On Tue, 23 Aug 2005, Moritz Grimm wrote: > While I wouldn't use sprintf() in any new code of my own, this does look safe > to me. If my assumption of this being safe is correct, then patching it to use > snprintf() is redundant and adds code that can contain bugs (that's what > happened to me.) This leads to the question whether keeping on trying to get > rid of sprintf()s categorically in the various upstreams does have its > exceptions. Basically, I want to find out the border separating "useful" from > "fanatic and useless anti-sprintf()ism".
we really only "win" if we categorically decide that it will be snprintf, and only snprintf. (or asprintf, as suggested). any "safe" use of sprintf means that you already calculated the expected length and passed it to malloc. just go ahead and pass the same length to snprintf. note that people very often manage to foul up such checks, and so you should be very strict about passing in the exact same value that went to malloc. -- And that's why it's called survival of the fittest.
