473,396 Members | 2,004 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c / c++ > questions > safe version of sprintf

Join Bytes to post your question to a community of 473,396 software developers and data experts.

safe version of sprintf

Hi,

does exist a safe version/way of sprintf to prevent a buffer overflow by
using in this manner?

char* format = "0x%0.4X\n";
char buf[4];

sprintf(buf, format, number);

where the format can change at runtime? The buf size is fixed at compile
time.

In the example above the buffer is to small and it's written random in
memory.

Thanks
Olaf
Jan 25 '08 #1
1 4024
Olaf wrote:
...
does exist a safe version/way of sprintf to prevent a buffer overflow by
using in this manner?

char* format = "0x%0.4X\n";
char buf[4];

sprintf(buf, format, number);

where the format can change at runtime? The buf size is fixed at compile
time.
...
There are always at least two ways "to prevent a buffer overflow". One is the
make sure that your buffer is always big enough for the data you are trying to
write into it. Another is to truncate the data when it hits the limit of the
buffer. The first question you should be asking yourself is which one you really
need.

The latter prevention strategy is of very limited use since, even tough it does
prevent the overflow, it usually provides no useful result and no meaningful
continuation strategy. It is mostly useful in situations when you want to abort
your program anyway, but you'd prefer to exit more-or-less gracefully with your
own diagnostic message instead of the inelegant "segmentation fault, core dumped".

If that's not what you want to do (is it?), then you'd better off sticking with
the former strategy. Which brings the question of where is the requirement of
the buffer size being fixed at compile time comes from?

--
Bes? regards,
Andrey Tarasevich
Jan 27 '08 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
Needs help with old PHP scrips on new server with update version of PHP
by: laurie | last post by:
Hi all, I'm trying to help out a friend who has inherited a client with a PHP shopping cart application. Neither of us know PHP, but I've been muddling my way through, trying to get these old...
PHP
4
Safe MySQL queries
by: Pete | last post by:
After realising how easy it is for a malicious user to inject an sql query into a paramenter for a query, e.g: $query = "SELECT name FROM employees WHERE ID = ".$HTTP_GET_VARS And the user...
PHP
9
Safe Printing
by: Jody Gelowitz | last post by:
I am trying to find the definition of "Safe Printing" and cannot find out exactly what this entitles. The reason is that I am trying to print contents from a single textbox to no avail using the...
.NET Framework
7
safe to return a 'const char *' from a local std::string?
by: Sims | last post by:
Hi, if i have a code const char * GetValue() { std::string szVectorValue = ...// get a std::string from the vector return szVectorValue.c_str(); }
C / C++
1
cast safe
by: grahamo | last post by:
Doh, In my last mail I meant the function atoi instead of sprintf... and I also meant to use an int instead of an unsigned int......... this is the approach I mean , ignore the other...
C / C++
7
safe to return a pointer to static storage?
by: Jim Showalter | last post by:
I always thought that it is safe for a function to return a pointer to static storage. And the following code does compile quietly with: gcc -pedantic -Wall -o foo foo.c #include <stdio.h> ...
C / C++
1
Convert the Visual Studio 2002 web projects Located in Visual Source Safe 6.0
by: johnlim20088 | last post by:
Hi, Currently I have 6 web projects located in Visual Source Safe 6.0, as usual, everytime I will open solution file located in my local computer, connected to source safe, then check out/check in...
.NET Framework
18
Is this C style function well written and thread safe?
by: jeff_j_dunlap | last post by:
Dear C++ Users: I alwasy use std::string and avoid char buffers but last night I wanted to see if I could make a C style function that would be thread safe. For me, it was a good learning...
C / C++
3
Updated MySQL version - error:1064 You have an error in your SQL syntax
by: phobia1 | last post by:
Hi once again. We have just changed our ISP and things that worked fine now do not, Obviously its in the differences of MYSQL and PHP versions. Have fixed most of the problems but this UPDATE...
MySQL Database
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!