httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: and now back to snprintf (fwd)
Date Wed, 15 Jan 1997 19:12:00 GMT
On Wed, 15 Jan 1997, Jim Jagielski wrote:

> Marc Slemko wrote:
> > 
> > Cough.
> > 
> > I don't see how this works.  Either you have to allocate an array of
> > infinite length or you have to parse and modify the format string, no?
> 
> Here's what I do.
> 
> 	char temp[20480];
> 	written = sprintf(temp, ......)
> 
> I then check to see if written > 20480 and if so generate an
> error just in case. I then do a min of written and the len
> parameter to snprintf() and copy from temp to the actual
> buffer. I clear out temp[], just in case as well and return.

Ugh.  Double ugh.  Triple ugh.

I just plain don't like it.

> 
> I was toying with actually throwing a SIGSEGV if written > 20480

You _need_ to have the server abort before it does _anything_. 
Unfortunately, anything may include aborting so, to be safe, it may have
to abort before abortin which is a little difficult to do. 

> 
> > 
> > A log message to errorlog when things are truncated would be cool, but
> > could potentially cause problems where snprintf is used with the intent of
> > truncating things in normal operation.  That isn't done in the current
> > code (because, well... nothing used snprintf...) but it could be done in
> > the future. 
> > 
> > On Tue, 14 Jan 1997, Jim Jagielski wrote:
> > 
> > > Marc Slemko wrote:
> > > > 
> > > > I was planning on forwarding them... when I got around to it.  <sigh>
> > > > 
> > > > I don't think there is too much that wasn't sent to the list, and some
of
> > > > it is from the same OS's, but I will forward it to you... 
> > > > 
> > > > I am not yet sure if there is a problem with the 64-bit stuff or if it
is
> > > > a problem with my test code.  It could be something trivial, or it could
> > > > be a nightmare.  Worst case I guess would be that any 64-bit platforms
> > > > without their own snprintf need to just use a wrapper around sprintf.
> > > > Sameer has given me access to a 64-bit machine, so I'm taking a look when
> > > > I get a chance...
> > > > 
> > > 
> > > I also have a wrapper than I'm more comfy with using... Basically
> > > it uses an automatic char array and uses sprintf() to there.
> > > It then copies the real info from that array to the buffer pointed
> > > to by snprintf(), with all needed limits, etc... I was thinking
> > > about adding a log to error-log when buffers are overwritten.
> > > One nice thing about this is that it uses the OS's own sprintf()
> > > implementation which, we assume, works :)
> > > 
> > > -- 
> > > ====================================================================
> > >       Jim Jagielski            |       jaguNET Access Services
> > >      jim@jaguNET.com           |       http://www.jaguNET.com/
> > >                   "Not the Craw... the CRAW!"
> > > 
> > 
> 
> 
> -- 
> ====================================================================
>       Jim Jagielski            |       jaguNET Access Services
>      jim@jaguNET.com           |       http://www.jaguNET.com/
>                   "Not the Craw... the CRAW!"
> 


Mime
View raw message