Re: Are bad developer libraries the problem with M$ software?
From: Casper Dik (Casper.Dik@Sun.COM)
Date: 11/18/02
- Previous message: John Viega: "Re: Are bad developer libraries the problem with M$ software?"
- In reply to: Frank Knobbe: "RE: Are bad developer libraries the problem with M$ software?"
- Next in thread: Andrew Griffiths: "Re: Are bad developer libraries the problem with M$ software?"
- Reply: Andrew Griffiths: "Re: Are bad developer libraries the problem with M$ software?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Frank Knobbe <fknobbe@knobbeits.com> Date: Mon, 18 Nov 2002 20:36:33 +0100 From: Casper Dik <Casper.Dik@Sun.COM>
>As a side note, proper use of snprintf would be:
>ret = snprintf(mystr,sizeof(mystr)-1,"Format: %s",var);
No it would not; the proper 2nd argument is the size of whatever
"mystr" points to; for char[] that's sizeof (mystr) (NOT -1) but
for char * it's whatever size you alloc'ed.
>Perhaps we should start development of a standardized 'safe' header file
>that can contain macros for snprintf, strncat and the like.
>
>Example:
>#define safe_snprinf(dst,len,fmt,var)
> snprintf(dst,(len>sizeof(dst)-1)?sizeof(dst)-1:len,fmt,var)
I remember a bug in sendmail caused by bad use of sizef.
>#define safe_strcat(dst,src) =20
> strncat(dst,src,sizeof(dst))
Same problem; not safe anyway. (sizeof (dst) - strlen(dst) - 1, if anything)
Casper
- Next message: Michael Howard: "RE: Are bad developer libraries the problem with M$ software?"
- Previous message: John Viega: "Re: Are bad developer libraries the problem with M$ software?"
- In reply to: Frank Knobbe: "RE: Are bad developer libraries the problem with M$ software?"
- Next in thread: Andrew Griffiths: "Re: Are bad developer libraries the problem with M$ software?"
- Reply: Andrew Griffiths: "Re: Are bad developer libraries the problem with M$ software?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
