The code is not erroneous, though it is bit strange. Declaration of sprintf is
int sprintf ( char * str, const char * format, ... ); It just needs 2 parameters, the rest are optional. In this case when format parameter has no format specification, sprintf just copies the format parameter to str. Trafodion code is compiled with -Wformat -Werror. This should emit out compilation errors when printf, sprintf is used in incorrect way such as less number of arguments than the required number as per the format specification, incompatible format and argument, and other errors. snprintf might be good to avoid buffer overflow, but in this case I am not sure if there was a buffer overflow condition. Selva -----Original Message----- From: [email protected] <[email protected]> Sent: Wednesday, December 19, 2018 2:35 AM To: [email protected] Subject: questionable `sprintf` usage Hi, I suspect the following code in core/sql/ustat/hs_read.cpp is erroneous: 2120 desc = new SQLDESC_ID; 2121 init_SQLCLI_OBJ_ID(desc); 2122 2123 desc->name_mode = cursor_name; 2124 desc->module = &module; 2125 desc->identifier = new char[HS_STMTID_LENGTH]; 2126 desc->handle = 0; 2127 2128 sprintf((char*)desc->identifier, descID); 2129 desc->identifier_len = strlen(descID); The parameters to function `sprintf` should be 3, but there are only 2. I’d like to change it to: snprintf((char*)desc->identifier, HS_STMTID_LENGTH, “%s”, descID); How do you find it? Regards, Wenjun Zhu
