On Fri, 27 Jun 2003, R. Lindsay Todd wrote: > A number of changes to CVS lately have converted uses of sprintf to > afs_snprintf in the fileserver and volserver. It turns out that some of > the uses of sprintf are problematic: There are cases of %Ld being used > -- I believe that is a GNU extension. I found one buffer overrun > involving deleting volumes... Who knows what else lurks? So it seems > to me that moving to snprintf and similar is necessary to ensure safety.
I don't think %Ld is even a GNU extension; it's probably just a misunderstanding on the part of whoever wrote that format string. The L modifier applies only to floating-point conversions, not integer ones. > So it seems to me that we should always use our own afs_snprintf. The > only question I have: Is the version we have in src/util robust enough > to replace sprintf throughout the codebase? It seems to be for src/vol, > src/volser, and src/viced, but I haven't gone through other parts of the > code. I believe it should be. It wasn't written specifically for OpenAFS, but it was intended to be "fairly complete", specifically so I could drop it in as a replacement for an existing snprintf that just called the system sprintf without checking the length. -- Jeff _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
