[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Buffer overflow in documentation
|
From: |
Markus Gothe |
|
Subject: |
Re: Buffer overflow in documentation |
|
Date: |
Sat, 11 Apr 2020 23:00:45 +0200 |
Err, ofc it will not do an invalid access. It will set the last number to zero
which might be correct sometimes but most of the population time it will be
wrong in my example.
BR,
Markus
Sent from my BlackBerry - the most secure mobile device
Original Message
From: address@hidden
Sent: April 11, 2020 22:58
To: address@hidden; address@hidden
Subject: Re: Buffer overflow in documentation
That's totally OK if the length etc being check before the call to sprintf().
Sometimes the use of sprintf is the way to go like if you have unsigned
char[ETH_ALEN] here replacing it will snprintf will set ETH_ALEN+1 to '\0' and
do an invalid access.
Could you pinpoint why snprintf is better to use in this particular case please.
BR,
Markus
Sent from my BlackBerry - the most secure mobile device
Original Message
From: address@hidden
Sent: April 11, 2020 22:48
To: address@hidden
Subject: Buffer overflow in documentation
Hi,
https://www.gnu.org/software/gettext/manual/html_node/Preparing-Strings.html
The above documentation mentions the sprintf function. It should rather
mention snprintf instead, to protect against buffer overflows.
Best,
Roland