Replace all snprintf() calls with M_snprintf().

The Windows API has an _snprintf function that is not the same as
Unix's snprintf(): if the string is truncated then no trailing NUL
character is appended. This makes the function unsafe. Define a
replacement/wrapper called M_snprintf that works the same but always
appends a trailing NUL, for safety on Windows and other OSes that
behave like this.

Do the same thing for vsnprintf(), and update HACKING to list
snprintf/vsnprintf as forbidden functions. This fixes #375;
thanks to Quasar for pointing out the different behavior of these
functions.

1 files changed, 7 insertions, 6 deletions

diff --git a/src/net_sdl.c b/src/net_sdl.c
index de86172f..e27e4da5 100644
--- a/src/net_sdl.c
+++ b/src/net_sdl.c
@@ -30,6 +30,7 @@
 #include "doomtype.h"
 #include "i_system.h"
 #include "m_argv.h"
+#include "m_misc.h"
 #include "net_defs.h"
 #include "net_io.h"
 #include "net_packet.h"
@@ -312,12 +313,12 @@ void NET_SDL_AddrToString(net_addr_t *addr, char *buffer, int buffer_len)
 
     ip = (IPaddress *) addr->handle;
     
-    snprintf(buffer, buffer_len, 
-             "%i.%i.%i.%i",
-             ip->host & 0xff,
-             (ip->host >> 8) & 0xff,
-             (ip->host >> 16) & 0xff,
-             (ip->host >> 24) & 0xff);
+    M_snprintf(buffer, buffer_len, 
+               "%i.%i.%i.%i",
+               ip->host & 0xff,
+               (ip->host >> 8) & 0xff,
+               (ip->host >> 16) & 0xff,
+               (ip->host >> 24) & 0xff);
 }
 
 net_addr_t *NET_SDL_ResolveAddress(char *address)