Re: Buffer overflows with s(n)printf ()
- From: Gus Koppel <gtk spamkiller bytechase cx>
- To: gtk-app-devel-list gnome org
- Subject: Re: Buffer overflows with s(n)printf ()
- Date: Tue, 18 Nov 2003 10:44:25 +0100
Ian Molton wrote:
There are other not-to-be-used C functions besides sprintf (), btw.
Thats BS. theres no (general) reason not to use sprintf(). There are
situations where its not appropriate, but if you know the (max) output
length, why NOT use sprintf ()?
Because "knowing the max. output length" is an ILLUSION all too often,
as most of the programmers of buffer-overflow-prone programs could
confirm. Despite common beliefs not all of them are pure idiots. Many
just thought the same way on it like you do.
NEVER use sprintf (), ALWAYS use snprintf () (or derivates) instead!
] [Thread Prev