snprintf cascades

Berthold Stoeger bstoeger at mail.tuwien.ac.at
Mon Mar 5 10:29:48 PST 2018


Dear all,

In the files core/plannernotes.c, core/statistics.c and core/uemis-
downloader.c, we have code of the kind
  snprintf(buffer + len, sz_buffer - len, ...);

I think this is wrong because the second argument to snprintf is size_t, i.e. 
unsigned. For len > sz_buffer, this will happily write past the end of the 
buffer.

Ad-hoc, I see three rather easy to implement fixes:

1)

int sane_snprintf(char *str, int size, const char *fmt, ...)
{
        va_list ap;
        va_start(ap, fmt);
        int res = vsnprintf(str, max(0, size), fmt, ap);
        va_end(ap);
        return res;
}

2)

Use struct membuffer and put_format().

3)

Change to QString:
res += QString::asprintf(...);

Concerning the amount of work, I'd say it's 1 < 2 < 3 (from least to most work 
needed). Personally, I feel that nevertheless 3 would be the best option, even 
though I dislike QString (COW, UTF-16). This would remove back-and-forth 
conversion QString -> C-string -> QString and wouldn't change the C-logic at 
all. Moreover, for my tastes, it's the easiest-to-read version.

What do you think?

Berthold


More information about the subsurface mailing list