Hi Melchior, clear? There is no statement, if there is a \0 appended. And in fact, it does not add a trailing \0 if the len parameter yields to a truncating of the output. Of course the snprintf is not insecure, but the next usage of the returned string. Therefore changing the sprintf to snprintf probably will not fix all (possible) bugs. The patch with setting the last byte of the buffer to zero in any case would work fine.
Maik Melchior FRANZ schrieb am 13.10.2007 11:06: > * Melchior FRANZ -- Saturday 13 October 2007: > >> To my knowledge this is only needed for strncpy()/strncat(), but >> not for snprintf(). The manpage seems a bit unclear about it, >> but the code example is very clear. >> > > Heh, no. The description is very clear, too: "The functions > snprintf() and vsnprintf() do not write more than size bytes > (including the trailing '\0')." > > m. :-) > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Flightgear-devel mailing list > Flightgear-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/flightgear-devel > > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Flightgear-devel mailing list Flightgear-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/flightgear-devel
