Hi,
as is well known, sprintf() is prone to buffer overflow, hence
snprintf(). libgfortran uses snprintf() in some places, but not
everywhere. Rather than analyzing every sprintf() call for a potential
overflow, the attached patch takes the dogmatic but simple approach of
replacing all the remaining sprintf() usage with snprintf().
For targets without snprintf(), io/list_read.c contained a fallback
macro that uses sprintf(); this is moved to libgfortran.h so that it's
available everywhere.
readelf -s libgfortran.so|grep sprintf
confirms that there is no remaining usage of sprintf().
Regtested on x86_64-unknown-linux-gnu, Ok for trunk?