Re: Buffer overflows with s(n)printf ()

From: Gus Koppel <gtk spamkiller bytechase cx>
To: gtk-app-devel-list gnome org
Subject: Re: Buffer overflows with s(n)printf ()
Date: Fri, 24 Oct 2003 12:30:19 +0200

Gus Koppel wrote:

See
http://www-106.ibm.com/developerworks/security/library/s-buffer-defend.html
for a rather detailed list and explanation of what and why not to use
and possibly what to use instead.

In short: if you encounter ANY of those functions listed in your
program then it's inherently unsafe and buffer-overflow-prone.


Clarification: by "ANY of those functions listed" I was referring to the
first list under "Major snares in C programming" only.

Another source for information about this issue is
http://www.linuxsecurity.com/docs/LDP/Secure-Programs-HOWTO/buffer-overflow.html

Hope this isn't considered too off-topic by some people   ;-)

References:
- Convert float to gchar *
  - From: Laurent Houdusse
- Re: Convert float to gchar *
  - From: iain
- Re: Convert float to gchar *
  - From: Gus Koppel
- Re: Convert float to gchar *
  - From: Havoc Pennington
- Re: Convert float to gchar *
  - From: John K Luebs
- Buffer overflows with s(n)printf ()
  - From: Gus Koppel

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]