use vsnprintf instead of vsprintf

[GoogleCodeExporter]

hi,

vsprintf doesn't check the length of the string, whereas vsnprintf does.

So it's better to use vsnprintf instead, to avoid buffer overruns.

string.c:53

cheers,

Original issue reported on code.google.com by ren...@gmail.com on 25 Sep 2008 at 4:10

[GoogleCodeExporter]

As an additional note...  the fmt argument needs to be validated.  So all uses 
of
tp_printf need to make sure they are getting fmt from a trusted source.

"""
     %n can be used to write arbitrary data to potentially carefully-selected
     addresses.  Programmers are therefore strongly advised to never pass
     untrusted strings as the format argument, as an attacker can put format
     specifiers in the string to mangle your stack, leading to a possible
     security hole.  This holds true even if the string was built using a
     function like snprintf(), as the resulting string may still contain user-
     supplied conversion specifiers for later interpolation by printf().
"""

Original comment by ren...@gmail.com on 25 Sep 2008 at 4:16