[Info-vax] Whither VMS?
Michael Kraemer
M.Kraemer at gsi.de
Sun Oct 4 21:28:20 EDT 2009
Bob Koehler schrieb:
>
> This is a common problem with C library routines such as strcat.
>
No, it's a common problem of programming which predates C:
if you write to a buffer, make sure that:
a) you own it,
b) it's always large enough.
strcat() simply assumes that you have calloc'ed the target
buffer large enough before you use it.
Which is easy because one can query the string lengths before.
It's not so easy with fgets() because one can't guess
what's coming down the line.
Likewise with sprintf(), one doesn't know how much space
the formatted stuff would need.
snprintf() is sort of a security patch for that problem,
but not a real solution.
So these two functions are about the only "dangereous" ones
I can remember because you can't really use them safely in their
usual context.
More information about the Info-vax
mailing list