formatfloat(), formatint(): Conversion of sprintf() to PyOS_snprintf()

for buffer overrun avoidance.

diff --git a/Objects/unicodeobject.c b/Objects/unicodeobject.c
index f7930208e7265fa9d3b747bc68d08cccac605d1b..c456b5773dd99bf832ded16d04bc44c08a9c858f 100644 (file)
--- a/Objects/unicodeobject.c
+++ b/Objects/unicodeobject.c
@@ -5080,7 +5080,8 @@ formatfloat(Py_UNICODE *buf,
        prec = 6;
     if (type == 'f' && (fabs(x) / 1e25) >= 1e25)
        type = 'g';
-    sprintf(fmt, "%%%s.%d%c", (flags & F_ALT) ? "#" : "", prec, type);
+    PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%d%c",
+                 (flags & F_ALT) ? "#" : "", prec, type);
     /* worst case length calc to ensure no buffer overrun:
          fmt = %#.<prec>g
          buf = '-' + [0-9]*prec + '.' + 'e+' + (longest exp
@@ -5151,15 +5152,16 @@ formatint(Py_UNICODE *buf,
      */
     if (x == 0 && (flags & F_ALT) && (type == 'x' || type == 'X')) {
         /* Only way to know what the platform does is to try it. */
-        sprintf(fmt, type == 'x' ? "%#x" : "%#X", 0);
+        PyOS_snprintf(fmt, sizeof(fmt), type == 'x' ? "%#x" : "%#X", 0);
         if (fmt[1] != (char)type) {
             /* Supply our own leading 0x/0X -- needed under std C */
             use_native_c_format = 0;
-            sprintf(fmt, "0%c%%#.%dl%c", type, prec, type);
+            PyOS_snprintf(fmt, sizeof(fmt), "0%c%%#.%dl%c", type, prec, type);
         }
     }
     if (use_native_c_format)
-         sprintf(fmt, "%%%s.%dl%c", (flags & F_ALT) ? "#" : "", prec, type);
+         PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%dl%c",
+                      (flags & F_ALT) ? "#" : "", prec, type);
     return usprintf(buf, fmt, x);
 }