[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [patch #3686] Trivial patch to change sprintf to snprintf in libltdl
|
From: |
Ralf Wildenhues |
|
Subject: |
Re: [patch #3686] Trivial patch to change sprintf to snprintf in libltdl |
|
Date: |
Thu, 27 Jan 2005 18:45:59 +0100 |
|
User-agent: |
Mutt/1.4.1i |
* Steve Shockley wrote on Thu, Jan 27, 2005 at 04:26:10PM CET:
> Albert Chin wrote:
> >More importantly, snprintf is not available on Solaris 2.5.1, Tru64
> >UNIX 4.0D, and, depending on what libc patch you have, HP-UX 10.20.
>
> Solaris 2.5.1 was released in May '96, HP-UX 10.20 was released in
> August '96, and Digital Unix 4.0D was released in December '97. I
> believe every modern OS has snprintf; is this really an issue?
Yes, it is. Not everybody has a modern OS.
But on the other side of issues: If libltdl needed snprintf, we could
provide one. But we would like to get rid of both snprintf and sprintf
(they increase code size unnecessarily). Plus introduce no buffer
overflows. Yes, I think this is possible.
Writing with snprintf into a buffer previously allocated with
size = strlen( what_will_be_written ) + 1;
is not necessary. I mean, just as well could you argue that from one
line to the next you'd forget that `size' was the size of the buffer,
and write
snprintf(str, size + 3, ...);
For the same reason, I refuse to remove use of memcpy from my code.
I'm all for safety, but I am against stupidity, sorry. And yes, I
have audited most of the ltdl code.
Regards,
Ralf
[patch #3686] Trivial patch to change sprintf to snprintf in libltdl, Ralf Wildenhues, 2005/01/27