From 8eb3200286d523379295143ce3f44d77ce036d4b Mon Sep 17 00:00:00 2001
From: Simon Howard
Date: Tue, 1 Apr 2014 20:43:45 -0400
Subject: Replace all snprintf() calls with M_snprintf().

The Windows API has an _snprintf function that is not the same as
Unix's snprintf(): if the string is truncated then no trailing NUL
character is appended. This makes the function unsafe. Define a
replacement/wrapper called M_snprintf that works the same but always
appends a trailing NUL, for safety on Windows and other OSes that
behave like this.

Do the same thing for vsnprintf(), and update HACKING to list
snprintf/vsnprintf as forbidden functions. This fixes #375;
thanks to Quasar for pointing out the different behavior of these
functions.
---
 HACKING | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'HACKING')

diff --git a/HACKING b/HACKING
index 0680a037..ddf3d35c 100644
--- a/HACKING
+++ b/HACKING
@@ -122,7 +122,10 @@ avoided when writing code for Chocolate Doom. These are:
     Unsafe function       Safer alternative
     ---------------------------------------------
     gets()                fgets(.., stdin)
-    sprintf               snprintf()
+    sprintf               M_snprintf()
+    snprintf              M_snprintf()
+    vsprintf              M_vsnprintf()
+    vsnprintf             M_vsnprintf()
     strcpy()              M_StringCopy()
     strncpy()             M_StringCopy()
     strcat()              M_StringConcat()
-- 
cgit v1.2.3