"sprintf" is NOT an unexploitable function - it can (and has in the past) been used as an exploit for buffer overruns.
By contrast, "snprintf" (note the extra 'n') is MUCH safer, the 'n' being a buffer limit length set by the programmer.
Also it beggars belief that they allow "sprintf" in their coding standard, we use "snprintf" and similar exclusively, to cut down on the possibility of bugs and exploits, and it's usual practice these days for C programmers in industry.
Last edited by a_q; 8th Aug 2019 at 15:44.
Reason: add more detail