Convert more sprintf calls to snprintf

You could analyze most of these and quickly recognize that there was no
chance of buffer overflow already, but why make everyone spend time doing
that when we can just make it obviously safe?

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

src/ErrDes.c

@@ -109,7 +109,7 @@ XGetErrorText(
 
     if (nbytes == 0) return 0;
     if (code <= BadImplementation && code > 0) {
-	sprintf(buf, "%d", code);
+        snprintf(buf, sizeof(buf), "%d", code);
         (void) XGetErrorDatabaseText(dpy, "XProtoError", buf,
                                      _XErrorList + _XErrorOffsets[code],
 				     buffer, nbytes);
@@ -125,11 +125,12 @@ XGetErrorText(
 	    bext = ext;
     }
     if (!buffer[0] && bext) {
-	sprintf(buf, "%s.%d", bext->name, code - bext->codes.first_error);
+	snprintf(buf, sizeof(buf), "%s.%d",
+                 bext->name, code - bext->codes.first_error);
 	(void) XGetErrorDatabaseText(dpy, "XProtoError", buf, "", buffer, nbytes);
     }
     if (!buffer[0])
-	sprintf(buffer, "%d", code);
+	snprintf(buffer, nbytes, "%d", code);
     return 0;
 }
 
@@ -190,7 +191,7 @@ XGetErrorDatabaseText(
 	else
 	    tptr = Xmalloc (tlen);
 	if (tptr) {
-	    sprintf(tptr, "%s.%s", name, type);
+	    snprintf(tptr, tlen, "%s.%s", name, type);
 	    XrmGetResource(db, tptr, "ErrorType.ErrorNumber",
 	      &type_str, &result);
 	    if (tptr != temp)

src/GetDflt.c

@@ -110,7 +110,7 @@ GetHomeDir(
 	len2 = strlen (ptr2);
     }
     if ((len1 + len2 + 1) < len)
-	sprintf (dest, "%s%s", ptr1, (ptr2) ? ptr2 : "");
+	snprintf (dest, len, "%s%s", ptr1, (ptr2) ? ptr2 : "");
     else
 	*dest = '\0';
 #else

src/KeysymStr.c

@@ -107,7 +107,7 @@ char *XKeysymToString(KeySym ks)
 	XrmQuark empty = NULLQUARK;
 	GRNData data;
 
-	sprintf(buf, "%lX", ks);
+	snprintf(buf, sizeof(buf), "%lX", ks);
 	resval.addr = (XPointer)buf;
 	resval.size = strlen(buf) + 1;
 	data.name = (char *)NULL;

src/XlibInt.c

@@ -1432,7 +1432,7 @@ static int _XPrintDefaultError(
 	mesg, BUFSIZ);
     (void) fprintf(fp, mesg, event->request_code);
     if (event->request_code < 128) {
-	sprintf(number, "%d", event->request_code);
+	snprintf(number, sizeof(number), "%d", event->request_code);
 	XGetErrorDatabaseText(dpy, "XRequest", number, "", buffer, BUFSIZ);
     } else {
 	for (ext = dpy->ext_procs;
@@ -1452,7 +1452,7 @@ static int _XPrintDefaultError(
 	fputs("  ", fp);
 	(void) fprintf(fp, mesg, event->minor_code);
 	if (ext) {
-	    sprintf(mesg, "%s.%d", ext->name, event->minor_code);
+	    snprintf(mesg, sizeof(mesg), "%s.%d", ext->name, event->minor_code);
 	    XGetErrorDatabaseText(dpy, "XRequest", mesg, "", buffer, BUFSIZ);
 	    (void) fprintf(fp, " (%s)", buffer);
 	}
@@ -1475,8 +1475,8 @@ static int _XPrintDefaultError(
 		bext = ext;
 	}
 	if (bext)
-	    sprintf(buffer, "%s.%d", bext->name,
-		    event->error_code - bext->codes.first_error);
+	    snprintf(buffer, sizeof(buffer), "%s.%d", bext->name,
+                     event->error_code - bext->codes.first_error);
 	else
 	    strcpy(buffer, "Value");
 	XGetErrorDatabaseText(dpy, mtype, buffer, "", mesg, BUFSIZ);