Difference between revisions of "Talk:Reviewing Code for Buffer Overruns and Overflows"

Latest revision as of 17:42, 1 May 2007

Under "Walking the stack", the statement "the %n directive in printf()... takes an int* and writes the number of bytes so far to that location" is incorrect. "%n" is defined for the sscanf() function, but not for printf()... unless somebody knows of a non-standard implementation of C which does behave in this way, in which case that implementation should be identified.

Use DIM or sizeof

The good patterns sections should suggest to either use sizeof or the usual DIM macro instead of hard coding the length of the buffer. I.e.:

char  smallBuffer[10]; // size of 10
strncpy(smallBuffer, userId, sizeof smallBuffer);
...

Difference between revisions of "Talk:Reviewing Code for Buffer Overruns and Overflows"

Latest revision as of 17:42, 1 May 2007

Use DIM or sizeof

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools

@@ Line 1: / Line 1: @@
 Under "Walking the stack", the statement "the %n directive in printf()... takes an int* and writes the number of bytes so far to that location" is incorrect.  "%n" is defined for the sscanf() function, but not for printf()... unless somebody knows of a non-standard implementation of C which does behave in this way, in which case that implementation should be identified.
+== Use DIM or sizeof ==
+The good patterns sections should suggest to either use sizeof or the usual DIM macro instead of hard coding the length of the buffer.  I.e.:
+ char  smallBuffer[10]; // size of 10
+ strncpy(smallBuffer, userId, sizeof smallBuffer);
+ ...