From b23db149e387a8013e7ca1c4e05daee60237e217 Mon Sep 17 00:00:00 2001
From: Christoph Oelckers <coelckers@users.noreply.github.com>
Date: Sun, 25 Jul 2021 11:50:23 +0200
Subject: [PATCH] - use snprintf in condError.

While sprintf is generally problematic, it is particularly dangerous here where it is impossible to estimate the length of the messages.
---
 source/games/blood/src/nnexts.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/source/games/blood/src/nnexts.cpp b/source/games/blood/src/nnexts.cpp
index 7188c8e42..69d9c1de1 100644
--- a/source/games/blood/src/nnexts.cpp
+++ b/source/games/blood/src/nnexts.cpp
@@ -3247,10 +3247,10 @@ void condError(XSPRITE* pXCond, const char* pzFormat, ...) {
         break;
     }
     
-    sprintf(buffer, "\n\n%s CONDITION RX: %d, TX: %d, SPRITE: #%d RETURNS:\n", condType.GetChars(), pXCond->rxID, pXCond->txID, pXCond->reference);
+    snprintf(buffer, 512, "\n\n%s CONDITION RX: %d, TX: %d, SPRITE: #%d RETURNS:\n", condType.GetChars(), pXCond->rxID, pXCond->txID, pXCond->reference);
     va_list args;
     va_start(args, pzFormat);
-    vsprintf(buffer2, pzFormat, args);
+    vsnprintf(buffer2, 512, pzFormat, args);
     I_Error("%s%s", buffer, buffer2);
 }