summaryrefslogtreecommitdiffstats
path: root/Objects/stringobject.c
diff options
context:
space:
mode:
Diffstat (limited to 'Objects/stringobject.c')
-rw-r--r--Objects/stringobject.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/Objects/stringobject.c b/Objects/stringobject.c
index 74c4b52..723918d 100644
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c
@@ -2876,7 +2876,9 @@ formatfloat(char *buf, size_t buflen, int flags,
prec = 6;
if (type == 'f' && fabs(x)/1e25 >= 1e25)
type = 'g';
- sprintf(fmt, "%%%s.%d%c", (flags&F_ALT) ? "#" : "", prec, type);
+ PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%d%c",
+ (flags&F_ALT) ? "#" : "",
+ prec, type);
/* worst case length calc to ensure no buffer overrun:
fmt = %#.<prec>g
buf = '-' + [0-9]*prec + '.' + 'e+' + (longest exp
@@ -2889,7 +2891,7 @@ formatfloat(char *buf, size_t buflen, int flags,
"formatted float is too long (precision too large?)");
return -1;
}
- sprintf(buf, fmt, x);
+ PyOS_snprintf(buf, buflen, fmt, x);
return strlen(buf);
}
@@ -3047,7 +3049,9 @@ formatint(char *buf, size_t buflen, int flags,
return -1;
if (prec < 0)
prec = 1;
- sprintf(fmt, "%%%s.%dl%c", (flags&F_ALT) ? "#" : "", prec, type);
+ PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%dl%c",
+ (flags&F_ALT) ? "#" : "",
+ prec, type);
/* buf = '+'/'-'/'0'/'0x' + '[0-9]'*max(prec, len(x in octal))
worst case buf = '0x' + [0-9]*prec, where prec >= 11 */
if (buflen <= 13 || buflen <= (size_t)2 + (size_t)prec) {
@@ -3055,7 +3059,7 @@ formatint(char *buf, size_t buflen, int flags,
"formatted integer is too long (precision too large?)");
return -1;
}
- sprintf(buf, fmt, x);
+ PyOS_snprintf(buf, buflen, fmt, x);
/* When converting 0 under %#x or %#X, C leaves off the base marker,
* but we want it (for consistency with other %#x conversions, and
* for consistency with Python's hex() function).