Proposal comment for spprintf/snprintf header. When nobody objects i commit
this to spprintf.h and make a notice in snprintf.h.
/*
Comparing: sprintf, snprintf, spprintf
sprintf offers the ability to make a lot of falures since it does not know
the size of the buffer it uses. Therefore usage of sprintf often
results in possible entries for buffer overrun attacks.
SO PLEASE DO NOT USE IT!
snprintf knows the buffers size and will not write behind it. but you will
have to use either a static buffer or allocate one dynamic buffer
before beeing able to call the function. In other words you must
be sure that you really know the maximum size of the buffer required.
A bad thing is if you hav a big maximum and in most cases you only
need a small buffer.
spprintf Is the dynamical version of snprintf it allocates the buffer in size
as neede and allows a maximum setting as snprintf (turn this feature
of by setting max_len to 0). spprintf is a little bit slower than
snprintf and offers possible memory leakes if you miss freeing the
buffer allocated by the function. Therfore this function should be
used where either no maximum is known or the maximum is much bigger
then normal size required.
Example:
char *buffer;
#define MAX 1024
spprintf(&buffer, MAX, "text");
if (!buffer)
return OUT_OF_MEMORY
action_with_buffer();
efree(buffer);
*/
--
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, visit: http://www.php.net/unsub.php
