snprintf cascades
Berthold Stoeger
bstoeger at mail.tuwien.ac.at
Mon Mar 5 10:29:48 PST 2018
Dear all,
In the files core/plannernotes.c, core/statistics.c and core/uemis-
downloader.c, we have code of the kind
snprintf(buffer + len, sz_buffer - len, ...);
I think this is wrong because the second argument to snprintf is size_t, i.e.
unsigned. For len > sz_buffer, this will happily write past the end of the
buffer.
Ad-hoc, I see three rather easy to implement fixes:
1)
int sane_snprintf(char *str, int size, const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
int res = vsnprintf(str, max(0, size), fmt, ap);
va_end(ap);
return res;
}
2)
Use struct membuffer and put_format().
3)
Change to QString:
res += QString::asprintf(...);
Concerning the amount of work, I'd say it's 1 < 2 < 3 (from least to most work
needed). Personally, I feel that nevertheless 3 would be the best option, even
though I dislike QString (COW, UTF-16). This would remove back-and-forth
conversion QString -> C-string -> QString and wouldn't change the C-logic at
all. Moreover, for my tastes, it's the easiest-to-read version.
What do you think?
Berthold
More information about the subsurface
mailing list