Re: Buffer overflow in documentation

bug-gettext

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Buffer overflow in documentation

From:	Markus Gothe
Subject:	Re: Buffer overflow in documentation
Date:	Sat, 11 Apr 2020 22:58:06 +0200

That's totally OK if the length etc being check before the call to sprintf().

Sometimes the use of sprintf is the way to go like if you have unsigned 
char[ETH_ALEN] here replacing it will snprintf will set ETH_ALEN+1 to '\0' and 
do an invalid access.

Could you pinpoint why snprintf is better to use in this particular case please.

BR,
Markus

Sent from my BlackBerry - the most secure mobile device


          Original Message      


From: address@hidden
Sent: April 11, 2020 22:48
To: address@hidden
Subject: Buffer overflow in documentation


Hi,

https://www.gnu.org/software/gettext/manual/html_node/Preparing-Strings.html

The above documentation mentions the sprintf function. It should rather
mention snprintf instead, to protect against buffer overflows.

Best,
Roland

[Prev in Thread]

Current Thread

[Next in Thread]

Buffer overflow in documentation, Roland Illig, 2020/04/11
- Re: Buffer overflow in documentation, Markus Gothe <=
  - Re: Buffer overflow in documentation, Markus Gothe, 2020/04/11
- Re: Buffer overflow in documentation, Bruno Haible, 2020/04/11

Prev by Date: Buffer overflow in documentation
Next by Date: Re: Buffer overflow in documentation
Previous by thread: Buffer overflow in documentation
Next by thread: Re: Buffer overflow in documentation
Index(es):
- Date
- Thread