apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: cvs commit: apr/strings apr_strings.c
Date Wed, 30 Jun 2004 11:46:01 GMT
Jeff Trawick wrote:
> 
> >>reviewed but not approved ;)
> >>
> >>it still has the same bug (apr_snprintf() doesn't return < 0 either)
> > 
> > 
> > Care to supply a fixed version?
> 
> IMHO the original version is sufficient for now.  In fact, the new version 
> isn't going to misbehave; it just introduces dead code.
> 
> One way of implementing the spirit of what Bill Rowe was trying to do would 
> require looking at the generated buffer instead of the return code from 
> sprintf/apr_snprintf.
> 
> For example, change
> 
> sprintf(buf, "%3d ", (int) size);
> 
> to
> 
> apr_snprintf(buf, 5, "%3d ", (int) size);
> if (buf[3] != ' ') { /* catch overflow */
>      return strcpy(buf, "****");
> }
> 

If I understand the problem correctly, doesn't snprintf() return
the number of bytes that would have been printed if there had been
no limit. Thus, can't we check that the return value is <=
the actual buffer size?

-- 
===========================================================================
   Jim Jagielski   [|]   jim@jaguNET.com   [|]   http://www.jaguNET.com/
      "A society that will trade a little liberty for a little order
             will lose both and deserve neither" - T.Jefferson

Mime
View raw message