prefer 'vsnprintf' to 'vsprintf'

[jameslamb]

Contributes to #5557.

A recent build of the M1Mac CRAN flavor included the following WARNING:

./include/LightGBM/utils/log.h:117:5: warning: 'vsprintf' is deprecated: This function is provided for compatibility reasons only. Due to security concerns inherent in the design of sprintf(3), it is highly recommended that you use vsnprintf(3) instead. [-Wdeprecated-declarations]

This PR proposes replacing uses of vsprintf() in LightGBM with vsnprintf().

Notes for Reviewers

Looking around GitHub, I can see that other projects have been experiencing this warning when upgrading to macOS Ventura + the newest version of XCode. https://github.com/search?q=%22Due+to+security+concerns+inherent+in+the+design+of+sprintf%22&type=issues. So I don't think this is specific to R or to LightGBM.

References

https://linux.die.net/man/3/vsnprintf describes the benefits of vsnprintf(). Basically, it is like vsprintf() but requires that you provide an argument size_t size, the maximum number of bytes that the function will write to the provided buffer. That added safety prevents use of this function to produce a buffer overflow.

I checked, and vsnprintf_s() is also supported in all of the versions of MSVC LightGBM supports.

• Visual Studio 2022 (docs link)
• Visual Studio 2019 (docs link)
• Visual Studio 2017 (docs link)
• Visual Studio 2015 (docs link)

[jameslamb]

@guolinke @shiyu1994 could you please help with a review on this one? I think it's fairly small and noncontroversial, and well help LightGBM to maintain compatible with newer releases of the C/C++ toolchain on macOS.

[guolinke]

LGTM

[github-actions]

This pull request has been automatically locked since there has not been any recent activity since it was closed. To start a new related discussion, open a new issue at https://github.com/microsoft/LightGBM/issues including a reference to this.