> > I've just check BCC5.5 and it's even worse. BCC *ignores* buffer size > in [v]snprintf() functions so there is not protection at all. It means > that also our hb_snprintf() which uses internally vsnprintf() does > not give any protection. It's _VERY_ serious bug and it means that > at least for this compiler we _MUST_ switch to hb_snprintf_c() or > we will have potential buffer overflows in core code. > It will be good to test also other C compilers.
Heavy news. BCC looks unfit for production work in my view. I think we should switch to hb_snprintf_c() for all platforms. (by simply renaming it to hb_snprintf() and remove the #define tricks.) Brgds, Viktor
_______________________________________________ Harbour mailing list Harbour@harbour-project.org http://lists.harbour-project.org/mailman/listinfo/harbour
