Re: [Flightgear-devel] a FIXME in fg_props.cxx
> > > * [EMAIL PROTECTED] (Gene Buckle) [2003.11.12 10:35]: > > > > code: > > > > > > > > static const char * > > > > getDateString () > > > > { > > > > static char buf[64]; // FIXME > > > > struct tm * t = globals->get_time_params()->getGmt(); > > > > sprintf(buf, "%.4d-%.2d-%.2dT%.2d:%.2d:%.2d", > > > > t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, > > > > t->tm_hour, t->tm_min, t->tm_sec); > > > > return buf; > > > > } > > > > > > > > Why the FIXME in the declaration of buf? Is there a better way of doing > > > > that? Is there a buffer overrun concern or something? > > > > > > We should at least be using snprintf() here. > > > > > So what makes snprintf() a better choice than sprintf()? > > > snprintf(buf, buflen, format, ...) will not write more than buflen > characters (including the trailing '\0') - this protects you against > a possible buffer overflow . . . > > It probably isn't necessary in this case, but it's a Good Habit To > Get Into(tm). > Thanks Simon. g. ___ Flightgear-devel mailing list [EMAIL PROTECTED] http://mail.flightgear.org/mailman/listinfo/flightgear-devel
Re: [Flightgear-devel] a FIXME in fg_props.cxx
On Thursday 13 November 2003 06:54, Gene Buckle wrote: > On Wed, 12 Nov 2003, Cameron Moore wrote: > > * [EMAIL PROTECTED] (Gene Buckle) [2003.11.12 10:35]: > > > static const char * > > > getDateString () > > > { > > > static char buf[64]; // FIXME > > > struct tm * t = globals->get_time_params()->getGmt(); > > > sprintf(buf, "%.4d-%.2d-%.2dT%.2d:%.2d:%.2d", > > > t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, > > > t->tm_hour, t->tm_min, t->tm_sec); > > > return buf; > > > } > > We should at least be using snprintf() here. > So what makes snprintf() a better choice than sprintf()? With snprintf, you can make sure buf will never overflow. Though I guess it's impossible to overflow buf with the format-string that's used now. --Ivo ___ Flightgear-devel mailing list [EMAIL PROTECTED] http://mail.flightgear.org/mailman/listinfo/flightgear-devel
Re: [Flightgear-devel] a FIXME in fg_props.cxx
On Wed, Nov 12, 2003 at 09:54:34PM -0800, Gene Buckle wrote: > > On Wed, 12 Nov 2003, Cameron Moore wrote: > > > * [EMAIL PROTECTED] (Gene Buckle) [2003.11.12 10:35]: > > > code: > > > > > > static const char * > > > getDateString () > > > { > > > static char buf[64]; // FIXME > > > struct tm * t = globals->get_time_params()->getGmt(); > > > sprintf(buf, "%.4d-%.2d-%.2dT%.2d:%.2d:%.2d", > > > t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, > > > t->tm_hour, t->tm_min, t->tm_sec); > > > return buf; > > > } > > > > > > Why the FIXME in the declaration of buf? Is there a better way of doing > > > that? Is there a buffer overrun concern or something? > > > > We should at least be using snprintf() here. > > > So what makes snprintf() a better choice than sprintf()? > snprintf(buf, buflen, format, ...) will not write more than buflen characters (including the trailing '\0') - this protects you against a possible buffer overflow . . . It probably isn't necessary in this case, but it's a Good Habit To Get Into(tm). Simon -- PGP public key Id 0x144A991C, or http://himi.org/stuff/himi.asc (crappy) Homepage: http://himi.org doe #237 (see http://www.lemuria.org/DeCSS) My DeCSS mirror: ftp://himi.org/pub/mirrors/css/ pgp0.pgp Description: PGP signature ___ Flightgear-devel mailing list [EMAIL PROTECTED] http://mail.flightgear.org/mailman/listinfo/flightgear-devel
Re: [Flightgear-devel] a FIXME in fg_props.cxx
On Wed, 12 Nov 2003, Cameron Moore wrote: > * [EMAIL PROTECTED] (Gene Buckle) [2003.11.12 10:35]: > > code: > > > > static const char * > > getDateString () > > { > > static char buf[64]; // FIXME > > struct tm * t = globals->get_time_params()->getGmt(); > > sprintf(buf, "%.4d-%.2d-%.2dT%.2d:%.2d:%.2d", > > t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, > > t->tm_hour, t->tm_min, t->tm_sec); > > return buf; > > } > > > > Why the FIXME in the declaration of buf? Is there a better way of doing > > that? Is there a buffer overrun concern or something? > > We should at least be using snprintf() here. > So what makes snprintf() a better choice than sprintf()? g. ___ Flightgear-devel mailing list [EMAIL PROTECTED] http://mail.flightgear.org/mailman/listinfo/flightgear-devel
Re: [Flightgear-devel] a FIXME in fg_props.cxx
* [EMAIL PROTECTED] (Gene Buckle) [2003.11.12 10:35]: > code: > > static const char * > getDateString () > { > static char buf[64]; // FIXME > struct tm * t = globals->get_time_params()->getGmt(); > sprintf(buf, "%.4d-%.2d-%.2dT%.2d:%.2d:%.2d", > t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, > t->tm_hour, t->tm_min, t->tm_sec); > return buf; > } > > Why the FIXME in the declaration of buf? Is there a better way of doing > that? Is there a buffer overrun concern or something? We should at least be using snprintf() here. Pardon me while I gripe a moment. It's usually a good idea to put a description next to a FIXME comment for precisely this reason. It would be a great help to people who are looking for something to do. It's also usually a good idea to keep a constant CVS repository so we can go back and see who added this code and if they said anything in the cvs-commit message about what is broken. All of the CVS history prior to Flightgear-0.9.0 is gone. :-/ gripe_mode=0; -- Cameron Moore [ I'm ashamed the lead singer of the Dixie Chicks is from Texas. ] ___ Flightgear-devel mailing list [EMAIL PROTECTED] http://mail.flightgear.org/mailman/listinfo/flightgear-devel