On Wed, Nov 12, 2003 at 09:54:34PM -0800, Gene Buckle wrote:
> 
> On Wed, 12 Nov 2003, Cameron Moore wrote:
> 
> > * [EMAIL PROTECTED] (Gene Buckle) [2003.11.12 10:35]:
> > > code:
> > >
> > > static const char *
> > > getDateString ()
> > > {
> > >   static char buf[64];          // FIXME
> > >   struct tm * t = globals->get_time_params()->getGmt();
> > >   sprintf(buf, "%.4d-%.2d-%.2dT%.2d:%.2d:%.2d",
> > >           t->tm_year + 1900, t->tm_mon + 1, t->tm_mday,
> > >           t->tm_hour, t->tm_min, t->tm_sec);
> > >   return buf;
> > > }
> > >
> > > Why the FIXME in the declaration of buf?  Is there a better way of doing
> > > that?  Is there a buffer overrun concern or something?
> >
> > We should at least be using snprintf() here.
> >
> So what makes snprintf() a better choice than sprintf()?
> 
snprintf(buf, buflen, format, ...) will not write more than buflen
characters (including the trailing '\0') - this protects you against
a possible buffer overflow . . .

It probably isn't necessary in this case, but it's a Good Habit To
Get Into(tm).

Simon

-- 
PGP public key Id 0x144A991C, or http://himi.org/stuff/himi.asc
(crappy) Homepage: http://himi.org
doe #237 (see http://www.lemuria.org/DeCSS) 
My DeCSS mirror: ftp://himi.org/pub/mirrors/css/ 

Attachment: pgp00000.pgp
Description: PGP signature

_______________________________________________
Flightgear-devel mailing list
[EMAIL PROTECTED]
http://mail.flightgear.org/mailman/listinfo/flightgear-devel

Reply via email to