Skip to content

MONGOCRYPT-865 replace sprintf with safer alternatives#1127

Merged
kevinAlbs merged 6 commits intomongodb:masterfrom
kevinAlbs:2.3.3.M865
Feb 13, 2026
Merged

MONGOCRYPT-865 replace sprintf with safer alternatives#1127
kevinAlbs merged 6 commits intomongodb:masterfrom
kevinAlbs:2.3.3.M865

Conversation

@kevinAlbs
Copy link
Contributor

@kevinAlbs kevinAlbs commented Feb 13, 2026
edited
Loading

Replace calls of sprintf with the safer snprintf. snprintf accepts a capacity to ensure bytes are not written beyond the capacity.

sprintf is replaced with calls to bson_snprintf in libmongocrypt for portability and consistency. bson_snprintf always NULL terminates. snprintf may not always NULL terminate (see Remarks on MSVC docs). Since kms-message does not depend on libbson, snprintf is used in kms-message, and the NULL terminator is added manually where needed.

Return values of snprintf and bson_snprintf are checked. fb53369 fixes an existing return value check.

@kevinAlbs kevinAlbs marked this pull request as ready for review February 13, 2026 14:38
@kevinAlbs kevinAlbs requested a review from a team as a code owner February 13, 2026 14:38
@kevinAlbs kevinAlbs merged commit b55cf35 into mongodb:master Feb 13, 2026
56 of 58 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rcsanchez97 rcsanchez97 rcsanchez97 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kevinAlbs @rcsanchez97