>As a side note, proper use of snprintf would be:
>ret = snprintf(mystr,sizeof(mystr)-1,"Format: %s",var);
No it would not; the proper 2nd argument is the size of whatever
"mystr" points to; for char[] that's sizeof (mystr) (NOT -1) but
for char * it's whatever size you alloc'ed.
>Perhaps we should start development of a standardized 'safe' header file
>that can contain macros for snprintf, strncat and the like.
>
>Example:
>#define safe_snprinf(dst,len,fmt,var)
> snprintf(dst,(len>sizeof(dst)-1)?sizeof(dst)-1:len,fmt,var)
I remember a bug in sendmail caused by bad use of sizef.
>As a side note, proper use of snprintf would be:
>ret = snprintf(mystr,sizeof(mystr)-1,"Format: %s",var);
No it would not; the proper 2nd argument is the size of whatever
"mystr" points to; for char[] that's sizeof (mystr) (NOT -1) but
for char * it's whatever size you alloc'ed.
>Perhaps we should start development of a standardized 'safe' header file
>that can contain macros for snprintf, strncat and the like.
>
>Example:
>#define safe_snprinf(dst,len,fmt,var)
> snprintf(dst,(len>sizeof(dst)-1)?sizeof(dst)-1:len,fmt,var)
I remember a bug in sendmail caused by bad use of sizef.
>#define safe_strcat(dst,src) =20
> strncat(dst,src,sizeof(dst))
Same problem; not safe anyway. (sizeof (dst) - strlen(dst) - 1, if anything)
Casper
[ reply ]