Convert callers to safer forms from base::snprintf().

Prefer base::SpanPrintf() which can deduce size, and will not
require a future UNSAFE_BUFFERS() wrapper.

Change-Id: I013a44288472a8f28861aae7a93ebdee0cea0a56
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6102956
Auto-Submit: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Owners-Override: Peter Kasting <pkasting@chromium.org>
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Code-Coverage: findit-for-me@appspot.gserviceaccount.com <findit-for-me@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#1402601}

base/linux_util.cc

@@ -22,6 +22,7 @@
 #include "base/files/file_util.h"
 #include "base/files/scoped_file.h"
 #include "base/strings/safe_sprintf.h"
+#include "base/strings/span_printf.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_split.h"
 #include "base/strings/string_tokenizer.h"
@@ -183,7 +184,7 @@ pid_t FindThreadIDWithSyscall(pid_t pid,
   std::vector<char> syscall_data(expected_data.size());
   for (pid_t tid : tids) {
     char buf[256];
-    snprintf(buf, sizeof(buf), "/proc/%d/task/%d/syscall", pid, tid);
+    base::SpanPrintf(buf, "/proc/%d/task/%d/syscall", pid, tid);
     ScopedFD fd(open(buf, O_RDONLY));
     if (!fd.is_valid()) {
       continue;
@@ -212,7 +213,7 @@ pid_t FindThreadID(pid_t pid, pid_t ns_tid, bool* ns_pid_supported) {
 
   for (pid_t tid : tids) {
     char buf[256];
-    snprintf(buf, sizeof(buf), "/proc/%d/task/%d/status", pid, tid);
+    base::SpanPrintf(buf, "/proc/%d/task/%d/status", pid, tid);
     std::string status;
     if (!ReadFileToString(FilePath(buf), &status)) {
       return -1;

base/strings/stringprintf.cc

@@ -11,6 +11,7 @@
 
 #include "base/logging.h"
 #include "base/scoped_clear_last_error.h"
+#include "base/strings/span_printf.h"
 #include "base/strings/string_util.h"
 #include "build/build_config.h"
 
@@ -32,7 +33,7 @@ void StringAppendV(std::string* dst, const char* format, va_list ap) {
   va_copy(ap_copy, ap);
 
   base::ScopedClearLastError last_error;
-  int result = vsnprintf(stack_buf, std::size(stack_buf), format, ap_copy);
+  int result = VSpanPrintf(stack_buf, format, ap_copy);
   va_end(ap_copy);
 
   if (result >= 0 && static_cast<size_t>(result) < std::size(stack_buf)) {
@@ -75,7 +76,7 @@ void StringAppendV(std::string* dst, const char* format, va_list ap) {
     // NOTE: You can only use a va_list once.  Since we're in a while loop, we
     // need to make a new copy each time so we don't use up the original.
     va_copy(ap_copy, ap);
-    result = vsnprintf(&mem_buf[0], mem_length, format, ap_copy);
+    result = VSpanPrintf(mem_buf, format, ap_copy);
     va_end(ap_copy);
 
     if ((result >= 0) && (static_cast<size_t>(result) < mem_length)) {

base/trace_event/memory_dump_manager.cc

@@ -19,7 +19,7 @@
 #include "base/debug/stack_trace.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
-#include "base/strings/string_util.h"
+#include "base/strings/span_printf.h"
 #include "base/task/sequenced_task_runner.h"
 #include "base/task/single_thread_task_runner.h"
 #include "base/threading/thread.h"
@@ -307,7 +307,7 @@ MemoryDumpManager::GetOrCreateBgTaskRunnerLocked() {
 void MemoryDumpManager::CreateProcessDump(const MemoryDumpRequestArgs& args,
                                           ProcessMemoryDumpCallback callback) {
   char guid_str[20];
-  snprintf(guid_str, std::size(guid_str), "0x%" PRIx64, args.dump_guid);
+  base::SpanPrintf(guid_str, "0x%" PRIx64, args.dump_guid);
   TRACE_EVENT_NESTABLE_ASYNC_BEGIN1(kTraceCategory, "ProcessMemoryDump",
                                     TRACE_ID_LOCAL(args.dump_guid), "dump_guid",
                                     TRACE_STR_COPY(guid_str));

cc/animation/keyframe_model.cc

@@ -12,7 +12,7 @@
 
 #include "base/memory/ptr_util.h"
 #include "base/numerics/safe_conversions.h"
-#include "base/strings/string_util.h"
+#include "base/strings/span_printf.h"
 #include "base/strings/stringprintf.h"
 #include "base/trace_event/trace_event.h"
 #include "cc/trees/target_property.h"
@@ -140,8 +140,8 @@ int KeyframeModel::TargetProperty() const {
 void KeyframeModel::SetRunState(RunState new_run_state,
                                 base::TimeTicks monotonic_time) {
   char name_buffer[256];
-  base::snprintf(name_buffer, sizeof(name_buffer), "%s-%d-%d",
-                 curve()->TypeName(), TargetProperty(), group_);
+  base::SpanPrintf(name_buffer, "%s-%d-%d", curve()->TypeName(),
+                   TargetProperty(), group_);
 
   bool is_waiting_to_start =
       run_state() == WAITING_FOR_TARGET_AVAILABILITY || run_state() == STARTING;
@@ -165,8 +165,8 @@ void KeyframeModel::SetRunState(RunState new_run_state,
   }
 
   char state_buffer[256];
-  base::snprintf(state_buffer, sizeof(state_buffer), "%s->%s",
-                 old_run_state_name.c_str(), new_run_state_name.c_str());
+  base::SpanPrintf(state_buffer, "%s->%s", old_run_state_name.c_str(),
+                   new_run_state_name.c_str());
 
   TRACE_EVENT_INSTANT2(
       "cc", "ElementAnimations::SetRunState", TRACE_EVENT_SCOPE_THREAD, "Name",

chrome/browser/ui/sync/profile_signin_confirmation_helper_unittest.cc

@@ -16,7 +16,7 @@
 #include "base/memory/raw_ptr.h"
 #include "base/memory/scoped_refptr.h"
 #include "base/run_loop.h"
-#include "base/strings/string_util.h"
+#include "base/strings/span_printf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "build/build_config.h"
 #include "build/chromeos_buildflags.h"
@@ -246,7 +246,7 @@ TEST_F(ProfileSigninConfirmationHelperTest,
   profile_->SetIsNewProfile(true);
   char buf[18];
   for (int i = 0; i < 10; i++) {
-    base::snprintf(buf, std::size(buf), "http://foo.com/%d", i);
+    base::SpanPrintf(buf, "http://foo.com/%d", i);
     history->AddPage(GURL(std::string(buf)), base::Time::Now(),
                      /*context_id=*/{}, 1, GURL(), history::RedirectList(),
                      ui::PAGE_TRANSITION_LINK, history::SOURCE_BROWSED, false);

extensions/common/extension_api.cc

@@ -17,9 +17,9 @@
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/lazy_instance.h"
+#include "base/strings/span_printf.h"
 #include "base/strings/string_number_conversions.h"
 #include "base/strings/string_split.h"
-#include "base/strings/string_util.h"
 #include "base/values.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/extensions_client.h"
@@ -43,9 +43,9 @@ base::Value::Dict LoadSchemaDictionary(const std::string& name,
 
   // Tracking down http://crbug.com/121424
   char buf[128];
-  base::snprintf(buf, std::size(buf), "%s: (%d) '%s'", name.c_str(),
-                 result.has_value() ? static_cast<int>(result->type()) : -1,
-                 !result.has_value() ? result.error().message.c_str() : "");
+  base::SpanPrintf(buf, "%s: (%d) '%s'", name.c_str(),
+                   result.has_value() ? static_cast<int>(result->type()) : -1,
+                   !result.has_value() ? result.error().message.c_str() : "");
 
   CHECK(result.has_value())
       << result.error().message << " for schema " << schema;

extensions/common/features/feature_provider.cc

@@ -14,6 +14,7 @@
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/metrics/histogram_macros.h"
+#include "base/strings/span_printf.h"
 #include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "base/trace_event/trace_event.h"
@@ -32,14 +33,14 @@ namespace {
 // This is provided in feature_util because for some reason features are prone
 // to mysterious crashes in named map lookups. For example see crbug.com/365192
 // and crbug.com/461915.
-#define CRASH_WITH_MINIDUMP(message)                                           \
-  {                                                                            \
-    std::string message_copy(message);                                         \
-    char minidump[BUFSIZ];                                                     \
-    base::debug::Alias(&minidump);                                             \
-    base::snprintf(minidump, std::size(minidump), "e::%s:%d:\"%s\"", __FILE__, \
-                   __LINE__, message_copy.c_str());                            \
-    LOG(FATAL) << message_copy;                                                \
+#define CRASH_WITH_MINIDUMP(message)                                  \
+  {                                                                   \
+    std::string message_copy(message);                                \
+    char minidump[BUFSIZ];                                            \
+    base::debug::Alias(&minidump);                                    \
+    base::SpanPrintf(minidump, "e::%s:%d:\"%s\"", __FILE__, __LINE__, \
+                     message_copy.c_str());                           \
+    LOG(FATAL) << message_copy;                                       \
   }
 
 class FeatureProviderStatic {

extensions/renderer/dispatcher.cc

@@ -25,7 +25,7 @@
 #include "base/memory/ptr_util.h"
 #include "base/metrics/histogram_functions.h"
 #include "base/metrics/histogram_macros.h"
-#include "base/strings/string_util.h"
+#include "base/strings/span_printf.h"
 #include "base/strings/utf_string_conversions.h"
 #include "base/task/single_thread_task_runner.h"
 #include "base/time/time.h"
@@ -938,8 +938,8 @@ void Dispatcher::ActivateExtension(const ExtensionId& extension_id) {
     std::string& error = extension_load_errors_[extension_id];
     char minidump[256];
     base::debug::Alias(&minidump);
-    base::snprintf(minidump, std::size(minidump), "e::dispatcher:%s:%s",
-                   extension_id.c_str(), error.c_str());
+    base::SpanPrintf(minidump, "e::dispatcher:%s:%s", extension_id.c_str(),
+                     error.c_str());
     LOG(ERROR) << extension_id << " was never loaded: " << error;
     base::debug::DumpWithoutCrashing();
     return;

gin/v8_initializer.cc

@@ -32,8 +32,8 @@
 #include "base/notreached.h"
 #include "base/path_service.h"
 #include "base/rand_util.h"
+#include "base/strings/span_printf.h"
 #include "base/strings/string_split.h"
-#include "base/strings/string_util.h"
 #include "base/system/sys_info.h"
 #include "base/threading/platform_thread.h"
 #include "base/time/time.h"
@@ -196,7 +196,7 @@ void SetV8FlagsFormatted(const char* format, ...) {
   char buffer[128];
   va_list args;
   va_start(args, format);
-  int length = base::vsnprintf(buffer, sizeof(buffer), format, args);
+  int length = base::VSpanPrintf(buffer, format, args);
   if (length <= 0 || sizeof(buffer) <= static_cast<unsigned>(length)) {
     PLOG(ERROR) << "Invalid formatted V8 flag: " << format;
     return;

third_party/blink/renderer/platform/wtf/text/wtf_string.cc

@@ -31,7 +31,7 @@
 #include "base/functional/callback.h"
 #include "base/logging.h"
 #include "base/numerics/safe_conversions.h"
-#include "base/strings/string_util.h"
+#include "base/strings/span_printf.h"
 #include "build/build_config.h"
 #include "third_party/blink/renderer/platform/wtf/dtoa.h"
 #include "third_party/blink/renderer/platform/wtf/math_extras.h"
@@ -205,7 +205,7 @@ String String::Format(const char* format, ...) {
   Vector<char, kDefaultSize> buffer(kDefaultSize);
 
   va_start(args, format);
-  int length = base::vsnprintf(buffer.data(), buffer.size(), format, args);
+  int length = base::VSpanPrintf(buffer, format, args);
   va_end(args);
 
   // TODO(esprehn): This can only happen if there's an encoding error, what's
@@ -226,7 +226,7 @@ String String::Format(const char* format, ...) {
     // Not calling va_end/va_start here happens to work on lots of systems, but
     // fails e.g. on 64bit Linux.
     va_start(args, format);
-    length = base::vsnprintf(buffer.data(), buffer.size(), format, args);
+    length = base::VSpanPrintf(buffer, format, args);
     va_end(args);
   }