25 ** change sprintf to snprintf to avoid corruption
Seems like there's a reason for the use of nonstandard snprintf,
perhaps it's an idea to include both functions' source for platforms
Because sprintf and vsprintf assume an arbitrarily long
string, callers must be careful not to overflow the actual
space; this is often impossible to assure. Note that the
length of the strings produced is locale-dependent and
difficult to predict. Use snprintf and vsnprintf instead.
Linux libc4. does not have a snprintf, but provides a
libbsd that contains an snprintf equivalent to sprintf,
i.e., one that ignores the size argument. Thus, the use
of snprintf with early libc4 leads to serious security
Some floating point conversions under early libc4 caused
At 12:59 +0100 15-11-2000, firstname.lastname@example.org wrote:
>If I can, I will try to change them for ANSI ones.
>vsnprintf is just used once and can be easily changed for snprintf.
>> snprintf and vsnprintf are not in the standard C library, you could
>> include the following line to configure.in to have the variables
>> HAVE_VSNPRINTF and HAVE_SNPRINTF available. Since both functions would
>> probably have GNU implementations, could you include them when they
>> are not available?
-- /''' Bas Meijer mailto:email@example.com
c-OO http://antraciet.com Web Services
\ > Kerkstraat 19 Postbus 256 1400 AG Bussum
\&& t. +31 35 7502100 f. +31 35 7502111
Received on Wed Nov 15 14:30:23 2000