use snprintf instead of sprintf

src/pugixml.cpp

@@ -4632,7 +4632,8 @@ PUGI__NS_BEGIN
 	PUGI__FN bool set_value_convert(String& dest, Header& header, uintptr_t header_mask, float value)
 	{
 		char buf[128];
-		sprintf(buf, "%.9g", value);
+		snprintf(buf, 128, "%.9g", value);
+		buf[127] = '\0';
 
 		return set_value_ascii(dest, header, header_mask, buf);
 	}
@@ -4641,7 +4642,8 @@ PUGI__NS_BEGIN
 	PUGI__FN bool set_value_convert(String& dest, Header& header, uintptr_t header_mask, double value)
 	{
 		char buf[128];
-		sprintf(buf, "%.17g", value);
+		snprintf(buf, 128, "%.17g", value);
+		buf[127] = '\0';
 
 		return set_value_ascii(dest, header, header_mask, buf);
 	}
@@ -7997,9 +7999,8 @@ PUGI__NS_BEGIN
 	PUGI__FN void convert_number_to_mantissa_exponent(double value, char* buffer, size_t buffer_size, char** out_mantissa, int* out_exponent)
 	{
 		// get a scientific notation value with IEEE DBL_DIG decimals
-		sprintf(buffer, "%.*e", DBL_DIG, value);
-		assert(strlen(buffer) < buffer_size);
-		(void)!buffer_size;
+		snprintf(buffer, buffer_size, "%.*e", DBL_DIG, value);
+		buffer[buffer_size - 1] = '\0';
 
 		// get the exponent (possibly negative)
 		char* exponent_string = strchr(buffer, 'e');