warning: 'sprintf' is deprecated

[Shebuka]

Using Xcode 14.0.1 with Apple clang version 14.0.0 (clang-1400.0.29.102) I get this deprecation warning:

asio/ip/impl/network_v6.ipp:104:3: warning: 'sprintf' is deprecated: This function is provided for compatibility reasons only. Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead. [-Wdeprecated-declarations]

This points to sprintf(prefix_len, "/%u", prefix_length_);. Because prefix_len is a char prefix_len[16]; the fix for this is quite simple, replace the line with with snprintf(prefix_len, 16, "/%u", prefix_length_);

similar warning in other places:

asio/ip/impl/network_v4.ipp:135:3: warning: 'sprintf' is deprecated: This function is provided for compatibility reasons only. Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead. [-Wdeprecated-declarations]

asio/detail/impl/socket_ops.ipp:2522:7: warning: 'sprintf' is deprecated: This function is provided for compatibility reasons only. Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use snprintf(3) instead. [-Wdeprecated-declarations]

[mojca]

Same problem here, except that the code we were building contained -Werror and the CI jobs suddenly started failing after merely installing "security update from Apple" (I think that just command-line tools were updated).

[MarkOates]

Also seeing this on my end. It's resulting in some noisy compile logs. I'm commenting here because it looks like this particular issue has the most traction.

@Shebuka It looks like a relatively trivial fix. Anybody know if the maintainers are warm to pull requests with this change?

[MarkOates]

It's possible to disable the compile warning at the point of include. It doesn't fix the underlying problem, but if you're wanting to silence all the compiler noise (in my case) this is an option:

#if defined(__clang__)
  #pragma clang diagnostic push
  #pragma clang diagnostic ignored "-Wdeprecated-declarations"
#elif defined(__GNUC__) || defined(__GNUG__)
  #pragma GCC diagnostic push
  #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
#endif

#include <asio.hpp>

#if defined(__clang__)
  #pragma clang diagnostic pop
#elif defined(__GNUC__) || defined(__GNUG__)
  #pragma GCC diagnostic pop
#endif

I've run this on gcc (windows) and clang (mac), and it seems to have worked.

[Shebuka]

I think (but I'm not sure) this was solved in the https://github.com/chriskohlhoff/asio/releases/tag/asio-1-26-0 release.
In the https://github.com/chriskohlhoff/asio/releases/tag/asio-1-28-0 that I'm using now it's solved 100%.

[stephanlachnit]

Note: this is not solved in 1.28

[Shebuka]

Note: this is not solved in 1.28

Are you sure to use the latest version?

To double-check I've just searched sprintf in the source and it's not present anymore in the library:
https://github.com/search?q=repo%3Achriskohlhoff%2Fasio%20sprintf&type=code

[stephanlachnit]

We can't use >=1.30 due to a GCC bug (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114968), and unfortunately there is one instance of sprintf still present in 1.28 here:

asio/asio/include/asio/detail/impl/socket_ops.ipp

Line 2584 in 54e3a84

snprintf(if_name + 1, sizeof(if_name) - 1, "%lu", scope_id);

It is also present in your search if go expand the match list, or search for sprintf(: https://github.com/search?q=repo%3Achriskohlhoff%2Fasio+sprintf%28&type=code

[Shebuka]

Rookie mistake on the search, my bad 😅

Right now I'm building the 1.28 with Xcode 15.2 / Apple clang version 15.0.0 (clang-1500.1.0.2.5) and I have no warnings about sprintf.

We can't use >=1.30 due to a GCC bug (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114968), and unfortunately there is one instance of sprintf still present in 1.28 here:

asio/asio/include/asio/detail/impl/socket_ops.ipp

Line 2584 in 54e3a84

snprintf(if_name + 1, sizeof(if_name) - 1, "%lu", scope_id);

But snprintf is safe. Were you referencing the line 2586?

asio/asio/include/asio/detail/impl/socket_ops.ipp

Line 2586 in 54e3a84

sprintf(if_name + 1, "%lu", scope_id);

It is also present in your search if go expand the match list, or search for sprintf(: https://github.com/search?q=repo%3Achriskohlhoff%2Fasio+sprintf%28&type=code

That line and all the others that are still present are under ifdef #else of either ASIO_HAS_SNPRINTF or ASIO_HAS_SECURE_RTL. I would guess that by using GCC your config doesn't define ASIO_HAS_SNPRINTF because it's checking clang as the compiler. Why ASIO_HAS_SNPRINTF was introduced instead of using ASIO_HAS_SECURE_RTL is unknown to me... Can you try to define ASIO_HAS_SNPRINTF manualy?

[stephanlachnit]

We can't use >=1.30 due to a GCC bug (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=114968), and unfortunately there is one instance of sprintf still present in 1.28 here:

asio/asio/include/asio/detail/impl/socket_ops.ipp

Line 2584 in 54e3a84

snprintf(if_name + 1, sizeof(if_name) - 1, "%lu", scope_id);

But snprintf is safe. Were you referencing the line 2586?

asio/asio/include/asio/detail/impl/socket_ops.ipp

Line 2586 in 54e3a84

sprintf(if_name + 1, "%lu", scope_id);

Woops, misclick. Yes I meant that line.

It is also present in your search if go expand the match list, or search for sprintf(: https://github.com/search?q=repo%3Achriskohlhoff%2Fasio+sprintf%28&type=code

That line and all the others that are still present are under ifdef #else of either ASIO_HAS_SNPRINTF or ASIO_HAS_SECURE_RTL. I would guess that by using GCC your config doesn't define ASIO_HAS_SNPRINTF because it's checking clang as the compiler. Why ASIO_HAS_SNPRINTF was introduced instead of using ASIO_HAS_SECURE_RTL is unknown to me... Can you try to define ASIO_HAS_SNPRINTF manualy?

We use several OS/compiler combinations, but on MacOS we use clang via brew - we don't set ASIO_HAS_SNPRINTF manually.

But I think the actual solution would be to use sprintf_s like in all the other instances.

[stephanlachnit]

Right, I think I have the issue. We use clang via brew, and this doesn't set the snprintf check correctly that was introduced here: 1a2dd21

I provided a fix in #1510

[Shebuka]

Nice find and fix in PR! 👍