Re: Buffer overflows with s(n)printf ()

Ian Molton wrote:

There are other not-to-be-used C functions besides sprintf (), btw.

Thats BS. theres no (general) reason not to use sprintf(). There are
situations where its not appropriate, but if you know the (max) output
length, why NOT use sprintf ()?

Because "knowing the max. output length" is an ILLUSION all too often,
as most of the programmers of buffer-overflow-prone programs could
confirm. Despite common beliefs not all of them are pure idiots. Many
just thought the same way on it like you do.

I repeat:
NEVER use sprintf (), ALWAYS use snprintf () (or derivates) instead!

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]