From bfcc0e26a367625df7db7165172a4f0846b39421 Mon Sep 17 00:00:00 2001 From: "J. Nick Koston" Date: Sun, 18 Jan 2026 22:22:44 -1000 Subject: [PATCH] [dfrobot_sen0395][pipsolar][sim800l][wl_134] Replace sprintf with snprintf/buf_append_printf (#13301) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- esphome/components/dfrobot_sen0395/commands.h | 8 ++++---- esphome/components/pipsolar/output/pipsolar_output.cpp | 2 +- esphome/components/sim800l/sim800l.cpp | 5 +++-- esphome/components/wl_134/wl_134.cpp | 5 +++-- 4 files changed, 11 insertions(+), 9 deletions(-) diff --git a/esphome/components/dfrobot_sen0395/commands.h b/esphome/components/dfrobot_sen0395/commands.h index cf3ba50be0..3b0551b184 100644 --- a/esphome/components/dfrobot_sen0395/commands.h +++ b/esphome/components/dfrobot_sen0395/commands.h @@ -75,8 +75,8 @@ class SetLatencyCommand : public Command { class SensorCfgStartCommand : public Command { public: SensorCfgStartCommand(bool startup_mode) : startup_mode_(startup_mode) { - char tmp_cmd[20] = {0}; - sprintf(tmp_cmd, "sensorCfgStart %d", startup_mode); + char tmp_cmd[20]; // "sensorCfgStart " (15) + "0/1" (1) + null = 17 + buf_append_printf(tmp_cmd, sizeof(tmp_cmd), 0, "sensorCfgStart %d", startup_mode); cmd_ = std::string(tmp_cmd); } uint8_t on_message(std::string &message) override; @@ -142,8 +142,8 @@ class SensitivityCommand : public Command { SensitivityCommand(uint8_t sensitivity) : sensitivity_(sensitivity) { if (sensitivity > 9) sensitivity_ = sensitivity = 9; - char tmp_cmd[20] = {0}; - sprintf(tmp_cmd, "setSensitivity %d", sensitivity); + char tmp_cmd[20]; // "setSensitivity " (15) + "0-9" (1) + null = 17 + buf_append_printf(tmp_cmd, sizeof(tmp_cmd), 0, "setSensitivity %d", sensitivity); cmd_ = std::string(tmp_cmd); }; uint8_t on_message(std::string &message) override; diff --git a/esphome/components/pipsolar/output/pipsolar_output.cpp b/esphome/components/pipsolar/output/pipsolar_output.cpp index ebfb9a7bbc..60f6342759 100644 --- a/esphome/components/pipsolar/output/pipsolar_output.cpp +++ b/esphome/components/pipsolar/output/pipsolar_output.cpp @@ -8,7 +8,7 @@ namespace pipsolar { static const char *const TAG = "pipsolar.output"; void PipsolarOutput::write_state(float state) { - char tmp[10]; + char tmp[16]; snprintf(tmp, sizeof(tmp), this->set_command_, state); if (std::find(this->possible_values_.begin(), this->possible_values_.end(), state) != this->possible_values_.end()) { diff --git a/esphome/components/sim800l/sim800l.cpp b/esphome/components/sim800l/sim800l.cpp index e3edda0e72..251e18648b 100644 --- a/esphome/components/sim800l/sim800l.cpp +++ b/esphome/components/sim800l/sim800l.cpp @@ -1,4 +1,5 @@ #include "sim800l.h" +#include "esphome/core/helpers.h" #include "esphome/core/log.h" #include @@ -50,8 +51,8 @@ void Sim800LComponent::update() { } else if (state_ == STATE_RECEIVED_SMS) { // Serial Buffer should have flushed. // Send cmd to delete received sms - char delete_cmd[20]; - sprintf(delete_cmd, "AT+CMGD=%d", this->parse_index_); + char delete_cmd[20]; // "AT+CMGD=" (8) + uint8_t (max 3) + null = 12 <= 20 + buf_append_printf(delete_cmd, sizeof(delete_cmd), 0, "AT+CMGD=%d", this->parse_index_); this->send_cmd_(delete_cmd); this->state_ = STATE_CHECK_SMS; this->expect_ack_ = true; diff --git a/esphome/components/wl_134/wl_134.cpp b/esphome/components/wl_134/wl_134.cpp index 20a145d183..a589f71c84 100644 --- a/esphome/components/wl_134/wl_134.cpp +++ b/esphome/components/wl_134/wl_134.cpp @@ -1,4 +1,5 @@ #include "wl_134.h" +#include "esphome/core/helpers.h" #include "esphome/core/log.h" #include @@ -78,8 +79,8 @@ Wl134Component::Rfid134Error Wl134Component::read_packet_() { reading.id, reading.country, reading.isData ? "true" : "false", reading.isAnimal ? "true" : "false", reading.reserved0, reading.reserved1); - char buf[20]; - sprintf(buf, "%03d%012lld", reading.country, reading.id); + char buf[20]; // "%03d" (3) + "%012" PRId64 (12) + null = 16 max + buf_append_printf(buf, sizeof(buf), 0, "%03d%012" PRId64, reading.country, reading.id); this->publish_state(buf); if (this->do_reset_) { this->set_timeout(1000, [this]() { this->publish_state(""); });