Hi Matt, In ODEINT it's called in max_step_checker.hpp. ``` const int m_max_steps; ... char error_msg[200]; std::sprintf(error_msg, "Max number of iterations exceeded (%d).", m_max_steps); ... char error_msg[200]; std::sprintf(error_msg, "Max number of iterations exceeded (%d).", m_max_steps);
``` It looks to me that neither of these uses could possibly overflow, but for whatever reason people have latched onto the idea that sprintf should never be used. Cheers, Justin ________________________________________ From: Matt Borland <[email protected]> Sent: Thursday, November 16, 2023 1:49 AM To: Boost users list Cc: McGrath, Justin M Subject: Re: [Boost-users] Could sprintf be replaced with snprintf? On Wed, Nov 15, 2023 at 17:56, McGrath, Justin M via Boost-users <[email protected]<mailto:On%20Wed,%20Nov%2015,%202023%20at%2017:56,%20McGrath,%20Justin%20M%20via%20Boost-users%20<<a%20href=>> wrote: I am using some Boost libraries in a code base that does not want any use of sprintf. An automatic test flags any calls to it or vsprintf. Is it possible to replace all uses of sprintf with snprintf? I really doubt there are actually any security issues here, but I'm hoping this wouldn't be too difficult or cause any problems other than the effort to do it. Cheers, Justin _______________________________________________ Boost-users mailing list [email protected] https://lists.boost.org/mailman/listinfo.cgi/boost-users<https://urldefense.com/v3/__https://lists.boost.org/mailman/listinfo.cgi/boost-users__;!!DZ3fjg!4RYOP2xFRGhV4W5PY6O5Hy27Deud1DSsqs57uDLKpepfN0JcNnuXvae9P-4Sna7B98pP25-W6-B6__dbpk4$> Justin, Which libraries are you using that have that issue? Matt _______________________________________________ Boost-users mailing list [email protected] https://lists.boost.org/mailman/listinfo.cgi/boost-users
