RFR: 8296812: sprintf is deprecated in Xcode 14 [v12]

[Kim Barrett]

On Fri, 18 Nov 2022 19:25:32 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

>> Hi,
>> 
>> May I have this update reviewed?
>> 
>> The sprintf is deprecated in Xcode 14 because of security concerns, and the use of it causing building failure.  The build could pass if warnings are disabled for codes that use sprintf method.  For the long run, the sprintf could be replaced with snprintf.  This patch is trying to check if snprintf could be used.
>> 
>> Thanks,
>> Xuelei
>
> Xue-Lei Andrew Fan has updated the pull request incrementally with one additional commit since the last revision:
> 
>   extra sizeof typo

Given all the near-duplicated checking of os::snprintf results, I think there
is a place for a helper function to package this up.  Maybe something like


// in class os
// Performs snprintf and asserts the result is non-negative (so there was not
// an encoding error) and that the output was not truncated.
static int snprintf_checked(char* buf, size_t len, const char* fmt, ...) ATTRIBUTE_PRINTF(3, 4);

// in runtime/os.cpp
int os::snprintf_checked(char* buf, size_t len, const char* fmt, ...) {
  va_list args;
  va_start(args, fmt);
  int result = os::vsnprintf(buf, len, fmt, args);
  va_end(args);
  assert(result >= 0, "os::snprintf error");
  assert(static_cast<size_t>(result) < size, "os::snprintf truncated");
  return result;
}


(I keep waffling over whether the truncation check should be an assert or a guarantee.)

I've not yet gone through all the changes yet to consider which should do that
checking and which should do something different, such as permitting truncation.

I'm not wedded to that name; indeed, I don't like it that much, as it's kind
of inconveniently long.  There's a temptation to have os::snprintf forbid
truncation and a different function that allows it, but that would require
careful auditing of all pre-existing uses of os::snprintf too, so no.

-------------

PR: https://git.openjdk.org/jdk/pull/11115