Przemek,
Yes you're right. But sorry for my bad English.
http://www.opengroup.org/onlinepubs/009695399/functions/fprintf.html
"Return value: Upon successful completion, the snprintf() function shall return the number of bytes that would be written to s
had n been sufficiently large *excluding the terminating null byte* ."
Now hb_snprintf_c() include in the return value "size" the terminating null
byte, you know?.
char cBuffer[ 4096 ];
size_t size = snprintf( cBuffer, sizeof(cBuffer), " %s ", "Hello" );
ASSERT( size == strlen(cBuffer) ); /* C99 */
size = hb_snprintf_c( cBuffer, sizeof(cBuffer), " %s ", "Hello" );
ASSERT( size == strlen(cBuffer) + 1 ); /* No C99 */
Best regards,
Xavi
Przemyslaw Czerpak escribió:
On Wed, 28 Jan 2009, Xavi wrote:
Hi Xavi,
I cannot find such code in hbprintf.c.
In the line 1181: ++size;
Sorry, I needed added for testing the if( c != 0 ) and
I thought that you would see more clearly.
Sorry, it confused me.
hb_printf_c() for sure sets trailing \0 byte in all cases even if buffer
is too small.
Yes, but return size accumulate the \0 byte (terminating null) and sprintf
or snprintf not.
It's also possible in 1183: while( c != 0 ); --size;
Sorry but I do not understand. sprintf() does not have any buffer overflow
protection so it will always write whole output to memory with trailing 0
corrupting the memory if buffer is too small and it's the reason why we do
not use this function.
snprintf() should always sat triling 0 _inside_ the buffer consuming one
byte fo rit. It's documented ISO C99 behavior:
The functions snprintf() and vsnprintf() do not write more than size
bytes (including the trailing '\0'). If the output was truncated due
to this limit then the return value is the number of characters (not
including the trailing '\0') which would have been written to the final
string if enough space had been available. Thus, a return value of
size or more means that the output was truncated. (See also below
under NOTES.)
and hb_snprintf_c() fully respects this fact. If the buffer is two small
then trailing 0 is set in line 1196:
/* always set trailing \0 !!! */
if( bufsize )
buffer[ bufsize - 1 ] = 0;
If BCC does not work in such way then it's yet another bug in BCC.
<wait>
I've just check BCC5.5 and it's even worse. BCC *ignores* buffer size
in [v]snprintf() functions so there is not protection at all. It means
that also our hb_snprintf() which uses internally vsnprintf() does
not give any protection. It's _VERY_ serious bug and it means that
at least for this compiler we _MUST_ switch to hb_snprintf_c() or
we will have potential buffer overflows in core code.
It will be good to test also other C compilers.
best regards,
Przemek
_______________________________________________
Harbour mailing list
Harbour@harbour-project.org
http://lists.harbour-project.org/mailman/listinfo/harbour
_______________________________________________
Harbour mailing list
Harbour@harbour-project.org
http://lists.harbour-project.org/mailman/listinfo/harbour
