[nextion] Replace to_string with stack buffer and fix unsafe sprintf

esphome/components/nextion/nextion.cpp

@@ -1,6 +1,7 @@
 #include "nextion.h"
 #include <cinttypes>
 #include "esphome/core/application.h"
+#include "esphome/core/helpers.h"
 #include "esphome/core/log.h"
 #include "esphome/core/util.h"
 
@@ -1283,8 +1284,9 @@ void Nextion::check_pending_waveform_() {
   size_t buffer_to_send = component->get_wave_buffer_size() < 255 ? component->get_wave_buffer_size()
                                                                   : 255;  // ADDT command can only send 255
 
-  std::string command = "addt " + to_string(component->get_component_id()) + "," +
-                        to_string(component->get_wave_channel_id()) + "," + to_string(buffer_to_send);
+  char command[24];  // "addt " + uint8 + "," + uint8 + "," + uint8 + null = max 17 chars
+  buf_append_printf(command, sizeof(command), 0, "addt %u,%u,%zu", component->get_component_id(),
+                    component->get_wave_channel_id(), buffer_to_send);
   if (!this->send_command_(command)) {
     delete nb;  // NOLINT(cppcoreguidelines-owning-memory)
     this->waveform_queue_.pop_front();

esphome/components/nextion/nextion_upload_arduino.cpp

@@ -34,7 +34,7 @@ int Nextion::upload_by_chunks_(HTTPClient &http_client, uint32_t &range_start) {
   }
 
   char range_header[32];
-  sprintf(range_header, "bytes=%" PRIu32 "-%" PRIu32, range_start, range_end);
+  buf_append_printf(range_header, sizeof(range_header), 0, "bytes=%" PRIu32 "-%" PRIu32, range_start, range_end);
   ESP_LOGV(TAG, "Range: %s", range_header);
   http_client.addHeader("Range", range_header);
   int code = http_client.GET();

esphome/components/nextion/nextion_upload_esp32.cpp

@@ -36,7 +36,7 @@ int Nextion::upload_by_chunks_(esp_http_client_handle_t http_client, uint32_t &r
   }
 
   char range_header[32];
-  sprintf(range_header, "bytes=%" PRIu32 "-%" PRIu32, range_start, range_end);
+  buf_append_printf(range_header, sizeof(range_header), 0, "bytes=%" PRIu32 "-%" PRIu32, range_start, range_end);
   ESP_LOGV(TAG, "Range: %s", range_header);
   esp_http_client_set_header(http_client, "Range", range_header);
   ESP_LOGV(TAG, "Open HTTP");

esphome/components/tormatic/tormatic_protocol.h

@@ -55,7 +55,6 @@ enum MessageType : uint16_t {
   COMMAND = 0x0106,
 };
 
-// Max string length: 7 ("Unknown"/"Command"). Update print() buffer sizes if adding longer strings.
 inline const char *message_type_to_str(MessageType t) {
   switch (t) {
     case STATUS:
@@ -84,11 +83,7 @@ struct MessageHeader {
   }
 
   std::string print() {
-    // 64 bytes: "MessageHeader: seq " + uint16 + ", len " + uint32 + ", type " + type + safety margin
-    char buf[64];
-    buf_append_printf(buf, sizeof(buf), 0, "MessageHeader: seq %d, len %d, type %s", this->seq, this->len,
-                      message_type_to_str(this->type));
-    return buf;
+    return str_sprintf("MessageHeader: seq %d, len %d, type %s", this->seq, this->len, message_type_to_str(this->type));
   }
 
   void byteswap() {
@@ -136,7 +131,6 @@ inline CoverOperation gate_status_to_cover_operation(GateStatus s) {
   return COVER_OPERATION_IDLE;
 }
 
-// Max string length: 11 ("Ventilating"). Update print() buffer sizes if adding longer strings.
 inline const char *gate_status_to_str(GateStatus s) {
   switch (s) {
     case PAUSED:
@@ -176,12 +170,7 @@ struct StatusReply {
   GateStatus state;
   uint8_t trailer = 0x0;
 
-  std::string print() {
-    // 48 bytes: "StatusReply: state " (19) + state (11) + safety margin
-    char buf[48];
-    buf_append_printf(buf, sizeof(buf), 0, "StatusReply: state %s", gate_status_to_str(this->state));
-    return buf;
-  }
+  std::string print() { return str_sprintf("StatusReply: state %s", gate_status_to_str(this->state)); }
 
   void byteswap(){};
 } __attribute__((packed));
@@ -213,12 +202,7 @@ struct CommandRequestReply {
   CommandRequestReply() = default;
   CommandRequestReply(GateStatus state) { this->state = state; }
 
-  std::string print() {
-    // 56 bytes: "CommandRequestReply: state " (27) + state (11) + safety margin
-    char buf[56];
-    buf_append_printf(buf, sizeof(buf), 0, "CommandRequestReply: state %s", gate_status_to_str(this->state));
-    return buf;
-  }
+  std::string print() { return str_sprintf("CommandRequestReply: state %s", gate_status_to_str(this->state)); }
 
   void byteswap() { this->type = convert_big_endian(this->type); }
 } __attribute__((packed));