Buffer overflow in SeBa.C, paramlog string

[evertrol]

The paramlog string is set to contain 90 characters (line 261). But the formatting string on line 353 is about 120 characters long; well over those 90 characters. This can cause a buffer overflow.

Previous versions didn't have the CT_method section of the formatting string, making it shorter (possibly just about 90 characters, depending on the floating point values having 1 or multiple digits on the left side of the decimal dot), so the problem will likely not have shown. This part of the string was introduced in a recent commit, bbd9187.

In addition, certainly in non-optimised compiled code, strings often have some leeway that they can run over their allocated buffer (unintentionally, and basically undefined behaviour), so this may also cause some people to not have come across this error yet (for example, clang 15 on macOS happily runs SeBa, while gcc 11 on Ubuntu 22.04 will throw a buffer overflow error).

One fix is to increase the buffer size, to e.g. 150. In addition, it might be good to use snprintf instead of sprintf, which makes its intention clearer to a future programmer that extends the formatting string. Given that this is C++ code, it may also be useful to use std::string instead, but that probably requires a C++11 flag for the compiler and restructuring more code.

Note that seedlog does not have (yet) this problem, eyeballing the length of the formatting string in line 376.

Here's the actual error (gcc 11 on Ubuntu 22.04):

$ ./SeBa -M 2 -m 1 -e 0.2 -a 200 -T 13500 -z 0.001
random number generator seed = 1714574797
*** buffer overflow detected ***: terminated
zsh: IOT instruction (core dumped)  ./SeBa -M 2 -m 1 -e 0.2 -a 200 -T 13500 -z 0.001

[rieder]

I'd just increase the buffer size in this case.