Dear all, In the files core/plannernotes.c, core/statistics.c and core/uemis- downloader.c, we have code of the kind snprintf(buffer + len, sz_buffer - len, ...);
I think this is wrong because the second argument to snprintf is size_t, i.e. unsigned. For len > sz_buffer, this will happily write past the end of the buffer. Ad-hoc, I see three rather easy to implement fixes: 1) int sane_snprintf(char *str, int size, const char *fmt, ...) { va_list ap; va_start(ap, fmt); int res = vsnprintf(str, max(0, size), fmt, ap); va_end(ap); return res; } 2) Use struct membuffer and put_format(). 3) Change to QString: res += QString::asprintf(...); Concerning the amount of work, I'd say it's 1 < 2 < 3 (from least to most work needed). Personally, I feel that nevertheless 3 would be the best option, even though I dislike QString (COW, UTF-16). This would remove back-and-forth conversion QString -> C-string -> QString and wouldn't change the C-logic at all. Moreover, for my tastes, it's the easiest-to-read version. What do you think? Berthold _______________________________________________ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface