On Mon, Jun 28, 2010 at 2:00 AM, Jorgen Grahn <grahn+n...@snipabacken.se> wrote: > On Sun, 2010-06-27, Lawrence D'Oliveiro wrote: >> In message <roy-854954.20435125062...@news.panix.com>, Roy Smith wrote: >> >>> I recently fixed a bug in some production code. The programmer was >>> careful to use snprintf() to avoid buffer overflows. The only problem >>> is, he wrote something along the lines of: >>> >>> snprintf(buf, strlen(foo), foo); >> >> A long while ago I came up with this macro: >> >> #define Descr(v) &v, sizeof v >> >> making the correct version of the above become >> >> snprintf(Descr(buf), foo); > > This is off-topic, but I believe snprintf() in C can *never* safely be > the only thing you do to the buffer: you also have to NUL-terminate it > manually in some corner cases. See the documentation. >
snprintf goes to great lengths to be safe, in fact. You might be thinking of strncpy. -- regards, kushal -- http://mail.python.org/mailman/listinfo/python-list
