Yesterday tikzDevice version 0.12.4 made it unto CRAN and is now propagating to the mirrors.
The tikzDevice package provides a graphics output device for R that records plots in a LaTeX-friendly format. The device transforms plotting commands issued by R functions into LaTeX code blocks. When included in a paper typeset by LaTeX, these blocks are interpreted with the help of TikZ—a graphics package for TeX and friends written by Till Tantau.
In this release I finally merged PR #206 from Paul Murrell to make
tikzDevice compatible with the graphics engine in R >= 4.1. And Dean Scarff made sure that
tikzInfo->outColorFileName is always initialized (#200 fixing #199). In addition I have also added the current working directory is to
TEXINPUTS (#203 fixing #197 and #198).
The main motivation for this release was a new WARNING on CRAN that could have triggered the removal of the package. (#219 fixing #218) The WARNING was triggered by the last remaining call to the standard C library function
sprintf(). This function is insecure due to the possibility of buffer overflows, so it is a good idea to replace it with
snprintf() where one needs the specify the number of characters to be printed. Normally this is straight forward, since one only has to call
strlen() on all arguments and add the results. But in this case there is an integer number among the arguments, so I opted for taking the logarithm to determine the length:
snprintf(tikzInfo->outFileName, strlen(tikzInfo->originalColorFileName) + floor(log10(tikzInfo->pageNum)) + 1, tikzInfo->originalFileName, tikzInfo->pageNum);