Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Secure coding in C (was Re: Administrivia #4883)

From: marcow () JENA ENG SUN COM (Marco Walther)
Date: Fri, 21 Jan 2000 10:48:10 -0800


"BB" == Blue Boar <BlueBoar () THIEVCO COM> writes:


BB> Seth R Arnold wrote:


On Thu, Jan 20, 2000 at 11:57:38PM -0800, Marco Walther wrote:

And the same paragraph from the Solaris 8 snprintf man page:

"     The snprintf() function is identical to sprintf()  with  the
     addition  of the argument n, which specifies the size of the
     buffer referred to by s. The  buffer  is  always  terminated
     with the null byte."

I've tried a small test case on Solaris 7 and it looks like the man is
not correct there?!

#include <stdio.h>

main()
{
  char b[10];

  snprintf(b, 10, "I'm a really long test string!\n");

  printf("b[9]= %d\n", (int)b[9]);
}

returns `b[9]= 0'


Marco, might I be so bold to ask what you expected to happen? AFAICT, that
is correct behavior..



BB> I *believe* (And I'll let Marco explain himself too, if and when the post
BB> arrives) that what he's trying to demonstrate is that it does in fact
BB> work correctly, as you've said.  The problem was that the Solaris 7 docs
BB> say it won't necessarily work correctly, even though it looks like it does.

Yes, that was exactly my point. I've checked this a little bit further
and it's really a bug in the man page of Solaris 7. It's fixed for
Solaris 8.

Thanks,
-- Marco

--
Previous By Date Next
Previous By Thread Next

Current thread: