How can I rewrite this code to avoid the possibility of a
buffer overflow?
sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );
Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way? 3 6467
Susan Rice wrote:
How can I rewrite this code to avoid the possibility of a
buffer overflow?
sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );
Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
Use std::strings and std::stringstre ams instead:
ostringstream errbuf;
errbuf << errmsg << "\nError is: " << dwErrCode << ':' << s << '\n';
You can retrieve the resulting message with "errbuf.str ()" which, if
needed, can be converted to a C-style string like this:
"errbuf.str().c _str()".
Cheers! --M
* Susan Rice:
How can I rewrite this code to avoid the possibility of a
buffer overflow?
sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );
Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
std::ostringstr eam stream;
stream << errmsg << "\nError is: " << dwErrCode << ": " << s << "\n";
// Do something with stream.str()
Btw., Hungarian notation like the prefix 'dw' is likely to cause you all
kinds of trouble, and reduces readability, without conferring /any/
advantage with modern tools.
--
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
Susan Rice wrote:
How can I rewrite this code to avoid the possibility of a
buffer overflow?
sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );
Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
An easy way to do it is with snprintf(), which lets you specify the
maximum number of characters to store in the output buffer. Your code
would become:
snprintf(errbuf , errbuflen, "%s\nError is: %u: %s\n", errmsg,
dwErrCode, s);
If your C library does not snprintf(), you can get a free
implementation here: http://www.ijs.si/software/snprintf/
Regards,
Markus. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Ioannis Vranos |
last post by:
If we want our programs to be protected against buffer overflows, must we
check the size of the various containers explicitly?
E.g.
#include <iostream>
#include <string>
int main()
|
by: ma740988 |
last post by:
A few days ago I recieved yet again advice on implementing a buffer of
bytes. At issue: (part 1) how do I take the contents of a struct,
then dump (used sparingly) it into a byte buffer. Similarily, take the
contents of a (part 2) buffer and dump (used sparingly) it into a
struct.
So I found an implementation that handles part 1. Well partially.
#include <ostream>
namespace jngcomp { namespace utils
|
by: dati_remo |
last post by:
Which is the best tool for buffer overflow to use during debug?
What about Rational Purify?
Best Regards
|
by: jay |
last post by:
I am attempting to impersonate an account in ASPNET. I am using
aspnet_setreg to store the username and passwords. I have given the
ASPNET account permisision to read the registry values. However, the
application throws:
"Could not create Windows user token from the credentials specified in
the config file. Error from the operating system 'A required privilege
is not held by the client'."
This occurs even when the ASPNET account has...
|
by: Chris |
last post by:
I have experienced the "Blank Message Box" problem when using McAfee 8
with Visual Studio and VB. I can disable buffer overflow protection
and it fixes the problem, but it is only temporary as my company uses
McAfee 8.0i Enterprise version. After I disable the buffer overflow
protection, after a short period of time (usually less than a minute or
two), the setting has reverted back. This is apparently an enterprise
wide rule to have it...
| |
by: Martin Eisenberg |
last post by:
Hi,
If I want to terminate a program upon finding that sprintf has
overrun its output buffer, should I prefer exit or abort from
cstdlib? Thanks.
Martin
--
|
by: semut |
last post by:
Given that the string is of null-terminated type. What could be the
possible causes (by experience) the string to have no null character
(\0)
and cause buffer overflow later. I know it is quite broad, just like to
find out the causes as much as possible so that I could impose stricter
checking toward my codes.
note: I could not use std::string cause it will require a total
rewrite.
|
by: Notebooker |
last post by:
Hello,
I'm an intermediate noob reading-in data from ascii-file using an
ifstream object.
I have specified a c-style string buffer with size of type size_t and I
am specifying to use this buffer size as the number of characters to
read in using the function read(). The issue I am having is read()
expects that the value for the number of characters to read-in will be
of type std::streamsize, which is apparently signed int. My buffer
|
by: amit.atray |
last post by:
Environement : Sun OS + gnu tools + sun studio (dbx etc)
having some Old C-Code (ansi + KR Style) and code inspection shows
some big size variable (auto) allocated (on stack)
say for ex.
char a;
(this type of code and other complex mallc/free etc is used frequently
and total approx 450 files, each file is of approx/avg 1000 line,
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |