Skip to content

Avoid using unsafe sprintf() #19598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Avoid using unsafe sprintf() #19598

wants to merge 1 commit into from
+7 −4

Conversation

alexandre-daubois
Copy link
Member

Internals book explicitly specifies that sprintf() should be avoided where possible for safer alternatives.

@alexandre-daubois alexandre-daubois marked this pull request as ready for review August 26, 2025 17:53
iluuu1994
iluuu1994 reviewed Aug 26, 2025
View reviewed changes
sapi/fpm/fpm/fpm_sockets.c
@@ -90,7 +90,10 @@ static void fpm_sockets_cleanup(int which, void *arg) /* {{{ */
}
}

p += sprintf(env_value + p + socket_set_buf, "%s%s=%s", (p && !socket_set_buf) ? "," : "", ls->key, fd);
int written = snprintf(env_value + p + socket_set_buf,
strlen(ls->key) + strlen(fd) + 2 + (p && !socket_set_buf ? 1 : 0),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be better to store the length in a variable, and then subtract p + socket_set_buf from it.

Zend/zend_alloc.c
@@ -386,7 +386,7 @@ ZEND_COLD void zend_debug_alloc_output(char *format, ...)
va_list args;

va_start(args, format);
vsprintf(output_buf, format, args);
vsnprintf(output_buf, sizeof(output_buf), format, args);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This entire function looks to be unused, if I'm not mistaken. Maybe we can just drop it.

TimWolla
TimWolla reviewed Aug 26, 2025
View reviewed changes
ext/pdo_firebird/firebird_statement.c
@@ -130,7 +130,7 @@ static int get_formatted_timestamp_tz(pdo_stmt_t *stmt, const ISC_TIMESTAMP_TZ*
return 1;
}

size_t timestamp_tz_len = sprintf(timestampTzBuf, "%s %s", timestampBuf, timeZoneBuffer);
size_t timestamp_tz_len = snprintf(timestampTzBuf, sizeof(timestampTzBuf), "%s %s", timestampBuf, timeZoneBuffer);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can probably just be zend_strpprintf() to directly print into the zend_string.

TimWolla
TimWolla reviewed Aug 26, 2025
View reviewed changes
sapi/fpm/fpm/fpm_sockets.c
@@ -90,7 +90,10 @@ static void fpm_sockets_cleanup(int which, void *arg) /* {{{ */
}
}

p += sprintf(env_value + p + socket_set_buf, "%s%s=%s", (p && !socket_set_buf) ? "," : "", ls->key, fd);
int written = snprintf(env_value + p + socket_set_buf,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similarly, the smart_string API would avoid manually reallocating a buffer.

@nielsdos
Copy link
Member

I did a round on this once a long time ago, strange I missed these, thanks for catching this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TimWolla TimWolla TimWolla left review comments

@iluuu1994 iluuu1994 iluuu1994 left review comments

@dstogov dstogov Awaiting requested review from dstogov dstogov is a code owner

@bukka bukka Awaiting requested review from bukka bukka is a code owner

@SakiTakamachi SakiTakamachi Awaiting requested review from SakiTakamachi SakiTakamachi is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alexandre-daubois @nielsdos @TimWolla @iluuu1994