[R-pkg-devel] Check warning around sprintf: Compiled code should not call entry points which might terminate R nor write to stdout/stderr instead of to the console, nor use Fortran I/O nor system RNGs nor [v]sprintf.

[Iago Giné-Vázquez]

Dear all,

I am updating a CRAN-archived R package, so it can get back to CRAN. But there is a warning produced in Linux OS that I am not sure to understand and I do not know how to solve, even after looking at ‘Writing portable packages’ in the ‘Writing R Extensions’ manual and after searching in the web. The warning is

> * checking compiled code ... WARNING
> File ‘ccckc/libs/ccckc.so’:
> Found ‘sprintf’, possibly from ‘sprintf’ (C)
> Object: ‘criteria.o’
>
> Compiled code should not call entry points which might terminate R nor
> write to stdout/stderr instead of to the console, nor use Fortran I/O
> nor system RNGs nor [v]sprintf.
> See ‘Writing portable packages’ in the ‘Writing R Extensions’ manual.

The package contains both C and Fortran code and in the criteria.c there is only a sprintf use, as follows:

sprintf(msg,"criteria: error (%d) -> %s\n", inErr, errStr);
Rf_error(msg);
May be the reason of the warning the next line the ‘Writing R Extensions’ manual?

> Use ofsprintfandvsprintfis regarded as a potential security risk and warned about on some platforms.[82](https://cran.r-project.org/doc/manuals/R-exts.html#FOOT82)R CMD checkreports if any calls are found.

If that is the reason, is there any alternative to the use of sprintf? Anyway, what can I do?

Thanks you in advance for your time.

Kind regards,
Iago

Sent with [Proton Mail](https://proton.me/) secure email.
	[[alternative HTML version deleted]]