From 746eca9f7c528db27f0e5ddacb763ba709774233 Mon Sep 17 00:00:00 2001 From: Rene Cannao Date: Fri, 13 Feb 2026 00:01:24 +0000 Subject: [PATCH] More sprintf to snprintf conversions and indentation fixes - Replace remaining sprintf with snprintf in Admin_FlushVariables.cpp - Fix indentation in flush_GENERIC_variables__process__database_to_runtime - Apply same pattern to ProxySQL_Admin.cpp and ProxySQL_Admin_Stats.cpp --- lib/Admin_FlushVariables.cpp | 222 ++++++++++++++++++----------------- lib/ProxySQL_Admin.cpp | 143 +++++++++++----------- lib/ProxySQL_Admin_Stats.cpp | 160 ++++++++++++------------- 3 files changed, 270 insertions(+), 255 deletions(-) diff --git a/lib/Admin_FlushVariables.cpp b/lib/Admin_FlushVariables.cpp index 91bd18f3d..6045e6d54 100644 --- a/lib/Admin_FlushVariables.cpp +++ b/lib/Admin_FlushVariables.cpp @@ -225,30 +225,30 @@ void ProxySQL_Admin::flush_GENERIC_variables__process__database_to_runtime( val = GloMyLdapAuth->get_variable(r->fields[0]); } char q[1000]; - if (val) { - if (variables_read_only.count(v) > 0) { - proxy_warning("Impossible to set read-only variable %s with value \"%s\". Resetting to current \"%s\".\n", r->fields[0],r->fields[1], val); - } else { - proxy_warning("Impossible to set variable %s with value \"%s\". Resetting to current \"%s\".\n", r->fields[0],r->fields[1], val); - } - sprintf(q,"INSERT OR REPLACE INTO global_variables VALUES(\"%s-%s\",\"%s\")", modname.c_str(), r->fields[0],val); - db->execute(q); - free(val); - } else { - if (variables_to_delete_silently.count(v) > 0) { - sprintf(q,"DELETE FROM disk.global_variables WHERE variable_name=\"%s-%s\"", modname.c_str(), r->fields[0]); - db->execute(q); - } else if (variables_deprecated.count(v) > 0) { - proxy_error("Global variable %s-%s is deprecated.\n", modname.c_str(), r->fields[0]); - sprintf(q,"DELETE FROM disk.global_variables WHERE variable_name=\"%s-%s\"", modname.c_str(), r->fields[0]); + if (val) { + if (variables_read_only.count(v) > 0) { + proxy_warning("Impossible to set read-only variable %s with value \"%s\". Resetting to current \"%s\".\n", r->fields[0],r->fields[1], val); + } else { + proxy_warning("Impossible to set variable %s with value \"%s\". Resetting to current \"%s\".\n", r->fields[0],r->fields[1], val); + } + snprintf(q, sizeof(q), "INSERT OR REPLACE INTO global_variables VALUES(\"%s-%s\",\"%s\")", modname.c_str(), r->fields[0], val); db->execute(q); + free(val); } else { - proxy_warning("Impossible to set not existing variable %s with value \"%s\". Deleting. If the variable name is correct, this version doesn't support it\n", r->fields[0],r->fields[1]); + if (variables_to_delete_silently.count(v) > 0) { + snprintf(q, sizeof(q), "DELETE FROM disk.global_variables WHERE variable_name=\"%s-%s\"", modname.c_str(), r->fields[0]); + db->execute(q); + } else if (variables_deprecated.count(v) > 0) { + proxy_error("Global variable %s-%s is deprecated.\n", modname.c_str(), r->fields[0]); + snprintf(q, sizeof(q), "DELETE FROM disk.global_variables WHERE variable_name=\"%s-%s\"", modname.c_str(), r->fields[0]); + db->execute(q); + } else { + proxy_warning("Impossible to set not existing variable %s with value \"%s\". Deleting. If the variable name is correct, this version doesn't support it\n", r->fields[0],r->fields[1]); + } + snprintf(q, sizeof(q), "DELETE FROM global_variables WHERE variable_name=\"%s-%s\"", modname.c_str(), r->fields[0]); + db->execute(q); } - sprintf(q,"DELETE FROM global_variables WHERE variable_name=\"%s-%s\"", modname.c_str(), r->fields[0]); - db->execute(q); } - } } else { proxy_debug(PROXY_DEBUG_ADMIN, 4, "Set variable %s with value \"%s\"\n", r->fields[0],r->fields[1]); if (variables_special_values.count(v) > 0) { @@ -355,8 +355,9 @@ void ProxySQL_Admin::flush_pgsql_variables___runtime_to_database(SQLite3DB* db, char** varnames = GloPTH->get_variables_list(); for (int i = 0; varnames[i]; i++) { char* val = GloPTH->get_variable(varnames[i]); - char* qualified_name = (char*)malloc(strlen(varnames[i]) + 12); - sprintf(qualified_name, "pgsql-%s", varnames[i]); + size_t qualified_name_len = strlen(varnames[i]) + sizeof("pgsql-"); + char* qualified_name = (char*)malloc(qualified_name_len); + snprintf(qualified_name, qualified_name_len, "pgsql-%s", varnames[i]); rc = (*proxy_sqlite3_bind_text)(statement1, 1, qualified_name, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, db); rc = (*proxy_sqlite3_bind_text)(statement1, 2, (val ? val : (char*)""), -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, db); SAFE_SQLITE3_STEP2(statement1); @@ -406,7 +407,7 @@ void ProxySQL_Admin::flush_GENERIC_variables__checksum__database_to_runtime(cons uint32_t d32[2]; char buf[20]; memcpy(&d32, &hash1, sizeof(hash1)); - sprintf(buf,"0x%0X%0X", d32[0], d32[1]); + snprintf(buf, sizeof(buf), "0x%0X%0X", d32[0], d32[1]); ProxySQL_Checksum_Value *checkvar = NULL; if (modname == "admin") { checkvar = &GloVars.checksums_values.admin_variables; @@ -462,12 +463,12 @@ void ProxySQL_Admin::flush_mysql_variables___database_to_runtime(SQLite3DB *db, if (varname == "default_collation_connection" || varname == "default_charset") { char *val=GloMTH->get_variable((char *)varname.c_str()); if (val) { - if (strcmp(val,varvalue)) { - char q[1000]; - proxy_warning("Variable %s with value \"%s\" is being replaced with value \"%s\".\n", varname.c_str(), varvalue, val); - sprintf(q,"INSERT OR REPLACE INTO global_variables VALUES(\"mysql-%s\",\"%s\")", varname.c_str() ,val); - db->execute(q); - } + if (strcmp(val,varvalue)) { + char q[1000]; + proxy_warning("Variable %s with value \"%s\" is being replaced with value \"%s\".\n", varname.c_str(), varvalue, val); + snprintf(q, sizeof(q), "INSERT OR REPLACE INTO global_variables VALUES(\"mysql-%s\",\"%s\")", varname.c_str(), val); + db->execute(q); + } free(val); } } else if (varname == "show_processlist_extended") { @@ -495,33 +496,33 @@ void ProxySQL_Admin::flush_mysql_variables___database_to_runtime(SQLite3DB *db, ci = proxysql_find_charset_collate(default_collation_connection); if (ci == NULL) { proxy_error("Found an incorrect value for mysql-default_collation_connection: %s\n", default_collation_connection); - const char *p = mysql_tracked_variables[SQL_CHARACTER_SET].default_value; - ci = proxysql_find_charset_name(p); - assert(ci); - proxy_info("Resetting mysql-default_charset to hardcoded default value: %s\n", ci->csname); - sprintf(q,"INSERT OR REPLACE INTO global_variables VALUES(\"mysql-default_charset\",\"%s\")", ci->csname); - db->execute(q); - GloMTH->set_variable((char *)"default_charset",ci->csname); - proxy_info("Resetting mysql-default_collation_connection to hardcoded default value: %s\n", ci->name); - sprintf(q,"INSERT OR REPLACE INTO global_variables VALUES(\"mysql-default_collation_connection\",\"%s\")", ci->name); - db->execute(q); - GloMTH->set_variable((char *)"default_collation_connection",ci->name); - } else { - proxy_info("Changing mysql-default_charset to %s using configured mysql-default_collation_connection %s\n", ci->csname, ci->name); - sprintf(q,"INSERT OR REPLACE INTO global_variables VALUES(\"mysql-default_charset\",\"%s\")", ci->csname); - db->execute(q); - GloMTH->set_variable((char *)"default_charset",ci->csname); - } + const char *p = mysql_tracked_variables[SQL_CHARACTER_SET].default_value; + ci = proxysql_find_charset_name(p); + assert(ci); + proxy_info("Resetting mysql-default_charset to hardcoded default value: %s\n", ci->csname); + snprintf(q, sizeof(q), "INSERT OR REPLACE INTO global_variables VALUES(\"mysql-default_charset\",\"%s\")", ci->csname); + db->execute(q); + GloMTH->set_variable((char *)"default_charset",ci->csname); + proxy_info("Resetting mysql-default_collation_connection to hardcoded default value: %s\n", ci->name); + snprintf(q, sizeof(q), "INSERT OR REPLACE INTO global_variables VALUES(\"mysql-default_collation_connection\",\"%s\")", ci->name); + db->execute(q); + GloMTH->set_variable((char *)"default_collation_connection",ci->name); + } else { + proxy_info("Changing mysql-default_charset to %s using configured mysql-default_collation_connection %s\n", ci->csname, ci->name); + snprintf(q, sizeof(q), "INSERT OR REPLACE INTO global_variables VALUES(\"mysql-default_charset\",\"%s\")", ci->csname); + db->execute(q); + GloMTH->set_variable((char *)"default_charset",ci->csname); + } } else { MARIADB_CHARSET_INFO * cic = NULL; cic = proxysql_find_charset_collate(default_collation_connection); - if (cic == NULL) { - proxy_error("Found an incorrect value for mysql-default_collation_connection: %s\n", default_collation_connection); - proxy_info("Changing mysql-default_collation_connection to %s using configured mysql-default_charset: %s\n", ci->name, ci->csname); - sprintf(q,"INSERT OR REPLACE INTO global_variables VALUES(\"mysql-default_collation_connection\",\"%s\")", ci->name); - db->execute(q); - GloMTH->set_variable((char *)"default_collation_connection",ci->name); - } else { + if (cic == NULL) { + proxy_error("Found an incorrect value for mysql-default_collation_connection: %s\n", default_collation_connection); + proxy_info("Changing mysql-default_collation_connection to %s using configured mysql-default_charset: %s\n", ci->name, ci->csname); + snprintf(q, sizeof(q), "INSERT OR REPLACE INTO global_variables VALUES(\"mysql-default_collation_connection\",\"%s\")", ci->name); + db->execute(q); + GloMTH->set_variable((char *)"default_collation_connection",ci->name); + } else { if (strcmp(cic->csname,ci->csname)==0) { // mysql-default_collation_connection and mysql-default_charset are compatible } else { @@ -533,18 +534,18 @@ void ProxySQL_Admin::flush_mysql_variables___database_to_runtime(SQLite3DB *db, // we use charset as source of truth use_collation = false; } - } - if (use_collation) { - proxy_info("Changing mysql-default_charset to %s using configured mysql-default_collation_connection %s\n", cic->csname, cic->name); - sprintf(q,"INSERT OR REPLACE INTO global_variables VALUES(\"mysql-default_charset\",\"%s\")", cic->csname); - db->execute(q); - GloMTH->set_variable((char *)"default_charset",cic->csname); - } else { - proxy_info("Changing mysql-default_collation_connection to %s using configured mysql-default_charset: %s\n", ci->name, ci->csname); - sprintf(q,"INSERT OR REPLACE INTO global_variables VALUES(\"mysql-default_collation_connection\",\"%s\")", ci->name); - db->execute(q); - GloMTH->set_variable((char *)"default_collation_connection",ci->name); - } + } + if (use_collation) { + proxy_info("Changing mysql-default_charset to %s using configured mysql-default_collation_connection %s\n", cic->csname, cic->name); + snprintf(q, sizeof(q), "INSERT OR REPLACE INTO global_variables VALUES(\"mysql-default_charset\",\"%s\")", cic->csname); + db->execute(q); + GloMTH->set_variable((char *)"default_charset",cic->csname); + } else { + proxy_info("Changing mysql-default_collation_connection to %s using configured mysql-default_charset: %s\n", ci->name, ci->csname); + snprintf(q, sizeof(q), "INSERT OR REPLACE INTO global_variables VALUES(\"mysql-default_collation_connection\",\"%s\")", ci->name); + db->execute(q); + GloMTH->set_variable((char *)"default_collation_connection",ci->name); + } } } } @@ -766,10 +767,10 @@ void ProxySQL_Admin::flush_clickhouse_variables___runtime_to_database(SQLite3DB l+=( varnames[i] ? strlen(varnames[i]) : 6); l+=( val ? strlen(val) : 6); char *query=(char *)malloc(l); - sprintf(query, a, varnames[i], val); + snprintf(query, l, a, varnames[i], val); if (runtime) { db->execute(query); - sprintf(query, b, varnames[i], val); + snprintf(query, l, b, varnames[i], val); } db->execute(query); if (val) @@ -807,35 +808,35 @@ void ProxySQL_Admin::flush_pgsql_variables___database_to_runtime(SQLite3DB* db, if (replace) { char* val = GloPTH->get_variable(r->fields[0]); char q[1000]; - if (val) { - if (strcmp(val, value)) { - proxy_warning("Impossible to set variable %s with value \"%s\". Resetting to current \"%s\".\n", r->fields[0], value, val); - sprintf(q, "INSERT OR REPLACE INTO global_variables VALUES(\"pgsql-%s\",\"%s\")", r->fields[0], val); - db->execute(q); - } - free(val); + if (val) { + if (strcmp(val, value)) { + proxy_warning("Impossible to set variable %s with value \"%s\". Resetting to current \"%s\".\n", r->fields[0], value, val); + snprintf(q, sizeof(q), "INSERT OR REPLACE INTO global_variables VALUES(\"pgsql-%s\",\"%s\")", r->fields[0], val); + db->execute(q); + } + free(val); } - else { - if (strcmp(r->fields[0], (char*)"session_debug") == 0) { - sprintf(q, "DELETE FROM disk.global_variables WHERE variable_name=\"pgsql-%s\"", r->fields[0]); - db->execute(q); - } else { - if (strcmp(r->fields[0], (char*)"forward_autocommit") == 0) { - if (strcasecmp(value, "true") == 0 || strcasecmp(value, "1") == 0) { - proxy_error("Global variable pgsql-forward_autocommit is deprecated. See issue #3253\n"); - } - sprintf(q, "DELETE FROM disk.global_variables WHERE variable_name=\"pgsql-%s\"", r->fields[0]); + if (strcmp(r->fields[0], (char*)"session_debug") == 0) { + snprintf(q, sizeof(q), "DELETE FROM disk.global_variables WHERE variable_name=\"pgsql-%s\"", r->fields[0]); db->execute(q); } + else { + if (strcmp(r->fields[0], (char*)"forward_autocommit") == 0) { + if (strcasecmp(value, "true") == 0 || strcasecmp(value, "1") == 0) { + proxy_error("Global variable pgsql-forward_autocommit is deprecated. See issue #3253\n"); + } + snprintf(q, sizeof(q), "DELETE FROM disk.global_variables WHERE variable_name=\"pgsql-%s\"", r->fields[0]); + db->execute(q); + } else { proxy_warning("Impossible to set not existing variable %s with value \"%s\". Deleting. If the variable name is correct, this version doesn't support it\n", r->fields[0], r->fields[1]); + } } + snprintf(q, sizeof(q), "DELETE FROM global_variables WHERE variable_name=\"pgsql-%s\"", r->fields[0]); + db->execute(q); } - sprintf(q, "DELETE FROM global_variables WHERE variable_name=\"pgsql-%s\"", r->fields[0]); - db->execute(q); } - } } else { if ( @@ -844,13 +845,13 @@ void ProxySQL_Admin::flush_pgsql_variables___database_to_runtime(SQLite3DB* db, ) { char* val = GloPTH->get_variable(r->fields[0]); char q[1000]; - if (val) { - if (strcmp(val, value)) { - proxy_warning("Variable %s with value \"%s\" is being replaced with value \"%s\".\n", r->fields[0], value, val); - sprintf(q, "INSERT OR REPLACE INTO global_variables VALUES(\"pgsql-%s\",\"%s\")", r->fields[0], val); - db->execute(q); - } - free(val); + if (val) { + if (strcmp(val, value)) { + proxy_warning("Variable %s with value \"%s\" is being replaced with value \"%s\".\n", r->fields[0], value, val); + snprintf(q, sizeof(q), "INSERT OR REPLACE INTO global_variables VALUES(\"pgsql-%s\",\"%s\")", r->fields[0], val); + db->execute(q); + } + free(val); } } proxy_debug(PROXY_DEBUG_ADMIN, 4, "Set variable %s with value \"%s\"\n", r->fields[0], value); @@ -876,13 +877,13 @@ void ProxySQL_Admin::flush_pgsql_variables___database_to_runtime(SQLite3DB* db, if (charset_encoding == -1) { // invalid charset_encoding proxy_error("Found an incorrect value for pgsql-default_client_encoding: %s\n", default_client_encoding); - const char* p = pgsql_tracked_variables[PGSQL_CLIENT_ENCODING].default_value; - charset_encoding = PgSQL_Connection::char_to_encoding(p); - assert(charset_encoding != -1); - proxy_info("Resetting pgsql-default_client_encoding to hardcoded default value: %s\n", p); - sprintf(q, "INSERT OR REPLACE INTO global_variables VALUES(\"pgsql-default_client_encoding\",\"%s\")", p); - db->execute(q); - GloPTH->set_variable((char*)"default_client_encoding", p); + const char* p = pgsql_tracked_variables[PGSQL_CLIENT_ENCODING].default_value; + charset_encoding = PgSQL_Connection::char_to_encoding(p); + assert(charset_encoding != -1); + proxy_info("Resetting pgsql-default_client_encoding to hardcoded default value: %s\n", p); + snprintf(q, sizeof(q), "INSERT OR REPLACE INTO global_variables VALUES(\"pgsql-default_client_encoding\",\"%s\")", p); + db->execute(q); + GloPTH->set_variable((char*)"default_client_encoding", p); } free(default_client_encoding); GloPTH->commit(); @@ -910,7 +911,7 @@ void ProxySQL_Admin::flush_pgsql_variables___database_to_runtime(SQLite3DB* db, uint32_t d32[2]; char buf[20]; memcpy(&d32, &hash1, sizeof(hash1)); - sprintf(buf, "0x%0X%0X", d32[0], d32[1]); + snprintf(buf, sizeof(buf), "0x%0X%0X", d32[0], d32[1]); GloVars.checksums_values.mysql_variables.set_checksum(buf); GloVars.checksums_values.mysql_variables.version++; time_t t = time(NULL); @@ -1033,8 +1034,9 @@ void ProxySQL_Admin::flush_genai_variables___runtime_to_database(SQLite3DB* db, char** varnames = GloGATH->get_variables_list(); for (int i = 0; varnames[i]; i++) { char* val = GloGATH->get_variable(varnames[i]); - char* qualified_name = (char*)malloc(strlen(varnames[i]) + 10); - sprintf(qualified_name, "genai-%s", varnames[i]); + size_t qualified_name_len = strlen(varnames[i]) + sizeof("genai-"); + char* qualified_name = (char*)malloc(qualified_name_len); + snprintf(qualified_name, qualified_name_len, "genai-%s", varnames[i]); rc = (*proxy_sqlite3_bind_text)(statement1, 1, qualified_name, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, db); rc = (*proxy_sqlite3_bind_text)(statement1, 2, (val ? val : (char*)""), -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, db); SAFE_SQLITE3_STEP2(statement1); @@ -1172,8 +1174,9 @@ void ProxySQL_Admin::flush_mysql_variables___runtime_to_database(SQLite3DB *db, char **varnames=GloMTH->get_variables_list(); for (int i=0; varnames[i]; i++) { char *val=GloMTH->get_variable(varnames[i]); - char *qualified_name=(char *)malloc(strlen(varnames[i])+7); - sprintf(qualified_name, "mysql-%s", varnames[i]); + size_t qualified_name_len = strlen(varnames[i]) + sizeof("mysql-"); + char *qualified_name=(char *)malloc(qualified_name_len); + snprintf(qualified_name, qualified_name_len, "mysql-%s", varnames[i]); rc=(*proxy_sqlite3_bind_text)(statement1, 1, qualified_name, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, db); rc=(*proxy_sqlite3_bind_text)(statement1, 2, (val ? val : (char *)""), -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, db); SAFE_SQLITE3_STEP2(statement1); @@ -1468,8 +1471,9 @@ void ProxySQL_Admin::flush_mcp_variables___runtime_to_database(SQLite3DB* db, bo for (int i = 0; varnames[i]; i++) { char val[256]; GloMCPH->get_variable(varnames[i], val); - char* qualified_name = (char*)malloc(strlen(varnames[i]) + 8); - sprintf(qualified_name, "mcp-%s", varnames[i]); + size_t qualified_name_len = strlen(varnames[i]) + sizeof("mcp-"); + char* qualified_name = (char*)malloc(qualified_name_len); + snprintf(qualified_name, qualified_name_len, "mcp-%s", varnames[i]); rc = (*proxy_sqlite3_bind_text)(statement1, 1, qualified_name, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, db); rc = (*proxy_sqlite3_bind_text)(statement1, 2, (val ? val : (char*)""), -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, db); SAFE_SQLITE3_STEP2(statement1); @@ -1483,7 +1487,7 @@ void ProxySQL_Admin::flush_mcp_variables___runtime_to_database(SQLite3DB* db, bo // qualified_name already contains the mcp- prefix, so we use %s without prefix int l = strlen(qualified_name) + strlen(val) + 100; char* query = (char*)malloc(l); - sprintf(query, b, qualified_name, val); + snprintf(query, l, b, qualified_name, val); if (i < 3) { proxy_info("MCP: Executing SQL: %s\n", query); } diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp index d5f72052a..12091b6d9 100644 --- a/lib/ProxySQL_Admin.cpp +++ b/lib/ProxySQL_Admin.cpp @@ -990,7 +990,7 @@ int ProxySQL_Admin::FlushDigestTableToDisk(SQLite3DB *_db) { rc=(*proxy_sqlite3_bind_text)(statement32, (idx*15)+3, qds->schemaname, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, sdb); rc=(*proxy_sqlite3_bind_text)(statement32, (idx*15)+4, qds->username, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, sdb); rc=(*proxy_sqlite3_bind_text)(statement32, (idx*15)+5, qds->client_address, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, sdb); - sprintf(qdsp.digest,"0x%016llX", (long long unsigned int)qds->digest); + snprintf(qdsp.digest, sizeof(qdsp.digest),"0x%016llX", (long long unsigned int)qds->digest); rc=(*proxy_sqlite3_bind_text)(statement32, (idx*15)+6, qdsp.digest, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, sdb); if (qds->digest_text) { rc=(*proxy_sqlite3_bind_text)(statement32, (idx*15)+7, qds->digest_text, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, sdb); @@ -1035,7 +1035,7 @@ int ProxySQL_Admin::FlushDigestTableToDisk(SQLite3DB *_db) { rc=(*proxy_sqlite3_bind_text)(statement1, 3, qds->schemaname, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, sdb); rc=(*proxy_sqlite3_bind_text)(statement1, 4, qds->username, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, sdb); rc=(*proxy_sqlite3_bind_text)(statement1, 5, qds->client_address, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, sdb); - sprintf(qdsp.digest,"0x%016llX", (long long unsigned int)qds->digest); + snprintf(qdsp.digest, sizeof(qdsp.digest),"0x%016llX", (long long unsigned int)qds->digest); rc=(*proxy_sqlite3_bind_text)(statement1, 6, qdsp.digest, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, sdb); if (qds->digest_text) { rc=(*proxy_sqlite3_bind_text)(statement1, 7, qds->digest_text, -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, sdb); @@ -1826,8 +1826,8 @@ SQLite3_result * ProxySQL_Admin::generate_show_fields_from(const char *tablename tn[j]=0; SQLite3_result *resultset=NULL; char *q1=(char *)"PRAGMA table_info(%s)"; - char *q2=(char *)malloc(strlen(q1)+strlen(tn)); - sprintf(q2,q1,tn); + char *q2=(char *)malloc(strlen(q1)+strlen(tn)+1); + snprintf(q2, strlen(q1) + strlen(tn) + 1, q1, tn); int affected_rows; int cols; char *error=NULL; @@ -1909,7 +1909,7 @@ SQLite3_result * ProxySQL_Admin::generate_show_table_status(const char *tablenam SQLite3_result *resultset=NULL; char *q1=(char *)"PRAGMA table_info(%s)"; char *q2=(char *)malloc(strlen(q1)+strlen(tn)+32); - sprintf(q2,q1,tn); + snprintf(q2, strlen(q1) + strlen(tn) + 32, q1, tn); int affected_rows; int cols; char *error=NULL; @@ -1961,10 +1961,10 @@ SQLite3_result * ProxySQL_Admin::generate_show_table_status(const char *tablenam pta[2]=(char *)"10"; pta[3]=(char *)"Dynamic"; delete resultset; - sprintf(q2,"SELECT COUNT(*) FROM %s",tn); + snprintf(q2, strlen(q1) + strlen(tn) + 32, "SELECT COUNT(*) FROM %s", tn); admindb->execute_statement(q2, &error , &cols , &affected_rows , &resultset); char buf[20]; - sprintf(buf,"%d",resultset->rows_count); + snprintf(buf, sizeof(buf),"%d",resultset->rows_count); pta[4]=buf; delete resultset; free(q2); @@ -3088,7 +3088,7 @@ void ProxySQL_Admin::dump_mysql_collations() { char *query=(char *)"INSERT INTO mysql_collations VALUES (%d, \"%s\", \"%s\", \"\")"; admindb->execute("DELETE FROM mysql_collations"); do { - sprintf(buf,query,c->nr, c->name, c->csname); + snprintf(buf, sizeof(buf),query,c->nr, c->name, c->csname); admindb->execute(buf); ++c; } while (c[0].nr != 0); @@ -3590,31 +3590,31 @@ char * ProxySQL_Admin::get_variable(char *name) { if (!strcasecmp(name,"stats_credentials")) return s_strdup(variables.stats_credentials); if (!strcasecmp(name,"stats_mysql_connection_pool")) { - sprintf(intbuf,"%d",variables.stats_mysql_connection_pool); + snprintf(intbuf, sizeof(intbuf),"%d",variables.stats_mysql_connection_pool); return strdup(intbuf); } if (!strcasecmp(name,"stats_mysql_connections")) { - sprintf(intbuf,"%d",variables.stats_mysql_connections); + snprintf(intbuf, sizeof(intbuf),"%d",variables.stats_mysql_connections); return strdup(intbuf); } if (!strcasecmp(name,"stats_mysql_query_cache")) { - sprintf(intbuf,"%d",variables.stats_mysql_query_cache); + snprintf(intbuf, sizeof(intbuf),"%d",variables.stats_mysql_query_cache); return strdup(intbuf); } if (!strcasecmp(name,"stats_mysql_query_digest_to_disk")) { - sprintf(intbuf,"%d",variables.stats_mysql_query_digest_to_disk); + snprintf(intbuf, sizeof(intbuf),"%d",variables.stats_mysql_query_digest_to_disk); return strdup(intbuf); } if (!strcasecmp(name,"stats_mysql_eventslog_sync_buffer_to_disk")) { - sprintf(intbuf,"%d",variables.stats_mysql_eventslog_sync_buffer_to_disk); + snprintf(intbuf, sizeof(intbuf),"%d",variables.stats_mysql_eventslog_sync_buffer_to_disk); return strdup(intbuf); } if (!strcasecmp(name,"stats_system_cpu")) { - sprintf(intbuf,"%d",variables.stats_system_cpu); + snprintf(intbuf, sizeof(intbuf),"%d",variables.stats_system_cpu); return strdup(intbuf); } if (!strcasecmp(name,"stats_system_memory")) { - sprintf(intbuf,"%d",variables.stats_system_memory); + snprintf(intbuf, sizeof(intbuf),"%d",variables.stats_system_memory); return strdup(intbuf); } } @@ -3624,43 +3624,43 @@ char * ProxySQL_Admin::get_variable(char *name) { if (!strcasecmp(name,"telnet_admin_ifaces")) return s_strdup(variables.telnet_admin_ifaces); if (!strcasecmp(name,"telnet_stats_ifaces")) return s_strdup(variables.telnet_stats_ifaces); if (!strcasecmp(name,"cluster_check_interval_ms")) { - sprintf(intbuf,"%d",variables.cluster_check_interval_ms); + snprintf(intbuf, sizeof(intbuf),"%d",variables.cluster_check_interval_ms); return strdup(intbuf); } if (!strcasecmp(name,"cluster_check_status_frequency")) { - sprintf(intbuf,"%d",variables.cluster_check_status_frequency); + snprintf(intbuf, sizeof(intbuf),"%d",variables.cluster_check_status_frequency); return strdup(intbuf); } if (!strcasecmp(name,"cluster_mysql_query_rules_diffs_before_sync")) { - sprintf(intbuf,"%d",variables.cluster_mysql_query_rules_diffs_before_sync); + snprintf(intbuf, sizeof(intbuf),"%d",variables.cluster_mysql_query_rules_diffs_before_sync); return strdup(intbuf); } if (!strcasecmp(name,"cluster_mysql_servers_diffs_before_sync")) { - sprintf(intbuf,"%d",variables.cluster_mysql_servers_diffs_before_sync); + snprintf(intbuf, sizeof(intbuf),"%d",variables.cluster_mysql_servers_diffs_before_sync); return strdup(intbuf); } if (!strcasecmp(name,"cluster_mysql_users_diffs_before_sync")) { - sprintf(intbuf,"%d",variables.cluster_mysql_users_diffs_before_sync); + snprintf(intbuf, sizeof(intbuf),"%d",variables.cluster_mysql_users_diffs_before_sync); return strdup(intbuf); } if (!strcasecmp(name,"cluster_proxysql_servers_diffs_before_sync")) { - sprintf(intbuf,"%d",variables.cluster_proxysql_servers_diffs_before_sync); + snprintf(intbuf, sizeof(intbuf),"%d",variables.cluster_proxysql_servers_diffs_before_sync); return strdup(intbuf); } if (!strcasecmp(name,"cluster_mysql_variables_diffs_before_sync")) { - sprintf(intbuf,"%d",variables.cluster_mysql_variables_diffs_before_sync); + snprintf(intbuf, sizeof(intbuf),"%d",variables.cluster_mysql_variables_diffs_before_sync); return strdup(intbuf); } if (!strcasecmp(name,"cluster_admin_variables_diffs_before_sync")) { - sprintf(intbuf,"%d",variables.cluster_admin_variables_diffs_before_sync); + snprintf(intbuf, sizeof(intbuf),"%d",variables.cluster_admin_variables_diffs_before_sync); return strdup(intbuf); } if (!strcasecmp(name,"cluster_ldap_variables_diffs_before_sync")) { - sprintf(intbuf,"%d",variables.cluster_ldap_variables_diffs_before_sync); + snprintf(intbuf, sizeof(intbuf),"%d",variables.cluster_ldap_variables_diffs_before_sync); return strdup(intbuf); } if (!strcasecmp(name,"cluster_mysql_servers_sync_algorithm")) { - sprintf(intbuf, "%d", variables.cluster_mysql_servers_sync_algorithm); + snprintf(intbuf, sizeof(intbuf), "%d", variables.cluster_mysql_servers_sync_algorithm); return strdup(intbuf); } if (!strcasecmp(name,"cluster_mysql_query_rules_save_to_disk")) { @@ -3685,7 +3685,7 @@ char * ProxySQL_Admin::get_variable(char *name) { return strdup((variables.cluster_ldap_variables_save_to_disk ? "true" : "false")); } if (!strcasecmp(name,"refresh_interval")) { - sprintf(intbuf,"%d",variables.refresh_interval); + snprintf(intbuf, sizeof(intbuf),"%d",variables.refresh_interval); return strdup(intbuf); } if (!strcasecmp(name,"read_only")) { @@ -3721,22 +3721,22 @@ char * ProxySQL_Admin::get_variable(char *name) { return strdup((variables.restapi_enabled ? "true" : "false")); } if (!strcasecmp(name,"restapi_port")) { - sprintf(intbuf,"%d",variables.restapi_port); + snprintf(intbuf, sizeof(intbuf),"%d",variables.restapi_port); return strdup(intbuf); } if (!strcasecmp(name,"web_enabled")) { return strdup((variables.web_enabled ? "true" : "false")); } if (!strcasecmp(name,"web_verbosity")) { - sprintf(intbuf, "%d", variables.web_verbosity); + snprintf(intbuf, sizeof(intbuf), "%d", variables.web_verbosity); return strdup(intbuf); } if (!strcasecmp(name,"web_port")) { - sprintf(intbuf,"%d",variables.web_port); + snprintf(intbuf, sizeof(intbuf),"%d",variables.web_port); return strdup(intbuf); } if (!strcasecmp(name,"prometheus_memory_metrics_interval")) { - sprintf(intbuf, "%d", variables.p_memory_metrics_interval); + snprintf(intbuf, sizeof(intbuf), "%d", variables.p_memory_metrics_interval); return strdup(intbuf); } #ifdef DEBUG @@ -3744,24 +3744,25 @@ char * ProxySQL_Admin::get_variable(char *name) { return strdup((variables.debug ? "true" : "false")); } if (!strcasecmp(name,"debug_output")) { - sprintf(intbuf, "%d", debug_output); + snprintf(intbuf, sizeof(intbuf), "%d", debug_output); return strdup(intbuf); } #endif /* DEBUG */ if (!strcasecmp(name,"coredump_generation_interval_ms")) { - sprintf(intbuf,"%d",variables.coredump_generation_interval_ms); + snprintf(intbuf, sizeof(intbuf),"%d",variables.coredump_generation_interval_ms); return strdup(intbuf); } if (!strcasecmp(name,"coredump_generation_threshold")) { - sprintf(intbuf,"%d",variables.coredump_generation_threshold); + snprintf(intbuf, sizeof(intbuf),"%d",variables.coredump_generation_threshold); return strdup(intbuf); } if (!strcasecmp(name, "ssl_keylog_file")) { char* ssl_keylog_file = s_strdup(variables.ssl_keylog_file); if (ssl_keylog_file != NULL && strlen(ssl_keylog_file) > 0) { if ((ssl_keylog_file[0] != '/')) { // relative path - char* tmp_ssl_keylog_file = (char*)malloc(strlen(GloVars.datadir) + strlen(ssl_keylog_file) + 2); - sprintf(tmp_ssl_keylog_file, "%s/%s", GloVars.datadir, ssl_keylog_file); + size_t tmp_ssl_keylog_file_len = strlen(GloVars.datadir) + strlen(ssl_keylog_file) + 2; + char* tmp_ssl_keylog_file = (char*)malloc(tmp_ssl_keylog_file_len); + snprintf(tmp_ssl_keylog_file, tmp_ssl_keylog_file_len, "%s/%s", GloVars.datadir, ssl_keylog_file); free(ssl_keylog_file); ssl_keylog_file = tmp_ssl_keylog_file; } @@ -4555,8 +4556,9 @@ bool ProxySQL_Admin::set_variable(char *name, char *value, bool lock) { // this if (is_absolute_path) { // absolute path sslkeylogfile = strdup(value); } else { // relative path - sslkeylogfile = (char*)malloc(strlen(GloVars.datadir) + strlen(value) + 2); - sprintf(sslkeylogfile, "%s/%s", GloVars.datadir, value); + size_t sslkeylogfile_len = strlen(GloVars.datadir) + strlen(value) + 2; + sslkeylogfile = (char*)malloc(sslkeylogfile_len); + snprintf(sslkeylogfile, sslkeylogfile_len, "%s/%s", GloVars.datadir, value); } if (proxysql_keylog_open(sslkeylogfile) == false) { free(sslkeylogfile); @@ -4731,7 +4733,7 @@ void ProxySQL_Admin::save_mysql_query_rules_from_runtime(bool _runtime) { int l=strlen(o)+4; arg_len+=l; buffs[i]=(char *)malloc(l); - sprintf(buffs[i],"'%s'",o); + snprintf(buffs[i], l, "'%s'", o); if (o!=r->fields[i]) { // there was a copy free(o); } @@ -4739,12 +4741,12 @@ void ProxySQL_Admin::save_mysql_query_rules_from_runtime(bool _runtime) { int l=9; arg_len+=l; buffs[i]=(char *)malloc(l); - sprintf(buffs[i],"NULL"); + snprintf(buffs[i], l, "NULL"); } } char *query=(char *)malloc(strlen(a)+arg_len+32); - sprintf(query,a, + snprintf(query, strlen(a) + arg_len + 32, a, buffs[0], buffs[1], buffs[2], @@ -4817,7 +4819,7 @@ void ProxySQL_Admin::save_pgsql_query_rules_from_runtime(bool _runtime) { int l = strlen(o) + 4; arg_len += l; buffs[i] = (char*)malloc(l); - sprintf(buffs[i], "'%s'", o); + snprintf(buffs[i], l, "'%s'", o); if (o != r->fields[i]) { // there was a copy free(o); } @@ -4826,12 +4828,12 @@ void ProxySQL_Admin::save_pgsql_query_rules_from_runtime(bool _runtime) { int l = 9; arg_len += l; buffs[i] = (char*)malloc(l); - sprintf(buffs[i], "NULL"); + snprintf(buffs[i], l, "NULL"); } } char* query = (char*)malloc(strlen(a) + arg_len + 32); - sprintf(query, a, + snprintf(query, strlen(a) + arg_len + 32, a, buffs[0], buffs[1], buffs[2], @@ -5292,7 +5294,7 @@ void ProxySQL_Admin::flush_debug_levels_runtime_to_database(SQLite3DB *db, bool int l=strlen(a)+100; for (i=0;iexecute(query); free(query); } @@ -5397,7 +5399,7 @@ int ProxySQL_Admin::flush_debug_levels_database_to_runtime(SQLite3DB *db) { for (i=0;iget_url())+strlen(alias)+5; char *cmd=(char *)malloc(l); - sprintf(cmd,a,db2->get_url(), alias); + snprintf(cmd, l, a, db2->get_url(), alias); db1->execute(cmd); free(cmd); } @@ -5758,7 +5760,7 @@ void ProxySQL_Admin::__refresh_users( } uint32_t d32[2]; memcpy(&d32, &hash1, sizeof(hash1)); - sprintf(buf,"0x%0X%0X", d32[0], d32[1]); + snprintf(buf, sizeof(buf),"0x%0X%0X", d32[0], d32[1]); buff = buf; } else { @@ -5845,7 +5847,7 @@ void ProxySQL_Admin::__refresh_pgsql_users( //} uint32_t d32[2]; memcpy(&d32, &hash1, sizeof(hash1)); - sprintf(buf, "0x%0X%0X", d32[0], d32[1]); + snprintf(buf, sizeof(buf), "0x%0X%0X", d32[0], d32[1]); buff = buf; } @@ -5936,8 +5938,9 @@ void ProxySQL_Admin::send_error_msg_to_client(S* sess, const char *msg, uint16_t // Code for MySQL clients MySQL_Data_Stream* myds = sess->client_myds; myds->DSS = STATE_QUERY_SENT_DS; - char* new_msg = (char*)malloc(strlen(msg) + sizeof(prefix_msg)); - sprintf(new_msg, "%s%s", prefix_msg, msg); + size_t new_msg_len = strlen(msg) + sizeof(prefix_msg); + char* new_msg = (char*)malloc(new_msg_len); + snprintf(new_msg, new_msg_len, "%s%s", prefix_msg, msg); myds->myprot.generate_pkt_ERR(true, NULL, NULL, 1, mysql_err_code, (char*)"28000", new_msg); free(new_msg); myds->DSS = STATE_SLEEP; @@ -5945,8 +5948,9 @@ void ProxySQL_Admin::send_error_msg_to_client(S* sess, const char *msg, uint16_t // Code for PostgreSQL clients PgSQL_Data_Stream* myds = sess->client_myds; myds->DSS = STATE_QUERY_SENT_DS; - char* new_msg = (char*)malloc(strlen(msg) + sizeof(prefix_msg)); - sprintf(new_msg, "%s%s", prefix_msg, msg); + size_t new_msg_len = strlen(msg) + sizeof(prefix_msg); + char* new_msg = (char*)malloc(new_msg_len); + snprintf(new_msg, new_msg_len, "%s%s", prefix_msg, msg); myds->myprot.generate_error_packet(true, true, new_msg, PGSQL_ERROR_CODES::ERRCODE_RAISE_EXCEPTION, false); free(new_msg); myds->DSS = STATE_SLEEP; @@ -5974,7 +5978,7 @@ void ProxySQL_Admin::__delete_inactive_users(enum cred_username_type usertype) { else if constexpr (pt == SERVER_TYPE_PGSQL) str = (char*)"SELECT username FROM main.pgsql_users WHERE %s=1 AND active=0"; char *query=(char *)malloc(strlen(str)+15); - sprintf(query,str,(usertype==USERNAME_BACKEND ? "backend" : "frontend")); + snprintf(query, strlen(str) + 15, str, (usertype==USERNAME_BACKEND ? "backend" : "frontend")); admindb->execute_statement(query, &error , &cols , &affected_rows , &resultset); if (error) { proxy_error("Error on %s : %s\n", query, error); @@ -6065,7 +6069,7 @@ SQLite3_result* ProxySQL_Admin::__add_active_users( str = (char*)"SELECT username,password,use_ssl,default_hostgroup,transaction_persistent,fast_forward,max_connections,attributes,comment FROM main.pgsql_users WHERE %s=1 AND active=1 AND default_hostgroup>=0 AND username='%s'"; } query=(char *)malloc(strlen(str)+strlen(__user)+15); - sprintf(query,str,(usertype==USERNAME_BACKEND ? "backend" : "frontend"),__user); + snprintf(query, strlen(str) + strlen(__user) + 15, str, (usertype==USERNAME_BACKEND ? "backend" : "frontend"), __user); admindb->execute_statement(query, &error , &cols , &affected_rows , &resultset); } @@ -6228,7 +6232,7 @@ void ProxySQL_Admin::__add_active_clickhouse_users(char *__user) { str=(char *)"SELECT username,password,max_connections FROM main.clickhouse_users WHERE active=1 AND username='%s'"; query=(char *)malloc(strlen(str)+strlen(__user)+15); //sprintf(query,str,(usertype==USERNAME_BACKEND ? "backend" : "frontend"),__user); - sprintf(query,str,__user); + snprintf(query, strlen(str) + strlen(__user) + 15, str, __user); } #ifdef ADDUSER_STMT_RAW admindb->execute_statement_raw(query, &error , &cols , &affected_rows , &statement); @@ -6815,7 +6819,14 @@ void ProxySQL_Admin::save_clickhouse_users_runtime_to_database(bool _runtime) { } if (_runtime==false) { query=(char *)malloc(strlen(q)+strlen(ad->username)*2+strlen(ad->password)+strlen(ad->default_schema)+256); - sprintf(query, q, ad->username, ad->password, ad->max_connections); + snprintf( + query, + strlen(q)+strlen(ad->username)*2+strlen(ad->password)+strlen(ad->default_schema)+256, + q, + ad->username, + ad->password, + ad->max_connections + ); proxy_debug(PROXY_DEBUG_ADMIN, 4, "%s\n", query); admindb->execute(query); free(query); @@ -6874,7 +6885,7 @@ void ProxySQL_Admin::save_scheduler_runtime_to_database(bool _runtime) { for (i=0; i<5; i++) { if (sr->args[i]) { args[i]=(char *)malloc(strlen(sr->args[i])+4); - sprintf(args[i],"\"%s\"",sr->args[i]); + snprintf(args[i], strlen(sr->args[i]) + 4, "\"%s\"", sr->args[i]); } else { args[i]=(char *)"NULL"; } @@ -6889,7 +6900,7 @@ void ProxySQL_Admin::save_scheduler_runtime_to_database(bool _runtime) { } char *query=(char *)malloc(l); - sprintf(query, q, + snprintf(query, l, q, sr->id, is_active, sr->interval_ms, sr->filename, args[0], args[1], args[2], @@ -7026,7 +7037,7 @@ void ProxySQL_Admin::save_mysql_servers_runtime_to_database(bool _runtime) { char *query=(char *)malloc(strlen(q)+strlen(r->fields[0])+strlen(r->fields[1])+strlen(r->fields[2])+16+l); if (r->fields[3]) { char *o=escape_string_single_quotes(r->fields[3],false); - sprintf(query, q, r->fields[0], r->fields[1], r->fields[2], o); + snprintf(query, strlen(q)+strlen(r->fields[0])+strlen(r->fields[1])+strlen(r->fields[2])+16+l, q, r->fields[0], r->fields[1], r->fields[2], o); if (o!=r->fields[3]) { // there was a copy free(o); } @@ -7380,7 +7391,7 @@ void ProxySQL_Admin::save_pgsql_servers_runtime_to_database(bool _runtime) { char* query = (char*)malloc(strlen(q) + strlen(r->fields[0]) + strlen(r->fields[1]) + strlen(r->fields[2]) + 16 + l); if (r->fields[3]) { char* o = escape_string_single_quotes(r->fields[3], false); - sprintf(query, q, r->fields[0], r->fields[1], r->fields[2], o); + snprintf(query, strlen(q) + strlen(r->fields[0]) + strlen(r->fields[1]) + strlen(r->fields[2]) + 16 + l, q, r->fields[0], r->fields[1], r->fields[2], o); if (o != r->fields[3]) { // there was a copy free(o); } @@ -8037,7 +8048,7 @@ void ProxySQL_Admin::save_mcp_query_rules_from_runtime(bool _runtime) { int l = strlen(o) + 4; arg_len += l; buffs[i] = (char*)malloc(l); - sprintf(buffs[i], "'%s'", o); + snprintf(buffs[i], l, "'%s'", o); if (o != r->fields[i]) { // there was a copy free(o); } @@ -8045,13 +8056,13 @@ void ProxySQL_Admin::save_mcp_query_rules_from_runtime(bool _runtime) { int l = 5; arg_len += l; buffs[i] = (char*)malloc(l); - sprintf(buffs[i], "NULL"); + snprintf(buffs[i], l, "NULL"); } } char* query = (char*)malloc(strlen(a) + arg_len + 32); - sprintf(query, a, + snprintf(query, strlen(a) + arg_len + 32, a, buffs[0], // rule_id buffs[1], // active buffs[2], // username @@ -8148,7 +8159,7 @@ char* ProxySQL_Admin::load_mysql_query_rules_to_runtime(SQLite3_result* SQLite3_ hash1 += hash2; uint32_t d32[2]; memcpy(&d32, &hash1, sizeof(hash1)); - sprintf(buf,"0x%0X%0X", d32[0], d32[1]); + snprintf(buf, sizeof(buf),"0x%0X%0X", d32[0], d32[1]); buff = buf; } else { @@ -8350,7 +8361,7 @@ char* ProxySQL_Admin::load_pgsql_query_rules_to_runtime(SQLite3_result* SQLite3_ hash1 += hash2; uint32_t d32[2]; memcpy(&d32, &hash1, sizeof(hash1)); - sprintf(buf, "0x%0X%0X", d32[0], d32[1]); + snprintf(buf, sizeof(buf), "0x%0X%0X", d32[0], d32[1]); buff = buf; } @@ -8546,7 +8557,7 @@ void ProxySQL_Admin::load_proxysql_servers_to_runtime(bool _lock, const std::str uint32_t d32[2]; char buf[20]; memcpy(&d32, &hash1, sizeof(hash1)); - sprintf(buf,"0x%0X%0X", d32[0], d32[1]); + snprintf(buf, sizeof(buf),"0x%0X%0X", d32[0], d32[1]); GloVars.checksums_values.proxysql_servers.set_checksum(buf); GloVars.checksums_values.proxysql_servers.version++; time_t t = time(NULL); diff --git a/lib/ProxySQL_Admin_Stats.cpp b/lib/ProxySQL_Admin_Stats.cpp index fb6bc6331..fae59fe5a 100644 --- a/lib/ProxySQL_Admin_Stats.cpp +++ b/lib/ProxySQL_Admin_Stats.cpp @@ -227,9 +227,9 @@ void ProxySQL_Admin::stats___memory_metrics() { } (*proxy_sqlite3_status64)(SQLITE_STATUS_MEMORY_USED, ¤t, &highwater, 0); vn=(char *)"SQLite3_memory_bytes"; - sprintf(bu,"%lld",current); + snprintf(bu, sizeof(bu),"%lld",current); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); #ifndef NOJEM @@ -249,39 +249,39 @@ void ProxySQL_Admin::stats___memory_metrics() { // size_t rss_bytes = resident - allocated; // float metadata_pct = ((float)metadata / resident)*100; vn=(char *)"jemalloc_resident"; - sprintf(bu,"%lu",resident); + snprintf(bu, sizeof(bu),"%lu",resident); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); vn=(char *)"jemalloc_active"; - sprintf(bu,"%lu",active); + snprintf(bu, sizeof(bu),"%lu",active); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); vn=(char *)"jemalloc_allocated"; - sprintf(bu,"%lu",allocated); + snprintf(bu, sizeof(bu),"%lu",allocated); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); vn=(char *)"jemalloc_mapped"; - sprintf(bu,"%lu",mapped); + snprintf(bu, sizeof(bu),"%lu",mapped); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); vn=(char *)"jemalloc_metadata"; - sprintf(bu,"%lu",metadata); + snprintf(bu, sizeof(bu),"%lu",metadata); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); vn=(char *)"jemalloc_retained"; - sprintf(bu,"%lu",retained); + snprintf(bu, sizeof(bu),"%lu",retained); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); } @@ -290,9 +290,9 @@ void ProxySQL_Admin::stats___memory_metrics() { if (GloMyAuth) { unsigned long mu = GloMyAuth->memory_usage(); vn=(char *)"Auth_memory"; - sprintf(bu,"%lu",mu); + snprintf(bu, sizeof(bu),"%lu",mu); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); } @@ -301,36 +301,36 @@ void ProxySQL_Admin::stats___memory_metrics() { if (GloMyQPro) { unsigned long long mu = GloMyQPro->get_query_digests_total_size(); vn=(char *)"mysql_query_digest_memory"; - sprintf(bu,"%llu",mu); + snprintf(bu, sizeof(bu),"%llu",mu); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); } if (GloMyQPro) { unsigned long long mu = GloMyQPro->get_rules_mem_used(); vn=(char *)"mysql_query_rules_memory"; - sprintf(bu,"%llu",mu); + snprintf(bu, sizeof(bu),"%llu",mu); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); } if (GloPgQPro) { unsigned long long mu = GloPgQPro->get_query_digests_total_size(); vn = (char*)"pgsql_query_digest_memory"; - sprintf(bu, "%llu", mu); + snprintf(bu, sizeof(bu), "%llu", mu); query = (char*)malloc(strlen(a) + strlen(vn) + strlen(bu) + 16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); } if (GloPgQPro) { unsigned long long mu = GloPgQPro->get_rules_mem_used(); vn = (char*)"pgsql_query_rules_memory"; - sprintf(bu, "%llu", mu); + snprintf(bu, sizeof(bu), "%llu", mu); query = (char*)malloc(strlen(a) + strlen(vn) + strlen(bu) + 16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); } @@ -339,15 +339,15 @@ void ProxySQL_Admin::stats___memory_metrics() { uint64_t prep_stmt_backend_mem_usage; GloMyStmt->get_memory_usage(prep_stmt_metadata_mem_usage, prep_stmt_backend_mem_usage); vn = (char*)"prepare_statement_metadata_memory"; - sprintf(bu, "%lu", prep_stmt_metadata_mem_usage); + snprintf(bu, sizeof(bu), "%lu", prep_stmt_metadata_mem_usage); query=(char*)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); vn = (char*)"prepare_statement_backend_memory"; - sprintf(bu, "%lu", prep_stmt_backend_mem_usage); + snprintf(bu, sizeof(bu), "%lu", prep_stmt_backend_mem_usage); query=(char*)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); } @@ -355,30 +355,30 @@ void ProxySQL_Admin::stats___memory_metrics() { unsigned long long mu = 0; mu = GloMyQPro->get_firewall_memory_users_table(); vn=(char *)"mysql_firewall_users_table"; - sprintf(bu,"%llu",mu); + snprintf(bu, sizeof(bu),"%llu",mu); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); mu = GloMyQPro->get_firewall_memory_users_config(); vn=(char *)"mysql_firewall_users_config"; - sprintf(bu,"%llu",mu); + snprintf(bu, sizeof(bu),"%llu",mu); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); mu = GloMyQPro->get_firewall_memory_rules_table(); vn=(char *)"mysql_firewall_rules_table"; - sprintf(bu,"%llu",mu); + snprintf(bu, sizeof(bu),"%llu",mu); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); mu = GloMyQPro->get_firewall_memory_rules_config(); vn=(char *)"mysql_firewall_rules_config"; - sprintf(bu,"%llu",mu); + snprintf(bu, sizeof(bu),"%llu",mu); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); } @@ -387,23 +387,23 @@ void ProxySQL_Admin::stats___memory_metrics() { unsigned long mu; mu = __sync_fetch_and_add(&GloVars.statuses.stack_memory_mysql_threads,0); vn=(char *)"stack_memory_mysql_threads"; - sprintf(bu,"%lu",mu); + snprintf(bu, sizeof(bu),"%lu",mu); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); mu = __sync_fetch_and_add(&GloVars.statuses.stack_memory_admin_threads,0); vn=(char *)"stack_memory_admin_threads"; - sprintf(bu,"%lu",mu); + snprintf(bu, sizeof(bu),"%lu",mu); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); mu = __sync_fetch_and_add(&GloVars.statuses.stack_memory_cluster_threads,0); vn=(char *)"stack_memory_cluster_threads"; - sprintf(bu,"%lu",mu); + snprintf(bu, sizeof(bu),"%lu",mu); query=(char *)malloc(strlen(a)+strlen(vn)+strlen(bu)+16); - sprintf(query,a,vn,bu); + snprintf(query, strlen(a)+strlen(vn)+strlen(bu)+16, a, vn, bu); statsdb->execute(query); free(query); } @@ -494,17 +494,17 @@ const void sqlite3_global_stats_row_step( char buf[32] = { 0 }; if constexpr (std::is_same_v) { - sprintf(buf, "%d", val); + snprintf(buf, sizeof(buf), "%d", val); } else if constexpr (std::is_same_v) { - sprintf(buf, "%lu", (unsigned long)val); + snprintf(buf, sizeof(buf), "%lu", (unsigned long)val); } else if constexpr (std::is_same_v) { - sprintf(buf, "%lu", val); + snprintf(buf, sizeof(buf), "%lu", val); } else if constexpr (std::is_same_v) { - sprintf(buf, "%llu", val); + snprintf(buf, sizeof(buf), "%llu", val); } else if constexpr (std::is_same_v) { - sprintf(buf, "%lld", val); + snprintf(buf, sizeof(buf), "%lld", val); } else if constexpr (std::is_same_v) { - sprintf(buf, "%s", val ? "true" : "false"); + snprintf(buf, sizeof(buf), "%s", val ? "true" : "false"); } else { static_assert(always_false, "Non-exhaustive switch"); } @@ -639,7 +639,7 @@ void ProxySQL_Admin::stats___pgsql_global() { arg_len += strlen(r->fields[i]); } char* query = (char*)malloc(strlen(a) + arg_len + 32); - sprintf(query, a, r->fields[0], r->fields[1]); + snprintf(query, strlen(a) + arg_len + 32, a, r->fields[0], r->fields[1]); statsdb->execute(query); free(query); } @@ -655,7 +655,7 @@ void ProxySQL_Admin::stats___pgsql_global() { arg_len += strlen(r->fields[i]); } char* query = (char*)malloc(strlen(a) + arg_len + 32); - sprintf(query, a, r->fields[0], r->fields[1]); + snprintf(query, strlen(a) + arg_len + 32, a, r->fields[0], r->fields[1]); statsdb->execute(query); free(query); } @@ -670,17 +670,17 @@ void ProxySQL_Admin::stats___pgsql_global() { char* vn = NULL; char* query = NULL; vn = (char*)"SQLite3_memory_bytes"; - sprintf(bu, "%lld", current); + snprintf(bu, sizeof(bu), "%lld", current); query = (char*)malloc(strlen(a) + strlen(vn) + strlen(bu) + 16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); unsigned long long connpool_mem = PgHGM->Get_Memory_Stats(); vn = (char*)"ConnPool_memory_bytes"; - sprintf(bu, "%llu", connpool_mem); + snprintf(bu, sizeof(bu), "%llu", connpool_mem); query = (char*)malloc(strlen(a) + strlen(vn) + strlen(bu) + 16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); @@ -693,39 +693,39 @@ void ProxySQL_Admin::stats___pgsql_global() { uint64_t stmt_server_active_total = 0; GloPgStmt->get_metrics(&stmt_client_active_unique, &stmt_client_active_total, &stmt_max_stmt_id, &stmt_cached, &stmt_server_active_unique, &stmt_server_active_total); vn = (char*)"Stmt_Client_Active_Total"; - sprintf(bu, "%lu", stmt_client_active_total); + snprintf(bu, sizeof(bu), "%lu", stmt_client_active_total); query = (char*)malloc(strlen(a) + strlen(vn) + strlen(bu) + 16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); vn = (char*)"Stmt_Client_Active_Unique"; - sprintf(bu, "%lu", stmt_client_active_unique); + snprintf(bu, sizeof(bu), "%lu", stmt_client_active_unique); query = (char*)malloc(strlen(a) + strlen(vn) + strlen(bu) + 16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); vn = (char*)"Stmt_Server_Active_Total"; - sprintf(bu, "%lu", stmt_server_active_total); + snprintf(bu, sizeof(bu), "%lu", stmt_server_active_total); query = (char*)malloc(strlen(a) + strlen(vn) + strlen(bu) + 16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); vn = (char*)"Stmt_Server_Active_Unique"; - sprintf(bu, "%lu", stmt_server_active_unique); + snprintf(bu, sizeof(bu), "%lu", stmt_server_active_unique); query = (char*)malloc(strlen(a) + strlen(vn) + strlen(bu) + 16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); vn = (char*)"Stmt_Max_Stmt_id"; - sprintf(bu, "%lu", stmt_max_stmt_id); + snprintf(bu, sizeof(bu), "%lu", stmt_max_stmt_id); query = (char*)malloc(strlen(a) + strlen(vn) + strlen(bu) + 16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); vn = (char*)"Stmt_Cached"; - sprintf(bu, "%lu", stmt_cached); + snprintf(bu, sizeof(bu), "%lu", stmt_cached); query = (char*)malloc(strlen(a) + strlen(vn) + strlen(bu) + 16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); } @@ -738,7 +738,7 @@ void ProxySQL_Admin::stats___pgsql_global() { arg_len += strlen(r->fields[i]); } char* query = (char*)malloc(strlen(a) + arg_len + 32); - sprintf(query, a, r->fields[0], r->fields[1]); + snprintf(query, strlen(a) + arg_len + 32, a, r->fields[0], r->fields[1]); statsdb->execute(query); free(query); } @@ -756,7 +756,7 @@ void ProxySQL_Admin::stats___pgsql_global() { arg_len += strlen(r->fields[i]); } char* query = (char*)malloc(strlen(a) + arg_len + 32); - sprintf(query, a, r->fields[0], r->fields[1]); + snprintf(query, strlen(a) + arg_len + 32, a, r->fields[0], r->fields[1]); statsdb->execute(query); free(query); } @@ -768,17 +768,17 @@ void ProxySQL_Admin::stats___pgsql_global() { if (GloPgQPro) { unsigned long long mu = GloPgQPro->get_new_req_conns_count(); vn = (char*)"new_req_conns_count"; - sprintf(bu, "%llu", mu); + snprintf(bu, sizeof(bu), "%llu", mu); query = (char*)malloc(strlen(a) + strlen(vn) + strlen(bu) + 16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); } { vn = (char*)"pgsql_listener_paused"; - sprintf(bu, "%s", (admin_proxysql_pgsql_paused == true ? "true" : "false")); + snprintf(bu, sizeof(bu), "%s", (admin_proxysql_pgsql_paused == true ? "true" : "false")); query = (char*)malloc(strlen(a) + strlen(vn) + strlen(bu) + 16); - sprintf(query, a, vn, bu); + snprintf(query, strlen(a) + strlen(vn) + strlen(bu) + 16, a, vn, bu); statsdb->execute(query); free(query); } @@ -1091,7 +1091,7 @@ void ProxySQL_Admin::stats___mysql_connection_pool(bool _reset) { arg_len+=strlen(r->fields[i]); } char *query=(char *)malloc(strlen(a)+arg_len+32); - sprintf(query,a,r->fields[0],r->fields[1],r->fields[2],r->fields[3],r->fields[4],r->fields[5],r->fields[6],r->fields[7],r->fields[8],r->fields[9],r->fields[10],r->fields[11],r->fields[12],r->fields[13]); + snprintf(query, strlen(a)+arg_len+32, a,r->fields[0],r->fields[1],r->fields[2],r->fields[3],r->fields[4],r->fields[5],r->fields[6],r->fields[7],r->fields[8],r->fields[9],r->fields[10],r->fields[11],r->fields[12],r->fields[13]); statsdb->execute(query); free(query); } @@ -1117,7 +1117,7 @@ void ProxySQL_Admin::stats___pgsql_connection_pool(bool _reset) { arg_len += strlen(r->fields[i]); } char* query = (char*)malloc(strlen(a) + arg_len + 32); - sprintf(query, a, r->fields[0], r->fields[1], r->fields[2], r->fields[3], r->fields[4], r->fields[5], r->fields[6], r->fields[7], r->fields[8], r->fields[9], r->fields[10], r->fields[11], r->fields[12]); + snprintf(query, strlen(a) + arg_len + 32, a, r->fields[0], r->fields[1], r->fields[2], r->fields[3], r->fields[4], r->fields[5], r->fields[6], r->fields[7], r->fields[8], r->fields[9], r->fields[10], r->fields[11], r->fields[12]); statsdb->execute(query); free(query); } @@ -1340,7 +1340,7 @@ void ProxySQL_Admin::stats___mysql_commands_counters() { arg_len+=strlen(r->fields[i]); } char *query=(char *)malloc(strlen(a)+arg_len+32); - sprintf(query,a,r->fields[0],r->fields[1],r->fields[2],r->fields[3],r->fields[4],r->fields[5],r->fields[6],r->fields[7],r->fields[8],r->fields[9],r->fields[10],r->fields[11],r->fields[12],r->fields[13],r->fields[14]); + snprintf(query, strlen(a)+arg_len+32, a,r->fields[0],r->fields[1],r->fields[2],r->fields[3],r->fields[4],r->fields[5],r->fields[6],r->fields[7],r->fields[8],r->fields[9],r->fields[10],r->fields[11],r->fields[12],r->fields[13],r->fields[14]); statsdb->execute(query); free(query); } @@ -1362,7 +1362,7 @@ void ProxySQL_Admin::stats___pgsql_commands_counters() { arg_len += strlen(r->fields[i]); } char* query = (char*)malloc(strlen(a) + arg_len + 32); - sprintf(query, a, r->fields[0], r->fields[1], r->fields[2], r->fields[3], r->fields[4], r->fields[5], r->fields[6], r->fields[7], r->fields[8], r->fields[9], r->fields[10], r->fields[11], r->fields[12], r->fields[13], r->fields[14]); + snprintf(query, strlen(a) + arg_len + 32, a, r->fields[0], r->fields[1], r->fields[2], r->fields[3], r->fields[4], r->fields[5], r->fields[6], r->fields[7], r->fields[8], r->fields[9], r->fields[10], r->fields[11], r->fields[12], r->fields[13], r->fields[14]); statsdb->execute(query); free(query); } @@ -1384,7 +1384,7 @@ void ProxySQL_Admin::stats___mysql_query_rules() { arg_len+=strlen(r->fields[i]); } char *query=(char *)malloc(strlen(a)+arg_len+32); - sprintf(query,a,r->fields[0],r->fields[1]); + snprintf(query, strlen(a)+arg_len+32, a,r->fields[0],r->fields[1]); statsdb->execute(query); free(query); } @@ -1406,7 +1406,7 @@ void ProxySQL_Admin::stats___pgsql_query_rules() { arg_len += strlen(r->fields[i]); } char* query = (char*)malloc(strlen(a) + arg_len + 32); - sprintf(query, a, r->fields[0], r->fields[1]); + snprintf(query, strlen(a) + arg_len + 32, a, r->fields[0], r->fields[1]); statsdb->execute(query); free(query); } @@ -1712,7 +1712,7 @@ int ProxySQL_Admin::stats___save_mysql_query_digest_to_sqlite( SQLite3_row *row = resultset ? resultset->rows[i] : NULL; char digest_hex_str[20]; // 2+sizeof(unsigned long long)*2+2 if (!resultset) { - sprintf(digest_hex_str, "0x%016llX", (long long unsigned int)qds->digest); + snprintf(digest_hex_str, sizeof(digest_hex_str), "0x%016llX", (long long unsigned int)qds->digest); } int idx=row_idx%32; if (row_idxfields[10],r->fields[0],r->fields[1],r->fields[2],r->fields[3],r->fields[4],r->fields[5],r->fields[6],r->fields[7],r->fields[8],r->fields[9]); + snprintf(query, strlen(a)+arg_len+32, a,r->fields[10],r->fields[0],r->fields[1],r->fields[2],r->fields[3],r->fields[4],r->fields[5],r->fields[6],r->fields[7],r->fields[8],r->fields[9]); statsdb->execute(query); free(query); }