From 42d918b7aa359602e91cb48c9048e1e6fd071565 Mon Sep 17 00:00:00 2001
From: Aaron Jacobs <aaronjjacobs@gmail.com>
Date: Tue, 6 Aug 2013 23:12:56 +0000
Subject: [PATCH] Switched away from sprintf, which is prone to buffer
 overflows.

Most reasonable platforms have this function. If you're here because
this broke the build for you, consider adding an ifdef for your platform
and using sprintf there (but not on other platforms).
---
 src/lib_json/json_reader.cpp | 2 +-
 src/lib_json/json_writer.cpp | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib_json/json_reader.cpp b/src/lib_json/json_reader.cpp
index 3e5df89..87d9085 100644
--- a/src/lib_json/json_reader.cpp
+++ b/src/lib_json/json_reader.cpp
@@ -868,7 +868,7 @@ Reader::getLocationLineAndColumn( Location location ) const
    int line, column;
    getLocationLineAndColumn( location, line, column );
    char buffer[18+16+16+1];
-   sprintf( buffer, "Line %d, Column %d", line, column );
+   snprintf(buffer, sizeof(buffer), "Line %d, Column %d", line, column);
    return buffer;
 }
 
diff --git a/src/lib_json/json_writer.cpp b/src/lib_json/json_writer.cpp
index bb76f7a..68c73e7 100644
--- a/src/lib_json/json_writer.cpp
+++ b/src/lib_json/json_writer.cpp
@@ -77,7 +77,7 @@ std::string valueToString( double value )
 #if defined(_MSC_VER) && defined(__STDC_SECURE_LIB__) // Use secure version with visual studio 2005 to avoid warning. 
    sprintf_s(buffer, sizeof(buffer), "%#.16g", value); 
 #else	
-   sprintf(buffer, "%#.16g", value); 
+   snprintf(buffer, sizeof(buffer), "%#.16g", value);
 #endif
    char* ch = buffer + strlen(buffer) - 1;
    if (*ch != '0') return buffer; // nothing to truncate, so save time