From c10a1d900afabeaf1c8c2f7011bed31d2c572f02 Mon Sep 17 00:00:00 2001
From: Ivan Maidanski <ivmai@mail.ru>
Date: Fri, 28 Oct 2016 09:35:33 +0300
Subject: [PATCH] Eliminate 'unsafe vsprintf is deprecated' compiler warning

Replacement of vsprintf to vsnprintf (or similar) if available.

Note that no buffer overflow occurs in CORD_vsprintf as buf is
allocated dynamically based on format string.

* cord/cordprnt.c (GC_VSNPRINTF): New macro (the definition is copied
from misc.c).
* cord/cordprnt.c (CORD_vsprintf): Replace vsprintf(buf,...) call with
GC_VSNPRINTF(buf,max_size+1,...).
---
 cord/cordprnt.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/cord/cordprnt.c b/cord/cordprnt.c
index d3a85da6..70bad9cd 100644
--- a/cord/cordprnt.c
+++ b/cord/cordprnt.c
@@ -172,6 +172,20 @@ static int extract_conv_spec(CORD_pos source, char *buf,
     return(result);
 }
 
+#if defined(DJGPP) || defined(__STRICT_ANSI__)
+  /* vsnprintf is missing in DJGPP (v2.0.3) */
+# define GC_VSNPRINTF(buf, bufsz, format, args) vsprintf(buf, format, args)
+#elif defined(_MSC_VER)
+# ifdef MSWINCE
+    /* _vsnprintf is deprecated in WinCE */
+#   define GC_VSNPRINTF StringCchVPrintfA
+# else
+#   define GC_VSNPRINTF _vsnprintf
+# endif
+#else
+# define GC_VSNPRINTF vsnprintf
+#endif
+
 int CORD_vsprintf(CORD * out, CORD format, va_list args)
 {
     CORD_ec result;
@@ -328,7 +342,8 @@ int CORD_vsprintf(CORD * out, CORD format, va_list args)
                             res = -1;
                     }
                     if (0 == res)
-                      res = vsprintf(buf, conv_spec, vsprintf_args);
+                      res = GC_VSNPRINTF(buf, max_size + 1, conv_spec,
+                                         vsprintf_args);
 #                   if defined(CPPCHECK) || defined(__va_copy) \
                        || (defined(__GNUC__) && !defined(__DJGPP__) \
                            && !defined(__EMX__))
-- 
2.40.0