Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WuFTPD: Providing *remote* root since at least1994

From: bernd.luevelsmeyer () HEITEC NET (Bernd Luevelsmeyer)
Date: Wed, 28 Jun 2000 12:27:17 +0200

der Mouse wrote:
[...]

Regardless of what ANSI may say, though, I still consider it a serious
bug for snprintf() to fail to NUL-terminate, except when the size
parameter is zero.


The '89 Standard doesn't know snprintf(). As far as I can tell,
compilers for the '99 Standard don't yet exist; they ought to implement
complex numbers, variable sized arrays and a lot of other goodies.
The '99 Standard agrees that the string must always be 0-terminated
except if the buffer has 0 length; it says (quoted from a draft version
of the Standard):

Synopsis
  #include <stdio.h>
  int snprintf(char * restrict s, size_t n,
         const char * restrict format, ...);
Description
The snprintf function is equivalent to fprintf, except that the output
is written into an array (specified by argument s) rather than to a
stream. If n is zero, nothing is written, and s may be a null pointer.
Otherwise, output characters beyond the n-1st are discarded rather than
being written to the array, and a null character is written at the end
of the characters actually written into the array. If copying takes
place between objects that overlap, the behavior is undefined.
Returns
The snprintf function returns the number of characters that would have
been written had n been sufficiently large, not counting the terminating
null character, or a negative value if an encoding error occurred. Thus,
the null-terminated output has been completely written if and only if
the returned value is nonnegative and less than n.
Previous By Date Next
Previous By Thread Next

Current thread: