This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Talk:Reviewing Code for Buffer Overruns and Overflows

Jump to: navigation, search

Under "Walking the stack", the statement "the %n directive in printf()... takes an int* and writes the number of bytes so far to that location" is incorrect. "%n" is defined for the sscanf() function, but not for printf()... unless somebody knows of a non-standard implementation of C which does behave in this way, in which case that implementation should be identified.

Use DIM or sizeof

The good patterns sections should suggest to either use sizeof or the usual DIM macro instead of hard coding the length of the buffer. I.e.:

char  smallBuffer[10]; // size of 10
strncpy(smallBuffer, userId, sizeof smallBuffer);