472,988 Members | 2,577 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c / c++ > questions > safe version of sprintf

Join Bytes to post your question to a community of 472,988 software developers and data experts.

safe version of sprintf

Hi,

does exist a safe version/way of sprintf to prevent a buffer overflow by
using in this manner?

char* format = "0x%0.4X\n";
char buf[4];

sprintf(buf, format, number);

where the format can change at runtime? The buf size is fixed at compile
time.

In the example above the buffer is to small and it's written random in
memory.

Thanks
Olaf
Jan 25 '08 #1
1 3974
Olaf wrote:
...
does exist a safe version/way of sprintf to prevent a buffer overflow by
using in this manner?

char* format = "0x%0.4X\n";
char buf[4];

sprintf(buf, format, number);

where the format can change at runtime? The buf size is fixed at compile
time.
...
There are always at least two ways "to prevent a buffer overflow". One is the
make sure that your buffer is always big enough for the data you are trying to
write into it. Another is to truncate the data when it hits the limit of the
buffer. The first question you should be asking yourself is which one you really
need.

The latter prevention strategy is of very limited use since, even tough it does
prevent the overflow, it usually provides no useful result and no meaningful
continuation strategy. It is mostly useful in situations when you want to abort
your program anyway, but you'd prefer to exit more-or-less gracefully with your
own diagnostic message instead of the inelegant "segmentation fault, core dumped".

If that's not what you want to do (is it?), then you'd better off sticking with
the former strategy. Which brings the question of where is the requirement of
the buffer size being fixed at compile time comes from?

--
Bes? regards,
Andrey Tarasevich
Jan 27 '08 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
Needs help with old PHP scrips on new server with update version of PHP
by: laurie | last post by:
Hi all, I'm trying to help out a friend who has inherited a client with a PHP shopping cart application. Neither of us know PHP, but I've been muddling my way through, trying to get these old...
PHP
4
Safe MySQL queries
by: Pete | last post by:
After realising how easy it is for a malicious user to inject an sql query into a paramenter for a query, e.g: $query = "SELECT name FROM employees WHERE ID = ".$HTTP_GET_VARS And the user...
PHP
9
Safe Printing
by: Jody Gelowitz | last post by:
I am trying to find the definition of "Safe Printing" and cannot find out exactly what this entitles. The reason is that I am trying to print contents from a single textbox to no avail using the...
.NET Framework
7
safe to return a 'const char *' from a local std::string?
by: Sims | last post by:
Hi, if i have a code const char * GetValue() { std::string szVectorValue = ...// get a std::string from the vector return szVectorValue.c_str(); }
C / C++
1
cast safe
by: grahamo | last post by:
Doh, In my last mail I meant the function atoi instead of sprintf... and I also meant to use an int instead of an unsigned int......... this is the approach I mean , ignore the other...
C / C++
7
safe to return a pointer to static storage?
by: Jim Showalter | last post by:
I always thought that it is safe for a function to return a pointer to static storage. And the following code does compile quietly with: gcc -pedantic -Wall -o foo foo.c #include <stdio.h> ...
C / C++
1
Convert the Visual Studio 2002 web projects Located in Visual Source Safe 6.0
by: johnlim20088 | last post by:
Hi, Currently I have 6 web projects located in Visual Source Safe 6.0, as usual, everytime I will open solution file located in my local computer, connected to source safe, then check out/check in...
.NET Framework
18
Is this C style function well written and thread safe?
by: jeff_j_dunlap | last post by:
Dear C++ Users: I alwasy use std::string and avoid char buffers but last night I wanted to see if I could make a C style function that would be thread safe. For me, it was a good learning...
C / C++
3
Updated MySQL version - error:1064 You have an error in your SQL syntax
by: phobia1 | last post by:
Hi once again. We have just changed our ISP and things that worked fine now do not, Obviously its in the differences of MYSQL and PHP versions. Have fixed most of the problems but this UPDATE...
MySQL Database
2
isladogs
Access Europe meeting on Wed 4 Oct - The future of Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 4 Oct 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
2
Energy Model code modification to account for year dependent interest rate
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
Python
4
NeoPa
Send Current Object to PDF
by: NeoPa | last post by:
Hello everyone. I find myself stuck trying to find the VBA way to get Access to create a PDF of the currently-selected (and open) object (Form or Report). I know it can be done by selecting :...
Microsoft Access / VBA
3
NeoPa
VBA Class Basics
by: NeoPa | last post by:
Introduction For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
Microsoft Access / VBA
1
Report value list
by: Teri B | last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course. 0ne-to-many. One course many roles. Then I created a report based on the Course form and...
Microsoft Access / VBA
0
isladogs
Access Europe Meeting - Wed 1 Nov - Using SQL Server skills to extend Access
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM) Please note that the UK and Europe revert to winter time on...
Microsoft Access / VBA
0
NeoPa
VBA Class Basics (Report Class)
by: NeoPa | last post by:
Introduction For this article I'll be focusing on the Report (clsReport) class. This simply handles making the calling Form invisible until all of the Reports opened by it have been closed, when it...
Microsoft Access / VBA
4
Take a Database to the Next Level
by: GKJR | last post by:
Does anyone have a recommendation to build a standalone application to replace an Access database? I have my bookkeeping software I developed in Access that I would like to make available to other...
Microsoft Access / VBA
3
SueHopson
Applying ComboBox filters Sequentially
by: SueHopson | last post by:
Hi All, I'm trying to create a single code (run off a button that calls the Private Sub) for our parts list report that will allow the user to filter by either/both PartVendor and PartType. On...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!