Hi, I recently ran a small script on both FlightGear's and SimGear's source-tree. I was surprised to see that over 500 times sprintf (and similar possibly problematic functions such as strcpy, vsprintf, memcpy, memmove and bcopy) was used. My questions are:
1. Should these be replaced by snprintf (et cetera) ? 2. If so, is anybody working on that? 3. If not, I'm willing to make them all boundary safe. I came across a lot of occurrences like this: ... char buf[some_number]; some_function(buf, more_variables); ... void some_function(char *buf, more_variables ) { ... sprintf(buf, "blabla %s blabla %d", ... ); ... } To me it seems that the size of the buffer should be passed along to some_function. What do you suggest? --Ivo _______________________________________________ Flightgear-devel mailing list [EMAIL PROTECTED] http://mail.flightgear.org/mailman/listinfo/flightgear-devel