On Mon, 27 Oct 2003, Brett Hutley wrote:
char buf[10]; const char *str1 = "OVER"; const char *str2 = "FLOW!!!!!"; sprintf(buf, "%s%s", str1, str2);
Admittedly a contrived example. The best way to handle this type of stuff is to provide "safe" functions - like a sprintfn() that takes the maximum size of the buffer to write into as an argument. This function is reasonably tricky to write however. Consider the following example:
erm, snprintf? the reasonably tricky to implement part is kinda true, there are/were many implementations which didn't do the right thing, but i think that's improved.
Sorry, yes, snprintf() *doh*
-- Brett Hutley [MAppFin,CISSP,SANS GCIH] mailto:[EMAIL PROTECTED] http://hutley.net/brett
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
