replace snprintf and the like.

you cannot trust _snprintf in MSVC (no zero-termination).

src/bind_storage.c

@@ -100,7 +100,9 @@ static int tolua_storage_tostring(lua_State * L)
 {
     gamedata *data = (gamedata *)tolua_tousertype(L, 1, 0);
     char name[64];
-    _snprintf(name, sizeof(name), "<gamedata %p ver=%d>", (void *)data, data->version);
+    // safe to use sprintf here, because:
+    // %p is at most 16 characters, %d 20, text is 16, comes to 53 with \0
+    sprintf(name, "<gamedata %p ver=%d>", (void *)data, data->version);
     lua_pushstring(L, name);
     return 1;
 }

src/gmtool.c

@@ -1167,7 +1167,7 @@ static void handlekey(state * st, int c)
             region *first = (mr && mr->r && mr->r->next) ? mr->r->next : regions;
 
             if (findmode == 'f') {
-                snprintf(sbuffer, sizeof(sbuffer), "find-faction: %s", locate);
+                slprintf(sbuffer, sizeof(sbuffer), "find-faction: %s", locate);
                 statusline(st->wnd_status->handle, sbuffer);
                 f = findfaction(atoi36(locate));
                 if (f == NULL) {

src/json.c

@@ -67,13 +67,13 @@ int json_export(stream * out, int flags) {
     cJSON *json, *root = cJSON_CreateObject();
     assert(out && out->api);
     if (regions && (flags & EXPORT_REGIONS)) {
-        char id[32];
+        char id[32]; // TODO: static_assert(INT_MAX < 10^32)
         region * r;
         plane * p;
         cJSON_AddItemToObject(root, "planes", json = cJSON_CreateObject());
         for (p = planes; p; p = p->next) {
             cJSON *data;
-            _snprintf(id, sizeof(id), "%d", p->id);
+            sprintf(id, "%d", p->id); // safe, unless int is bigger than 64 bit
             cJSON_AddItemToObject(json, id, data = cJSON_CreateObject());
             cJSON_AddNumberToObject(data, "x", p->minx);
             cJSON_AddNumberToObject(data, "y", p->miny);
@@ -85,7 +85,7 @@ int json_export(stream * out, int flags) {
         cJSON_AddItemToObject(root, "regions", json = cJSON_CreateObject());
         for (r = regions; r; r = r->next) {
             cJSON *data;
-            _snprintf(id, sizeof(id), "%d", r->uid);
+            sprintf(id, "%d", r->uid); // safe, unless int is bigger than 64 bit
             cJSON_AddItemToObject(json, id, data = cJSON_CreateObject());
             cJSON_AddNumberToObject(data, "x", r->x);
             cJSON_AddNumberToObject(data, "y", r->y);

src/kernel/item.c

@@ -156,7 +156,10 @@ const char *resourcename(const resource_type * rtype, int flags)
         }
         if (flags & NMF_PLURAL) {
             static char name[64]; // FIXME: static return value
-            _snprintf(name, sizeof(name), "%s_p", rtype->_name);
+            size_t len = strlen(rtype->_name);
+            assert(len <= sizeof(name) - 3);
+            memcpy(name, rtype->_name, len);
+            strcpy(name + len, "_p");
             return name;
         }
         return rtype->_name;

src/kernel/jsonconf.c

@@ -523,6 +523,8 @@ static void disable_feature(const char *str) {
     char name[32];
     int k;
     skill_t sk;
+    size_t len;
+
     sk = findskill(str);
     if (sk != NOSKILL) {
         enable_skill(sk, false);
@@ -534,7 +536,10 @@ static void disable_feature(const char *str) {
         enable_keyword(k, false);
         return;
     }
-    _snprintf(name, sizeof(name), "%s.enabled", str);
+    len = strlen(str);
+    assert(len <= sizeof(name) - 9);
+    memcpy(name, str, len);
+    strcpy(name+len, ".enabled");
     log_info("disable feature %s\n", name);
     config_set(name, "0");
 }

src/util/bsdstring.c

@@ -13,7 +13,7 @@ int wrptr(char **ptr, size_t * size, int result)
 {
     size_t bytes = (size_t)result;
     if (result < 0) {
-        // _snprintf buffer was too small
+        // buffer was too small
         if (*size > 0) {
             **ptr = 0;
             *size = 0;