[cdesktopenv-devel] use sizeof when converting from sprintf() to snprintf()

Marc Balmer Wed, 08 Aug 2012 22:18:21 -0700

When converting sprintf() to snprintf(), don't use the idiom

char foo[BUFSIZ];
snprintf(foo, BUFSIZ, ....);


but

char foo[BUFSIZ];
snprintf(foo, sizeo foo, ....);

because this will automatically catch situations where the size of foo
is later changed, e.g. like  foo[BUFSIZ + 8];

The attached patch fixes this, plus one other occurence of sprintf to
illustrate the concept.

>From 3b4f65887cc75464814d499dfb6882635c85026f Mon Sep 17 00:00:00 2001
From: Marc Balmer <m...@msys.ch>
Date: Thu, 9 Aug 2012 07:08:05 +0200
Subject: [PATCH] When converting sprintf() to snprintf(), don't use the idiom

char foo[BUFSIZ];
snprintf(foo, BUFSIZ, ....);

but

char foo[BUFSIZ];
snprintf(foo, sizeo foo, ....);

because this will automatically catch situations where the size of foo
is later changed, e.g. like  foo[BUFSIZ + 8];

Fix another use of sprintf.
---
 cde/programs/dtaction/Main.c      |    2 +-
 cde/programs/dtterm/util/logger.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/cde/programs/dtaction/Main.c b/cde/programs/dtaction/Main.c
index 13f2d24..b06a9f9 100644
--- a/cde/programs/dtaction/Main.c
+++ b/cde/programs/dtaction/Main.c
@@ -898,7 +898,7 @@ GetUserPrompt( void )
    XmString cancelLabel;
    XmString okLabel;
 
-   snprintf(prompt, BUFSIZ, (GETMESSAGE(1,5, "Enter password for user %s:")), 
+   snprintf(prompt, sizeof prompt, (GETMESSAGE(1,5, "Enter password for user 
%s:")), 
             appArgs.user);
    xmString = XmStringCreateLocalized(prompt);
    xmString2 =XmStringCreateLocalized(GETMESSAGE(1,6, "Action Invoker - 
Password"));
diff --git a/cde/programs/dtterm/util/logger.c 
b/cde/programs/dtterm/util/logger.c
index e7b43ee..0f51669 100644
--- a/cde/programs/dtterm/util/logger.c
+++ b/cde/programs/dtterm/util/logger.c
@@ -146,7 +146,7 @@ logStartStop(char *progName, int logfd, int start)
     /* remove the trailing '\n'... */
     tstring[strlen(tstring) - 1] = '\0';
 
-    (void) sprintf(buffer, "%s: %s %s\n",
+    (void) snprintf(buffer, sizeof buffer, "%s: %s %s\n",
            (savedProgName && *savedProgName) ? savedProgName : "logger",
            start ? "starting" : "terminating",
            tstring);
-- 
1.7.2.5

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
cdesktopenv-devel mailing list
cdesktopenv-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cdesktopenv-devel

[cdesktopenv-devel] use sizeof when converting from sprintf() to snprintf()

Reply via email to