Replace all snprintf() calls with M_snprintf().

The Windows API has an _snprintf function that is not the same as
Unix's snprintf(): if the string is truncated then no trailing NUL
character is appended. This makes the function unsafe. Define a
replacement/wrapper called M_snprintf that works the same but always
appends a trailing NUL, for safety on Windows and other OSes that
behave like this.

Do the same thing for vsnprintf(), and update HACKING to list
snprintf/vsnprintf as forbidden functions. This fixes #375;
thanks to Quasar for pointing out the different behavior of these
functions.

1 files changed, 3 insertions, 2 deletions

diff --git a/src/strife/p_user.c b/src/strife/p_user.c
index d2f8b8e3..e24e40fe 100644
--- a/src/strife/p_user.c
+++ b/src/strife/p_user.c
@@ -39,6 +39,7 @@
 #include "z_zone.h"
 #include "w_wad.h"
 #include "p_pspr.h"
+#include "m_misc.h"
 #include "m_random.h"
 #include "s_sound.h"
 #include "p_inter.h"
@@ -861,8 +862,8 @@ boolean P_UseInventoryItem(player_t* player, int item)
         if(name == NULL)
             name = "Item";
 
-        snprintf(useinventorymsg, sizeof(useinventorymsg),
-                 "You used the %s.", name);
+        M_snprintf(useinventorymsg, sizeof(useinventorymsg),
+                   "You used the %s.", name);
         player->message = useinventorymsg;
 
         if(player == &players[consoleplayer])