Vulnerability Development mailing list archives

Re: OT: snprintf() null termination

From: Gerardo Richarte <core.lists.exploit-dev () core-sdi com>
Date: Thu, 30 May 2002 15:21:02 -0300

Vanja Hrustic wrote:

So - do all platforms properly null-terminate string (on overflow) when
snprintf() is used, or one should still use "sizeof(string)-1" for the
size of the snprintf()-ed string?


    regarding snprintf():

    -Linux, Solaris and OpenBSD do terminate with NUL when not enough space is available
    -Windows does not (Microsoft's libraries, at least up to Visual Studio 6)

    the other OSes where not tested, but I guess most unixes will (just guessing)

    gera


--- for a personal reply use: Gerardo Richarte <gera () corest com>

Current thread:

OT: snprintf() null termination Vanja Hrustic (May 30)
- Re: OT: snprintf() null termination Gerardo Richarte (May 30)
- <Possible follow-ups>
- RE: OT: snprintf() null termination Michael Wojcik (May 30)