2Dprottable) {
char *str, *p;
int tmp, per, has_ucx_transport;
int tmp, per, has_ucx_transport, bufsize;
int strlens[NUM_COMM_METHODS];

// characters per entry in the 2d table, must be large enough
Expand All @@ -668,11 +668,11 @@ ompi_report_comm_methods(int called_from_location)
if (tmp+1 > per) { per = tmp+1; }
}
}

str = malloc(nleaderranks * per + 1);
bufsize = nleaderranks * per + 1;
str = malloc(bufsize);
p = str;
for (i=0; i<nleaderranks; ++i) {
sprintf(p, "%d", i);
snprintf(p, bufsize - (p - str), "%d", i);
for (j=(int)strlen(p); j<per; ++j) {
p[j] = ' ';
}
Expand All @@ -698,12 +698,12 @@ ompi_report_comm_methods(int called_from_location)
for (k=0; k<nleaderranks; ++k) {
char *method_string;
char ucx_label[20];

method_string = comm_method_to_string(method[i * nleaderranks + k]);
if (0 == strncmp(method_string, UCX_TAG, strlen(UCX_TAG))) {
n = lookup_string_in_conversion_struct(&comm_method_string_conversion,
method_string);
sprintf(ucx_label, "ucx[%3d]", n);
snprintf(ucx_label, sizeof(ucx_label), "ucx[%3d]", n);
strcat(p, ucx_label);
methods_used[n / 8] |= (1 << (n % 8));
has_ucx_transport = 1;
Expand Down Expand Up @@ -755,7 +755,7 @@ ompi_report_comm_methods(int called_from_location)
}
else if (nleaderranks <= max2D1Cprottable) {
char *str, *p;
int tmp, per, done;
int tmp, per, done, bufsize;
char char_code[NUM_COMM_METHODS], next_char;
int method_count[NUM_COMM_METHODS];

Expand Down Expand Up @@ -798,12 +798,13 @@ ompi_report_comm_methods(int called_from_location)
}
}

str = malloc(per + 32 + nleaderranks * 2 + 1);
bufsize = nleaderranks * (per + 1) + 1;
Copy link

Copilot AI Oct 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The buffer size calculation doesn't account for the initial header string '0 1 2 3 ' which is 8 characters. This could lead to a buffer overflow when writing to str. The calculation should be bufsize = 8 + (nleaderranks * per) + 1; to properly include the header.

Suggested change
bufsize = nleaderranks * (per + 1) + 1;
bufsize = 8 + (nleaderranks * (per + 1)) + 1;

Copilot uses AI. Check for mistakes.
str = malloc(bufsize);
p = str;
sprintf(p, "0 1 2 3 ");
snprintf(p, bufsize, "0 1 2 3 ");
p += 8;
for (i=4; i<nleaderranks; i+=4) {
sprintf(p, "%d", i);
snprintf(p, bufsize - (p - str), "%d", i);
for (j=(int)strlen(p); j<8; ++j) {
p[j] = ' ';
}
Expand Down Expand Up @@ -974,13 +975,14 @@ ompi_report_comm_methods(int called_from_location)
if (is_nonconformist) {
char *str = malloc(1024);
// int first = 1;
sprintf(str, " host %d:", i);
snprintf(str, 1024, " host %d:", i);
for (k=0; k<NUM_COMM_METHODS; ++k) {
if (method_count[k] > 0) {
// if (!first) {
// strcat(str, " /");
// }
sprintf(&str[strlen(str)],
snprintf(&str[strlen(str)],
1024 - strlen(str),
" [%dx %s]",
method_count[k],
comm_method_to_string(k));
Expand Down
2 changes: 1 addition & 1 deletion ompi/mca/sharedfp/lockedfile/sharedfp_lockedfile.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ struct mca_sharedfp_base_module_2_0_0_t * mca_sharedfp_lockedfile_component_file

/* Set the filename. */
/*data filename created by appending .locktest.$rank to the original filename*/
sprintf(filename,"%s%s%d",fh->f_filename,".locktest.",rank);
snprintf(filename, sizeof(filename), "%s%s%d",fh->f_filename,".locktest.",rank);

lock.l_type = F_WRLCK;
lock.l_start = 0;
Expand Down
2 changes: 1 addition & 1 deletion opal/mca/btl/smcuda/btl_smcuda.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -486,7 +486,7 @@ static struct mca_btl_base_endpoint_t *create_sm_endpoint(int local_proc, struct
OBJ_CONSTRUCT(&ep->pending_sends, opal_list_t);
OBJ_CONSTRUCT(&ep->endpoint_lock, opal_mutex_t);
#if OPAL_ENABLE_PROGRESS_THREADS == 1
sprintf(path, "%s" OPAL_PATH_SEP "sm_fifo.%lu", opal_process_info.job_session_dir,
snprintf(path, sizeof(path), "%s" OPAL_PATH_SEP "sm_fifo.%lu", opal_process_info.job_session_dir,
(unsigned long) proc->proc_name);
ep->fifo_fd = open(path, O_WRONLY);
if (ep->fifo_fd < 0) {
Expand Down
5 changes: 3 additions & 2 deletions opal/mca/btl/smcuda/btl_smcuda_component.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -859,8 +859,9 @@ mca_btl_smcuda_component_init(int *num_btls, bool enable_progress_threads, bool

#if OPAL_ENABLE_PROGRESS_THREADS == 1
/* create a named pipe to receive events */
sprintf(mca_btl_smcuda_component.sm_fifo_path, "%s" OPAL_PATH_SEP "sm_fifo.%lu",
opal_process_info.job_session_dir, (unsigned long) OPAL_PROC_MY_NAME->vpid);
snprintf(mca_btl_smcuda_component.sm_fifo_path, sizeof(mca_btl_smcuda_component.sm_fifo_path),
"%s" OPAL_PATH_SEP "sm_fifo.%lu",
opal_process_info.job_session_dir, (unsigned long) OPAL_PROC_MY_NAME->vpid);
if (mkfifo(mca_btl_smcuda_component.sm_fifo_path, 0660) < 0) {
opal_output(0, "mca_btl_smcuda_component_init: mkfifo failed with errno=%d\n", errno);
return NULL;
Expand Down
8 changes: 4 additions & 4 deletions opal/mca/btl/tcp/btl_tcp_component.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -562,12 +562,12 @@ static int mca_btl_tcp_create(const int if_kindex, const char *if_name)
btl->tcp_ifmask = selected_interface->if_mask;

/* allow user to specify interface bandwidth */
sprintf(param, "bandwidth_%s", if_name);
snprintf(param, sizeof(param), "bandwidth_%s", if_name);
mca_btl_tcp_param_register_uint(param, NULL, btl->super.btl_bandwidth, OPAL_INFO_LVL_5,
&btl->super.btl_bandwidth);

/* allow user to override/specify latency ranking */
sprintf(param, "latency_%s", if_name);
snprintf(param, sizeof(param), "latency_%s", if_name);
mca_btl_tcp_param_register_uint(param, NULL, btl->super.btl_latency, OPAL_INFO_LVL_5,
&btl->super.btl_latency);
if (i > 0) {
Expand All @@ -576,12 +576,12 @@ static int mca_btl_tcp_create(const int if_kindex, const char *if_name)
}

/* allow user to specify interface bandwidth */
sprintf(param, "bandwidth_%s:%d", if_name, i);
snprintf(param, sizeof(param), "bandwidth_%s:%d", if_name, i);
mca_btl_tcp_param_register_uint(param, NULL, btl->super.btl_bandwidth, OPAL_INFO_LVL_5,
&btl->super.btl_bandwidth);

/* allow user to override/specify latency ranking */
sprintf(param, "latency_%s:%d", if_name, i);
snprintf(param, sizeof(param), "latency_%s:%d", if_name, i);
mca_btl_tcp_param_register_uint(param, NULL, btl->super.btl_latency, OPAL_INFO_LVL_5,
&btl->super.btl_latency);

Expand Down
31 changes: 16 additions & 15 deletions opal/util/timings.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,8 @@ void opal_timing_disable_native_timers(void);
if (n > OPAL_TIMING_STR_LEN) { \
(_nm)->error = 1; \
} \
n = sprintf((_nm)->cntr_env, "OMPI_TIMING_%s_CNT", (_nm)->id); \
n = snprintf((_nm)->cntr_env, OPAL_TIMING_STR_LEN, \
"OMPI_TIMING_%s_CNT", (_nm)->id); \
if (n > OPAL_TIMING_STR_LEN) { \
(_nm)->error = 1; \
} \
Expand Down Expand Up @@ -135,7 +136,7 @@ void opal_timing_disable_native_timers(void);
} \
setenv(buf1, buf2, 1); \
h->cntr++; \
sprintf(buf1, "%d", h->cntr); \
snprintf(buf1, OPAL_TIMING_STR_LEN, "%d", h->cntr); \
setenv(h->cntr_env, buf1, 1); \
/* We don't include env operations into the consideration. \
* Hopefully this will help to make measurements more accurate. \
Expand Down Expand Up @@ -187,19 +188,19 @@ void opal_timing_disable_native_timers(void);
} \
} while (0)

# define OPAL_TIMING_ENV_GETDESC_PREFIX(prefix, filename, func, i, desc, _t) \
do { \
char vname[OPAL_TIMING_STR_LEN]; \
(_t) = 0.0; \
sprintf(vname, "OMPI_TIMING_%s_%s_FILE_%d", prefix, func, i); \
*filename = getenv(vname); \
sprintf(vname, "OMPI_TIMING_%s_%s_DESC_%d", prefix, func, i); \
*desc = getenv(vname); \
sprintf(vname, "OMPI_TIMING_%s_%s_VAL_%d", prefix, func, i); \
char *ptr = getenv(vname); \
if (NULL != ptr) { \
sscanf(ptr, "%lf", &(_t)); \
} \
# define OPAL_TIMING_ENV_GETDESC_PREFIX(prefix, filename, func, i, desc, _t) \
do { \
char vname[OPAL_TIMING_STR_LEN]; \
(_t) = 0.0; \
snprintf(vname, OPAL_TIMING_STR_LEN, "OMPI_TIMING_%s_%s_FILE_%d", prefix, func, i); \
*filename = getenv(vname); \
snprintf(vname, OPAL_TIMING_STR_LEN, "OMPI_TIMING_%s_%s_DESC_%d", prefix, func, i); \
*desc = getenv(vname); \
snprintf(vname, OPAL_TIMING_STR_LEN, "OMPI_TIMING_%s_%s_VAL_%d", prefix, func, i); \
char *ptr = getenv(vname); \
if (NULL != ptr) { \
sscanf(ptr, "%lf", &(_t)); \
} \
} while (0)

# define OPAL_TIMING_ENV_GETDESC(file, func, index, desc) \
Expand Down
4 changes: 2 additions & 2 deletions test/datatype/position.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -201,9 +201,9 @@ static char *bytes_dump(void *src, size_t cnt)
static char text[1024];
int index, i;

index = sprintf(text, "0x");
index = snprintf(text, sizeof(text), "0x");
for (i = 0; i < (int) cnt; i++)
index += sprintf(text + index, "%x", (int) (((char *) src)[i]));
index += snprintf(text + index, sizeof(text) - index, "%x", (int) (((char *) src)[i]));
*(text + index) = '\0';
return text;
}
Expand Down
2 changes: 1 addition & 1 deletion test/simple/crisscross.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ int main(int argc, char *argv[])
mpierr = MPI_Get_processor_name(process_name, &count);
if (mpierr != MPI_SUCCESS) {
fprintf(stderr, "MPI Error %d (MPI_Get_processor_name) [%d]\n", mpierr, rank);
sprintf(process_name, "%s", rr_empty);
snprintf(process_name, sizeof(process_name), "%s", rr_empty);
} else {
if (count < MAX_RR_NAME)
strncat(&process_name[count], rr_blank, MAX_RR_NAME - count);
Expand Down
2 changes: 1 addition & 1 deletion test/simple/no-disconnect.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ int main(int argc, char **argv)
printf("level = %d\n", level);

/* prepare send buffer */
sprintf(bufs, "level %d (pid:%d)", level, getpid());
snprintf(bufs, sizeof(bufs), "level %d (pid:%d)", level, getpid());

/* spawn */
if (level < max_depth) {
Expand Down
Loading