Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / Languages / Managed C++ / September 2005

Tip: Looking for answers? Try searching our database.

snprintf question

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Bruno van Dooren - 14 Sep 2005 20:44 GMT
Hi,

this might be a strange question, but why is snprintf not guaranteed to nul
terminate a string?
i thought the whole point of those sn functions was to prevent these errors.

sure, they prevent buffer overwrites, but callers can still screw up bad if
they don't always make sure for themselves that the 0 is there before they
let someone else read the contents.

now you still have the problem that you have to make that check everywhere,
instead of not having to bother.

kind regards,
   Bruno.
Reply to this Message
William DePalo [MVP VC++] - 14 Sep 2005 20:57 GMT
> this might be a strange question, but why is snprintf not guaranteed to
> nul terminate a string?

History, mostly.

As I see it, there are two ways to go when the string being written exceeds
the space avaialble to it.

1) truncate and null terminate
2) just truncate

C has always had the mindset that the programmer knows what he is doing or
should know. So, it chooses option 2.

> i thought the whole point of those sn functions was to prevent these
> errors.

You may be thinking of the new "safe" string functions

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/sec
ure03102004.asp

> sure, they prevent buffer overwrites, but callers can still screw up bad
> if they don't always make sure for themselves that the 0 is there before
> they let someone else read the contents.

Yup. The docs do mention in their security note that

   snprintf(s, ...)

should be followed by

   s[n - 1] = 0;

where n = the number of characters in s.

> now you still have the problem that you have to make that check
> everywhere, instead of not having to bother.

Yup. Sadly, such is life. Since C "strings" are just arrays, and since
"strings" are passed by simple pointer, called functions have no
authoritative source for string length.

Regards,
Will
Reply to this Message
Ronald Laeremans [MSFT] - 14 Sep 2005 20:59 GMT
> Hi,
>
[quoted text clipped - 11 lines]
> kind regards,
>     Bruno.

Hi Bruno,

Take a look at the following link:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/sec
ure03102004.asp

Ronald Laeremans
Visual C++ team
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.