[Fribidi-discuss] Building fribidi on OSF1 alpha: snprintf
Omer Zak
omerz at actcom.co.il
Wed Jan 23 04:12:09 EST 2002
Hello Nadav,
On Wed, 23 Jan 2002, Nadav Har'El wrote:
> On Wed, Jan 23, 2002, Omer Zak wrote about "Re: [Fribidi-discuss] Building fribidi on OSF1 alpha: snprintf":
> > ... and of course, several computers are cracked into by exloiting buffer
> > overflows.Let's stamp out sprintf everywhere we see it. Even where it
> > doesn't seem to cause harm today.Code gets maintained, and tomorrow
> > someone may neglect to prove that sprintf-created strings don't overflow
> > their allotted space.
>
> Why not use snprintf, and if snprintf is not available (you ARE using
> autoconf, aren't you?) #define it to be sprintf?
Except for a minor detail, I wholeheartedly agree with this suggestion.
The minor detail is that support for macros with variable number of
arguments is needed. gcc supports this, but some other platforms may not
support this.
FriBidi does use autoconf.
The best solution to the problem is to find source code which implements
snprintf in terms of vsprintf (and varargs macros). Then have autoconf
add this snprintf implementation (preferably with a warning written in
bright red blood on the display) if the system doesn't support snprintf.
--- Omer
Famous last words: "It would not happen to me."
WARNING TO SPAMMERS: at http://www.zak.co.il/spamwarning.html
More information about the FriBidi
mailing list