Idea was that most people are not aware of spprintf and do not know the difference. So Markus and me thought about adding such a note.
marcus At 23:44 22.06.2002, Sterling Hughes wrote: >Why? If you're commiting code you should know how to use these basic >functions... > >besides, sprintf is not really all that bad... I know but often people miscalculate buffer sizes.... >-Sterling > > > > Proposal comment for spprintf/snprintf header. When nobody objects i commit > > this to spprintf.h and make a notice in snprintf.h. > > > > /* > > > > Comparing: sprintf, snprintf, spprintf > > > > sprintf offers the ability to make a lot of falures since it does not know > > the size of the buffer it uses. Therefore usage of sprintf often > > results in possible entries for buffer overrun attacks. > > SO PLEASE DO NOT USE IT! > > > > snprintf knows the buffers size and will not write behind it. but you will > > have to use either a static buffer or allocate one dynamic buffer > > before beeing able to call the function. In other words you must > > be sure that you really know the maximum size of the buffer > > required. > > A bad thing is if you hav a big maximum and in most cases you only > > need a small buffer. > > > > spprintf Is the dynamical version of snprintf it allocates the buffer in > > size > > as neede and allows a maximum setting as snprintf (turn this > > feature > > of by setting max_len to 0). spprintf is a little bit slower than > > snprintf and offers possible memory leakes if you miss freeing the > > buffer allocated by the function. Therfore this function should be > > used where either no maximum is known or the maximum is much > bigger > > then normal size required. > > > > Example: > > char *buffer; > > #define MAX 1024 > > > > spprintf(&buffer, MAX, "text"); > > if (!buffer) > > return OUT_OF_MEMORY > > action_with_buffer(); > > efree(buffer); > > > > */ > > > > > > -- > > PHP Development Mailing List <http://www.php.net/> > > To unsubscribe, visit: http://www.php.net/unsub.php > > > >-- >PHP Development Mailing List <http://www.php.net/> >To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
