Replace all snprintf() calls with M_snprintf().

The Windows API has an _snprintf function that is not the same as
Unix's snprintf(): if the string is truncated then no trailing NUL
character is appended. This makes the function unsafe. Define a
replacement/wrapper called M_snprintf that works the same but always
appends a trailing NUL, for safety on Windows and other OSes that
behave like this.

Do the same thing for vsnprintf(), and update HACKING to list
snprintf/vsnprintf as forbidden functions. This fixes #375;
thanks to Quasar for pointing out the different behavior of these
functions.

1 files changed, 4 insertions, 1 deletions

diff --git a/HACKING b/HACKING
index 0680a037..ddf3d35c 100644
--- a/HACKING
+++ b/HACKING
@@ -122,7 +122,10 @@ avoided when writing code for Chocolate Doom. These are:
     Unsafe function       Safer alternative
     ---------------------------------------------
     gets()                fgets(.., stdin)
-    sprintf               snprintf()
+    sprintf               M_snprintf()
+    snprintf              M_snprintf()
+    vsprintf              M_vsnprintf()
+    vsnprintf             M_vsnprintf()
     strcpy()              M_StringCopy()
     strncpy()             M_StringCopy()
     strcat()              M_StringConcat()