By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,332 Members | 1,404 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,332 IT Pros & Developers. It's quick & easy.

avoid buffer overflow using sprintf?

P: n/a
How can I rewrite this code to avoid the possibility of a
buffer overflow?

sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );

Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
Jul 3 '06 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Susan Rice wrote:
How can I rewrite this code to avoid the possibility of a
buffer overflow?

sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );

Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
Use std::strings and std::stringstreams instead:

ostringstream errbuf;
errbuf << errmsg << "\nError is: " << dwErrCode << ':' << s << '\n';

You can retrieve the resulting message with "errbuf.str()" which, if
needed, can be converted to a C-style string like this:
"errbuf.str().c_str()".

Cheers! --M

Jul 3 '06 #2

P: n/a
* Susan Rice:
How can I rewrite this code to avoid the possibility of a
buffer overflow?

sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );

Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
std::ostringstream stream;
stream << errmsg << "\nError is: " << dwErrCode << ": " << s << "\n";
// Do something with stream.str()

Btw., Hungarian notation like the prefix 'dw' is likely to cause you all
kinds of trouble, and reduces readability, without conferring /any/
advantage with modern tools.

--
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
Jul 3 '06 #3

P: n/a
Susan Rice wrote:
How can I rewrite this code to avoid the possibility of a
buffer overflow?

sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );

Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
An easy way to do it is with snprintf(), which lets you specify the
maximum number of characters to store in the output buffer. Your code
would become:

snprintf(errbuf, errbuflen, "%s\nError is: %u: %s\n", errmsg,
dwErrCode, s);

If your C library does not snprintf(), you can get a free
implementation here:

http://www.ijs.si/software/snprintf/

Regards,
Markus.

Jul 4 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.