471,120 Members | 1,437 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,120 software developers and data experts.

avoid buffer overflow using sprintf?

How can I rewrite this code to avoid the possibility of a
buffer overflow?

sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );

Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
Jul 3 '06 #1
3 6062
Susan Rice wrote:
How can I rewrite this code to avoid the possibility of a
buffer overflow?

sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );

Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
Use std::strings and std::stringstreams instead:

ostringstream errbuf;
errbuf << errmsg << "\nError is: " << dwErrCode << ':' << s << '\n';

You can retrieve the resulting message with "errbuf.str()" which, if
needed, can be converted to a C-style string like this:
"errbuf.str().c_str()".

Cheers! --M

Jul 3 '06 #2
* Susan Rice:
How can I rewrite this code to avoid the possibility of a
buffer overflow?

sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );

Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
std::ostringstream stream;
stream << errmsg << "\nError is: " << dwErrCode << ": " << s << "\n";
// Do something with stream.str()

Btw., Hungarian notation like the prefix 'dw' is likely to cause you all
kinds of trouble, and reduces readability, without conferring /any/
advantage with modern tools.

--
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
Jul 3 '06 #3
Susan Rice wrote:
How can I rewrite this code to avoid the possibility of a
buffer overflow?

sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );

Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
An easy way to do it is with snprintf(), which lets you specify the
maximum number of characters to store in the output buffer. Your code
would become:

snprintf(errbuf, errbuflen, "%s\nError is: %u: %s\n", errmsg,
dwErrCode, s);

If your C library does not snprintf(), you can get a free
implementation here:

http://www.ijs.si/software/snprintf/

Regards,
Markus.

Jul 4 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

13 posts views Thread by Ioannis Vranos | last post: by
4 posts views Thread by ma740988 | last post: by
2 posts views Thread by dati_remo | last post: by
8 posts views Thread by Martin Eisenberg | last post: by
7 posts views Thread by amit.atray | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.