Hi,
sprintf function can be called with only 2 arguments if there is no
format specifiers in the second argument (template).
So the following two are identical:
char *s = "some string";
sprintf(target, s);
sprintf(target, "%s", s);
But of course, sprintf is usually not recommended because it does not
check for the buffer length, which may lead to buffer overflow and cause
problems that are hard to find.
He Zhenxing
在 2018/12/19 下午6:34, [email protected] 写道:
Hi,
I suspect the following code in core/sql/ustat/hs_read.cpp is erroneous:
2120 desc = new SQLDESC_ID;
2121 init_SQLCLI_OBJ_ID(desc);
2122
2123 desc->name_mode = cursor_name;
2124 desc->module = &module;
2125 desc->identifier = new char[HS_STMTID_LENGTH];
2126 desc->handle = 0;
2127
2128 sprintf((char*)desc->identifier, descID);
2129 desc->identifier_len = strlen(descID);
The parameters to function `sprintf` should be 3, but there are only 2.
I’d like to change it to:
snprintf((char*)desc->identifier, HS_STMTID_LENGTH, “%s”, descID);
How do you find it?
Regards,
Wenjun Zhu
