From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Peter Johnson <johnson.peter@gmail.com>
Date: Mon, 9 Oct 2023 19:28:08 -0700
Subject: [PATCH 11/13] Avoid use of sprintf

---
 src/google/protobuf/stubs/strutil.cc | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/src/google/protobuf/stubs/strutil.cc b/src/google/protobuf/stubs/strutil.cc
index 3462e91ff273dc071628f06b91698a0f166514fc..58e03d0c4aa7c1b0337b5f650283f00117c12baa 100644
--- a/src/google/protobuf/stubs/strutil.cc
+++ b/src/google/protobuf/stubs/strutil.cc
@@ -503,10 +503,18 @@ int CEscapeInternal(const char* src, int src_len, char* dest,
              (last_hex_escape && isxdigit(*src)))) {
           if (dest_len - used < 4) // need space for 4 letter escape
             return -1;
-          sprintf(dest + used, (use_hex ? "\\x%02x" : "\\%03o"),
-                  static_cast<uint8_t>(*src));
+          dest[used++] = '\\';
+          if (use_hex) {
+            constexpr char hexdigits[] = "0123456789abcdef";
+            dest[used++] = 'x';
+            dest[used++] = hexdigits[(static_cast<uint8_t>(*src) >> 4) & 0xf];
+            dest[used++] = hexdigits[static_cast<uint8_t>(*src) & 0xf];
+          } else {
+            dest[used++] = '0' + ((static_cast<uint8_t>(*src) >> 6) & 0x3);
+            dest[used++] = '0' + ((static_cast<uint8_t>(*src) >> 3) & 0x7);
+            dest[used++] = '0' + (static_cast<uint8_t>(*src) & 0x7);
+          }
           is_hex_escape = use_hex;
-          used += 4;
         } else {
           dest[used++] = *src; break;
         }