Vulnerability Development mailing list archives
Re: Secure coding in C (was Re: Administrivia #4883)
From: fygrave () EPR0 ORG (CyberPsychotic)
Date: Sat, 22 Jan 2000 13:44:57 +0500
~:> main() ~:> { ~:> char b[10]; ~:> ~:> snprintf(b, 10, "I'm a really long test string!\n"); ~:> ~:> printf("b[9]= %d\n", (int)b[9]); ~:> } ~:> ~:> returns `b[9]= 0' ~: ~:Marco, might I be so bold to ask what you expected to happen? AFAICT, that ~:is correct behavior.. ~: ~:But, my C coding experience is .. limited. :) This depends on libc implementation really. The older snprintf code would place the 10th caracter into b[9] and wouldn't end it up with zero. I don't have the information regarding the libc's which are broken ready on the moment, but I could make a little reseach, if someone's interested. Anyway the rule of sane coding always dictates to declare b buffer as b[MAX_POSSIBLE_LENGTH+1];
Current thread:
- Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days, (continued)
- Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days kay (Jan 18)
- Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21Days Blue Boar (Jan 18)
- e-commerce site security (was: Re: Solar Eclipse's Guide To Stealing 100000 Credit Cards in 21 Days) Jon Paul, Nollmann (Jan 18)
- Re: Secure coding in C (was Re: Administrivia #4883) Warner Losh (Jan 17)
- Re: Secure coding in C (was Re: Administrivia #4883) Tellier, Brock (Jan 20)
- Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 20)
- Re: Secure coding in C (was Re: Administrivia #4883) Seth R Arnold (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Blue Boar (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Mikael Olsson (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) Marco Walther (Jan 21)
- Re: Secure coding in C (was Re: Administrivia #4883) CyberPsychotic (Jan 22)
- Re: Secure coding in C (was Re: Administrivia #4883) Marc Esipovich (Jan 21)
- Generalized List of Threats and Vulnerabilities Dave Drake (Jan 21)
- Re: Generalized List of Threats and Vulnerabilities Seth R Arnold (Jan 21)
- Re: Generalized List of Threats and Vulnerabilities Crispin Cowan (Jan 23)
- Re: Generalized List of Threats and Vulnerabilities John Duksta (Jan 21)
- Administrivia #5218 Blue Boar (Jan 21)
- Re: Administrivia #5218 Imran Ghory (Jan 22)
- Re: Administrivia #5218 kjkotas (Jan 22)
- Re: Administrivia #5218 Granquist, Lamont (Jan 24)
- Re: Administrivia #5218 Bob Fiero (Jan 22)