[Fribidi-discuss] Building fribidi on OSF1 alpha: snprintf
Omer Zak
omerz at actcom.co.il
Tue Jan 22 23:07:03 EST 2002
On Wed, 23 Jan 2002, Tzafrir Cohen wrote:
> On Wed, 23 Jan 2002, Omer Zak wrote:
[... snipped ...]
> > Anyone who doesn't have snprintf in his OS - refer him to the punishment
> > meted out to people who post stupid newbie questions to the Linux-IL
> > mailing list.
> >
> > If someone MUST compile without snprintf, it means that his OS is very
> > very insecure.
>
> Actually, most of the code uses sprintf. Only some of the latest code uses
> snprintf.
... and of course, several computers are cracked into by exloiting buffer
overflows. Let's stamp out sprintf everywhere we see it. Even where it
doesn't seem to cause harm today. Code gets maintained, and tomorrow
someone may neglect to prove that sprintf-created strings don't overflow
their allotted space.
> FWIW I can see snprintf.o in /lib/libdb.a of that computer. I Can find no
> trace to snprintf in any system header file.
Maybe the system header files being used there are from older version?
--- Omer
There is no IGLU Cabal. Something bad, which couldn't possibly happen
under any cirucmstances, did happen. The IGLU Cabal founders, who were
supposed to know better, were too ashamed of the failure to be able to
continue to found the IGLU Cabal.
WARNING TO SPAMMERS: see at http://www.zak.co.il/spamwarning.html
More information about the FriBidi
mailing list