I've grepped my machine to death -- i cant find vsnprintf or snprintf
anywhere
byron
On Fri, 5 Dec 1997, Alastair Reid wrote:
>
> Thanks for the configuration info (esp to Byron - info about Solaris problems
> is much easier to chase than info about Irix problems).
>
> The problem seems to be that configuration isn't detecting the functions
> snprintf or vsnprintf. If it can't find them, Hugs uses this simple minded
> emulation (the interesting line is the 4th from last).
>
> #if !defined(HAVE_SNPRINTF)
> int snprintf(char* buffer, int count, const char* fmt, ...) {
> #if defined(HAVE__VSNPRINTF)
> int r;
> va_list ap; /* pointer into argument list */
> va_start(ap, fmt); /* make ap point to first arg after fmt */
> r = vsnprintf(buffer, count, fmt, ap);
> va_end(ap); /* clean up */
> return r;
> #else
> return 0;
> #endif
> }
> #endif /* HAVE_SNPRINTF */
>
> Possible fixes:
>
> 1) Fix configuration to detect vsnprintf. Surely you must have them???
>
> 2) Use sprintf and vsprintf instead and hope you don't get buffer overflows.
> I'm not at all happy with this approach since there's no obvious bound on
> the amount of output.
>
> (I'm also somewhat sensitive on the subject of buffer overflows at the
> moment since it's a standard way for a hacker to break into your
> system - see previous message.)
>
> 3) Use simple, conservative heuristics to predict buffer usage to prevent
> most buffer eoverflows. Better but still not very happy.
>
> 4) Rework the entire Hugs error message system. Ain't gonna happen anytime
> soon.
>
> Alastair
>
