On Sun, Feb 12, 2012 at 09:39:43AM +0100, Martin Lucina wrote: > The use of sprintf() is a security hole if the user allocated not > enough space at *addr. Please use snprintf() to ensure a maximum of > len bytes (including the string terminator) are written to *addr.
Be aware that the Windows version (and some UNIX versions) behave differently than the GCC snprintf. For example, on Windows, if the number of bytes required to store the data exceeds count, then count bytes are stored, a negative values is returned, and the string is *not* NULL terminated! Quite annoying. -- AJ Lewis Software Engineer Quantum Corporation Work: 651 688-4346 ---------------------------------------------------------------------- The information contained in this transmission may be confidential. Any disclosure, copying, or further distribution of confidential information is not permitted unless such privilege is explicitly granted in writing by Quantum. Quantum reserves the right to have electronic communications, including email and attachments, sent across its networks filtered through anti virus and spam software programs and retain such messages in order to comply with applicable data security and retention requirements. Quantum is not responsible for the proper and complete transmission of the substance of this communication or for any delay in its receipt. _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
