Index: TODO
===================================================================
RCS file: /data/cvs/libxen/TODO,v
retrieving revision 1.22
diff -u -r1.22 TODO
--- TODO	21 Mar 2007 15:24:56 -0000	1.22
+++ TODO	23 Mar 2007 14:26:40 -0000
@@ -1,6 +1,5 @@
 TODO:
 - libvirt_virDomainSetMemory should check memory is > 0
-- remove calls from sprintf and use snprintf
 - check how to better handle renaming of domains (xm rename and cache)
 
 - UUID lookup in hash.c
Index: qemud/conf.c
===================================================================
RCS file: /data/cvs/libxen/qemud/conf.c,v
retrieving revision 1.44
diff -u -r1.44 conf.c
--- qemud/conf.c	20 Mar 2007 16:50:42 -0000	1.44
+++ qemud/conf.c	23 Mar 2007 14:26:40 -0000
@@ -1196,8 +1196,8 @@
         (vm->def->graphicsType == QEMUD_GRAPHICS_VNC ? 2 :
          (vm->def->graphicsType == QEMUD_GRAPHICS_SDL ? 0 : 1)); /* graphics */
 
-    sprintf(memory, "%d", vm->def->memory/1024);
-    sprintf(vcpus, "%d", vm->def->vcpus);
+    snprintf(memory, sizeof(memory), "%d", vm->def->memory/1024);
+    snprintf(vcpus, sizeof(vcpus), "%d", vm->def->vcpus);
 
     if (!(*argv = malloc(sizeof(char *) * (len+1))))
         goto no_memory;
Index: src/virsh.c
===================================================================
RCS file: /data/cvs/libxen/src/virsh.c,v
retrieving revision 1.69
diff -u -r1.69 virsh.c
--- src/virsh.c	22 Mar 2007 18:30:57 -0000	1.69
+++ src/virsh.c	23 Mar 2007 14:26:41 -0000
@@ -3282,7 +3282,7 @@
                 continue;
         }
         res = vshMalloc(NULL, strlen(name) + 3);
-        sprintf(res, "--%s", name);
+        snprintf(res, strlen(name) + 3,  "--%s", name);
         return res;
     }
 
Index: src/xend_internal.c
===================================================================
RCS file: /data/cvs/libxen/src/xend_internal.c,v
retrieving revision 1.104
diff -u -r1.104 xend_internal.c
--- src/xend_internal.c	15 Mar 2007 17:24:57 -0000	1.104
+++ src/xend_internal.c	23 Mar 2007 14:26:41 -0000
@@ -799,7 +799,7 @@
         switch (string[i]) {
             case ' ':
             case '\n':
-                sprintf(ptr, "%%%02x", string[i]);
+                snprintf(ptr, 4, "%%%02x", string[i]);
                 ptr += 3;
                 break;
             default:
@@ -2670,7 +2670,7 @@
     /* from bit map, build character string of mapped CPU numbers */
     for (i = 0; i < maplen; i++) for (j = 0; j < 8; j++)
      if (cpumap[i] & (1 << j)) {
-        sprintf(buf, "%d,", (8 * i) + j);
+        snprintf(buf, sizeof(buf), "%d,", (8 * i) + j);
         strcat(mapstr, buf);
     }
     mapstr[strlen(mapstr) - 1] = ']';
Index: src/xs_internal.c
===================================================================
RCS file: /data/cvs/libxen/src/xs_internal.c,v
retrieving revision 1.36
diff -u -r1.36 xs_internal.c
--- src/xs_internal.c	15 Mar 2007 17:24:57 -0000	1.36
+++ src/xs_internal.c	23 Mar 2007 14:26:41 -0000
@@ -818,12 +818,12 @@
     if (maclen <= 0)
         return (NULL);
 
-    sprintf(dir, "/local/domain/0/backend/vif/%d", id);
+    snprintf(dir, sizeof(dir), "/local/domain/0/backend/vif/%d", id);
     list = xs_directory(conn->xshandle, 0, dir, &num);
     if (list == NULL)
 	return(NULL);
     for (i = 0; i < num; i++) {
-	sprintf(path, "%s/%s/%s", dir, list[i], "mac");
+	snprintf(path, sizeof(path), "%s/%s/%s", dir, list[i], "mac");
 	val = xs_read(conn->xshandle, 0, path, &len);
 	if (val == NULL)
 	    break;