Graeme Gill wrote:
> Dirck Blaskey wrote:
>
>> * use of strcat, strcpy, sprintf are all problematic - fortunately most
>> of this is in code that I'm not using.
>>
>
> Contrary to what some people would have you believe,
> strcat, strcpy, sprintf are not inherently unsafe
> in all usage, anymore than the "n" versions are
> inherently safe, and the former have the advantage
> of better availability.
>
I have clients who require a clean build on VS 2005 or newer.
strcat and strcpy can be used safely, but the aren't designed to be safe,
and it's hard for a compiler to tell if any use of them is safe or not.
It's very easy to use sprintf incorrectly and overflow the target
buffer, and impossible for the compiler to tell.
I don't recommend the "n" versions, either; strncat is somewhat safe but
still hard to use correctly,
and any use of strncpy is a disaster waiting to happen.
Grabbing one usage at random, In 2.0 cmscgats.c:
char Buffer[256];
strncpy(Buffer, Data, 255);
if (strlen(Buffer) <= strlen(Data))
strcpy(Data, Buffer);
Buffer may be non-null terminated, and passed to strlen. This is bad.
Sadly, if you have to use null terminated C strs,
the only safe and portable approach is to "roll your own",
but it's not that hard to do bounded copies correctly;
for example:
#define strncpyz(D,S,SZ) do { *(D)=0; strncat(D, S, (SZ)-1); } while(0)
There are some freely available implementations of snprintf that work ok.
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
Lcms-user mailing list
Lcms-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lcms-user
