Re: gint to gchar: g_sprintf

From: Gus Koppel <gtk spamkiller bytechase cx>
To: gtk-app-devel-list gnome org
Subject: Re: gint to gchar: g_sprintf
Date: Mon, 22 Dec 2003 11:18:30 +0100

Sukrit K Mehra wrote:

you should ommit the type specification of addid:
g_sprintf (addid, "%d", add);


Still same. Is g_sprintf not there in gtk1.2/glib? Tried with 2.0 too
doesn't work? I have included glib.h gtk/gtk.h. Beats me why it
doesn't work.


g_sprintf () is apparently new since GLib 2.x.

However, no matter what you do, please *NEVER* use g_sprintf () or
sprintf ()! Always use g_snprintf () (or snprintf () ) instead. Besides,
g_snprintf () is available in GLib 1.2 while g_sprintf () is not.

There is a great probability to integrate buffer overflows in your
application if you perpetually use (g_)sprintf (). This could result in
either hard to find bugs (best case) or remote exploits (worst case),
depending on the kind of your application.

See for instance
http://www-106.ibm.com/developerworks/security/library/s-buffer-defend.html
to learn more about this issue.

References:
- gint to gchar: g_sprintf
  - From: Sukrit K Mehra
- Re: gint to gchar: g_sprintf
  - From: Miguel Pignatelli
- Re: gint to gchar: g_sprintf
  - From: Sukrit K Mehra

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]