On Nov 16, 2023, at 4:22 PM, McGrath, Justin M <jmcgrath@illinois.edu> wrote:

Hi Matt,
In ODEINT it's called in max_step_checker.hpp.

```
const int m_max_steps;
...
char error_msg[200];
std::sprintf(error_msg, "Max number of iterations exceeded (%d).", m_max_steps);
...
char error_msg[200];
std::sprintf(error_msg, "Max number of iterations exceeded (%d).", m_max_steps);

```

It looks to me that neither of these uses could possibly overflow, but for whatever reason people have latched onto the idea that sprintf should never be used.

Cheers,
Justin

Justin,

It looks like someone filed a PR about a year ago to fix that: https://github.com/boostorg/odeint/pull/58 , but the last commit to ODEINT is spring of 2019. I cc’ed the maintainer so hopefully he sees this.