Re: Unchecked sprintf/strcat?
* Mon May 22 2006 Oswald Buddenhagen <ossi@xxxxxxx>
> i think you are mixing up two cases:
> 1) intended possible truncation
> 2) buffer overflow
> 1) should obviously go silently, while 2) should at least spit out a
> blatant "internal error" message one simply can't miss. that means:
> - snprintf() and strlcpy()/strlcat() for truncation
> - safe_sprintf() and safe_strcpy()/safe_strcat() for assert or message +
Okay, good insight! If I understood you correctly, I have to use
safe_* only for critical data such as filenames, urls, commands,
and usernames. snprintf/strfcpy/strfcat for simple messages which
can be safely truncated.
What about this patch:
- strfcat / safe_strcat
- strfcpy / safe_strfcpy
- snprintf / safe_snprintf
safe_* will abort() to dump core if overflowed.