Macros are frequently used in the remediation of existing code to globally replace on identifier with another, for example, when an existing API changes. While there is always some risk involved, this practice becomes particularly dangerous (some might say foolish) if a function name is replaced with a less secure function.
...
The vsprintf() function does not check bounds. Consequently, size is discarded, creating the potential for a buffer overflow when untrusted data is used.
Compliant Solution
Include The solution to the above problem is to include an implementation of the missing function vsnprintf() to eliminate the dependency on external library functions when they are not available. This compliant solution assumes that __USE_ISOC99 is not defined on systems that fail to provide a vsnprintf() implementation.
...