View Issue Details

IDProjectCategoryView StatusLast Update
0000567LDMud 3.5Implementationpublic2008-09-10 17:45
Reporterzesstra Assigned To 
PrioritylowSeverityminorReproducibilityN/A
Status newResolutionopen 
Summary0000567: sprintf() with fixed sized buffers should be avoided - use snprintf()
DescriptionStuff like:
 char buff[80];
 sprintf(buff, "%ld", argp->u.number);
 if (buff[sizeof(buff)-1] != '\0')
   fatal();
from interpret.c should be avoided.

Instead something like
 char buff[80];
 if (snprintf(buff, 80, "%ld", argp->u.number) >= 80)
    errorf();
would be much safer (both for preventing crashes as well as buffer overflow exploits).

I admit, this is not the best example, as p_int in string representation will not exceed 79 characters for any near future, but take it as a matter of principle. ;-)
We should always use snprintf() instead of sprintf() for writing into buffers.
TagsNo tags attached.

Activities

zesstra

2008-09-10 17:45

administrator   ~0000780

Quite similar: strcpy() -> strncpy()

Issue History

Date Modified Username Field Change
2008-09-09 18:09 zesstra New Issue
2008-09-10 17:45 zesstra Note Added: 0000780