Andres Freund <andres@anarazel.de> writes:
> One class of warnings is specific to meson (see further down), but the other
> is common between autoconf and meson:
> [24/2258] Compiling C object src/port/libpgport_srv.a.p/snprintf.c.o
> ../../../src/postgres/src/port/snprintf.c:1002:11: warning: 'sprintf' is deprecated: This function is provided for
compatibilityreasons only. Due to security concerns inherent in the design of sprintf(3), it is highly recommended
thatyou use snprintf(3) instead. [-Wdeprecated-declarations]
> vallen = sprintf(convert, "%p", value);
> ^
Originally we used the platform's sprintf there because we couldn't
rely on platforms having functional snprintf. That's no longer the case,
I imagine, so we could just switch these calls over to snprintf. I'm
kind of surprised that we haven't already been getting the likes of
this warning from, eg, OpenBSD.
Note that the hundreds of other sprintf calls in our code are actually
calling pg_sprintf, which hasn't got a deprecation label. But the ones
in snprintf.c are really trying to call the platform's version.
(I wonder how much we ought to worry about bugs in the pg_sprintf usages?
But that's a matter for another day and another thread.)
regards, tom lane
