From: Gary Barnett (gbarnett@POLARNET.COM)
Date: 07/09/97

I've been following the recent thread on the linux security list
relating to the snprintf function.

I'm not worried about the problems reported with the snprintf,
mostly because my mud no longer runs on Linux :-) Those of
you who aren't aware of the problem should note that snprintf
on some Linux boxes doesn't do the bounds checking that it's
supposed to.

Which brings me to the reason for this post:

Has anyone on the list converted their use of sprintf to snprintf?

The reason I ask is that I'm currently on a code cleanup phase,
and am trying to account for all memory used, and to validate
all memory storage routines (bounds checking, etc.) snprintf
seems an ideal function, as bounds checking is rather less
painful with that ability.

This is yet another call in the standard library that I have missed
while combing it looking for functions to add to the toolkit. It is
really amazing the stuff that is defined in ANSI C that I see value
in, but rarely see anyone use. Is there a reason for this? Problems
maintaining portability? Laziness on the part of a good many
coders? :-)

FYI: MSVC, Linux and FreeBSD define it in stdio.h. Anyone know
of an os that doesn't define snprintf? It's in the standard library, so
I would assume most, if not all would have it...

Thanks for any input,


P.S. For those that have no idea of what snprintf does, I've included
the following excerpt from the msvc help file.

int _snprintf( char *buffer, size_t count, const char *format [, argument]
... );

_snprintf returns the number of bytes stored in buffer, not counting the
terminating null character. If the number of bytes required to store the
data exceeds count, then count bytes of data are stored in buffer and
a negative value is returned. "Never worry about the bullet with your name on
it. Instead, worry about
shrapnel addressed to 'occupant.'" --Murphy

      | Ensure that you have read the CircleMUD Mailing List FAQ: |
      |   |

This archive was generated by hypermail 2b30 : 12/08/00 PST