From 87779a8c85eec0b71703ed3090a3949761396a15 Mon Sep 17 00:00:00 2001
From: Joseph Hunkeler <jhunkeler@gmail.com>
Date: Wed, 15 Apr 2026 10:10:15 -0400
Subject: Replace sprintf with snprintf

* A few strcpy and strcat changes as well
---
 src/lib/delivery/delivery_install.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/lib/delivery/delivery_install.c')

diff --git a/src/lib/delivery/delivery_install.c b/src/lib/delivery/delivery_install.c
index 2de80cf..fe3bc66 100644
--- a/src/lib/delivery/delivery_install.c
+++ b/src/lib/delivery/delivery_install.c
@@ -222,7 +222,9 @@ int delivery_install_packages(struct Delivery *ctx, char *conda_install_dir, cha
         if (!ctx->meta.based_on) {
             strcat(command_base, " --upgrade");
         }
-        sprintf(command_base + strlen(command_base), " --extra-index-url 'file://%s'", ctx->storage.wheel_artifact_dir);
+        const char *command_base_fmt = " --extra-index-url 'file://%s'";
+        const int len = snprintf(NULL, 0, command_base_fmt, ctx->storage.wheel_artifact_dir);
+        snprintf(command_base + strlen(command_base), sizeof(command_base) - len, command_base_fmt, ctx->storage.wheel_artifact_dir);
     }
 
     size_t args_alloc_len = STASIS_BUFSIZ;
-- 
cgit