468,456 Members | 1,654 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,456 developers. It's quick & easy.

avoid buffer overflow using sprintf?

How can I rewrite this code to avoid the possibility of a
buffer overflow?

sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );

Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
Jul 3 '06 #1
3 5767
Susan Rice wrote:
How can I rewrite this code to avoid the possibility of a
buffer overflow?

sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );

Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
Use std::strings and std::stringstreams instead:

ostringstream errbuf;
errbuf << errmsg << "\nError is: " << dwErrCode << ':' << s << '\n';

You can retrieve the resulting message with "errbuf.str()" which, if
needed, can be converted to a C-style string like this:
"errbuf.str().c_str()".

Cheers! --M

Jul 3 '06 #2
* Susan Rice:
How can I rewrite this code to avoid the possibility of a
buffer overflow?

sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );

Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
std::ostringstream stream;
stream << errmsg << "\nError is: " << dwErrCode << ": " << s << "\n";
// Do something with stream.str()

Btw., Hungarian notation like the prefix 'dw' is likely to cause you all
kinds of trouble, and reduces readability, without conferring /any/
advantage with modern tools.

--
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?
Jul 3 '06 #3
Susan Rice wrote:
How can I rewrite this code to avoid the possibility of a
buffer overflow?

sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );

Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?
An easy way to do it is with snprintf(), which lets you specify the
maximum number of characters to store in the output buffer. Your code
would become:

snprintf(errbuf, errbuflen, "%s\nError is: %u: %s\n", errmsg,
dwErrCode, s);

If your C library does not snprintf(), you can get a free
implementation here:

http://www.ijs.si/software/snprintf/

Regards,
Markus.

Jul 4 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

13 posts views Thread by Ioannis Vranos | last post: by
4 posts views Thread by ma740988 | last post: by
2 posts views Thread by dati_remo | last post: by
8 posts views Thread by Martin Eisenberg | last post: by
7 posts views Thread by amit.atray | last post: by
reply views Thread by NPC403 | last post: by
1 post views Thread by subhajit12345 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.