[anova] Replace sprintf with bounds-checked alternatives

esphome/components/anova/anova_base.cpp

@@ -18,31 +18,31 @@ AnovaPacket *AnovaCodec::clean_packet_() {
 
 AnovaPacket *AnovaCodec::get_read_device_status_request() {
   this->current_query_ = READ_DEVICE_STATUS;
-  sprintf((char *) this->packet_.data, "%s", CMD_READ_DEVICE_STATUS);
+  strncpy((char *) this->packet_.data, CMD_READ_DEVICE_STATUS, sizeof(this->packet_.data));
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_read_target_temp_request() {
   this->current_query_ = READ_TARGET_TEMPERATURE;
-  sprintf((char *) this->packet_.data, "%s", CMD_READ_TARGET_TEMP);
+  strncpy((char *) this->packet_.data, CMD_READ_TARGET_TEMP, sizeof(this->packet_.data));
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_read_current_temp_request() {
   this->current_query_ = READ_CURRENT_TEMPERATURE;
-  sprintf((char *) this->packet_.data, "%s", CMD_READ_CURRENT_TEMP);
+  strncpy((char *) this->packet_.data, CMD_READ_CURRENT_TEMP, sizeof(this->packet_.data));
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_read_unit_request() {
   this->current_query_ = READ_UNIT;
-  sprintf((char *) this->packet_.data, "%s", CMD_READ_UNIT);
+  strncpy((char *) this->packet_.data, CMD_READ_UNIT, sizeof(this->packet_.data));
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_read_data_request() {
   this->current_query_ = READ_DATA;
-  sprintf((char *) this->packet_.data, "%s", CMD_READ_DATA);
+  strncpy((char *) this->packet_.data, CMD_READ_DATA, sizeof(this->packet_.data));
   return this->clean_packet_();
 }
 
@@ -50,25 +50,25 @@ AnovaPacket *AnovaCodec::get_set_target_temp_request(float temperature) {
   this->current_query_ = SET_TARGET_TEMPERATURE;
   if (this->fahrenheit_)
     temperature = ctof(temperature);
-  sprintf((char *) this->packet_.data, CMD_SET_TARGET_TEMP, temperature);
+  snprintf((char *) this->packet_.data, sizeof(this->packet_.data), CMD_SET_TARGET_TEMP, temperature);
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_set_unit_request(char unit) {
   this->current_query_ = SET_UNIT;
-  sprintf((char *) this->packet_.data, CMD_SET_TEMP_UNIT, unit);
+  snprintf((char *) this->packet_.data, sizeof(this->packet_.data), CMD_SET_TEMP_UNIT, unit);
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_start_request() {
   this->current_query_ = START;
-  sprintf((char *) this->packet_.data, CMD_START);
+  strncpy((char *) this->packet_.data, CMD_START, sizeof(this->packet_.data));
   return this->clean_packet_();
 }
 
 AnovaPacket *AnovaCodec::get_stop_request() {
   this->current_query_ = STOP;
-  sprintf((char *) this->packet_.data, CMD_STOP);
+  strncpy((char *) this->packet_.data, CMD_STOP, sizeof(this->packet_.data));
   return this->clean_packet_();
 }
 

esphome/components/dfrobot_sen0395/commands.h

@@ -75,8 +75,8 @@ class SetLatencyCommand : public Command {
 class SensorCfgStartCommand : public Command {
  public:
   SensorCfgStartCommand(bool startup_mode) : startup_mode_(startup_mode) {
-    char tmp_cmd[20];  // "sensorCfgStart " (15) + "0/1" (1) + null = 17
-    buf_append_printf(tmp_cmd, sizeof(tmp_cmd), 0, "sensorCfgStart %d", startup_mode);
+    char tmp_cmd[20] = {0};
+    sprintf(tmp_cmd, "sensorCfgStart %d", startup_mode);
     cmd_ = std::string(tmp_cmd);
   }
   uint8_t on_message(std::string &message) override;
@@ -142,8 +142,8 @@ class SensitivityCommand : public Command {
   SensitivityCommand(uint8_t sensitivity) : sensitivity_(sensitivity) {
     if (sensitivity > 9)
       sensitivity_ = sensitivity = 9;
-    char tmp_cmd[20];  // "setSensitivity " (15) + "0-9" (1) + null = 17
-    buf_append_printf(tmp_cmd, sizeof(tmp_cmd), 0, "setSensitivity %d", sensitivity);
+    char tmp_cmd[20] = {0};
+    sprintf(tmp_cmd, "setSensitivity %d", sensitivity);
     cmd_ = std::string(tmp_cmd);
   };
   uint8_t on_message(std::string &message) override;

esphome/components/pipsolar/output/pipsolar_output.cpp

@@ -8,8 +8,8 @@ namespace pipsolar {
 static const char *const TAG = "pipsolar.output";
 
 void PipsolarOutput::write_state(float state) {
-  char tmp[16];
-  snprintf(tmp, sizeof(tmp), this->set_command_.c_str(), state);
+  char tmp[10];
+  sprintf(tmp, this->set_command_.c_str(), state);
 
   if (std::find(this->possible_values_.begin(), this->possible_values_.end(), state) != this->possible_values_.end()) {
     ESP_LOGD(TAG, "Will write: %s out of value %f / %02.0f", tmp, state, state);

esphome/components/sim800l/sim800l.cpp

@@ -1,5 +1,4 @@
 #include "sim800l.h"
-#include "esphome/core/helpers.h"
 #include "esphome/core/log.h"
 #include <cstring>
 
@@ -51,8 +50,8 @@ void Sim800LComponent::update() {
   } else if (state_ == STATE_RECEIVED_SMS) {
     // Serial Buffer should have flushed.
     // Send cmd to delete received sms
-    char delete_cmd[20];  // "AT+CMGD=" (8) + uint8_t (max 3) + null = 12 <= 20
-    buf_append_printf(delete_cmd, sizeof(delete_cmd), 0, "AT+CMGD=%d", this->parse_index_);
+    char delete_cmd[20];
+    sprintf(delete_cmd, "AT+CMGD=%d", this->parse_index_);
     this->send_cmd_(delete_cmd);
     this->state_ = STATE_CHECK_SMS;
     this->expect_ack_ = true;

esphome/components/wl_134/wl_134.cpp

@@ -1,5 +1,4 @@
 #include "wl_134.h"
-#include "esphome/core/helpers.h"
 #include "esphome/core/log.h"
 
 #include <cinttypes>
@@ -79,8 +78,8 @@ Wl134Component::Rfid134Error Wl134Component::read_packet_() {
            reading.id, reading.country, reading.isData ? "true" : "false", reading.isAnimal ? "true" : "false",
            reading.reserved0, reading.reserved1);
 
-  char buf[20];  // "%03d" (3) + "%012" PRId64 (12) + null = 16 max
-  buf_append_printf(buf, sizeof(buf), 0, "%03d%012" PRId64, reading.country, reading.id);
+  char buf[20];
+  sprintf(buf, "%03d%012lld", reading.country, reading.id);
   this->publish_state(buf);
   if (this->do_reset_) {
     this->set_timeout(1000, [this]() { this->publish_state(""); });