NDT-DEV email list created

[Dominic Hamon <>]

That's possible for those that are defined as array types. However, for those that are defined within a function as raw pointers, this would not work as they would have sizeof(char*). I'll rework the patch to clean the static ones up.

Dominic Hamon | Measurement Lab

http://measurementlab.net

On Wed, Oct 31, 2012 at 3:24 PM, Aaron Brown <> wrote:

Since all of the buffers are static sized, why not do:

+ snprintf(tmpstr, sizeof(tmpstr), "%s/%s", BASEDIR, LOGFILE);

instead of 

+ snprintf(tmpstr, TMPSTR_STRLEN, "%s/%s", BASEDIR, LOGFILE);

Gets rid of the #define's for temporary things

Cheers,

Aaron

On Oct 31, 2012, at 5:30 PM, Dominic Hamon <> wrote:

Hi

I noticed that there were a few instances of sprintf in the codebase that weren't taking into account the destination buffer's size. This seemed a little dangerous to me as buffer runs can lead to invalid data as well as buffer overflow attacks.

Attached is a patch that replaces every sprintf instance with a call to sprintf.

Dominic Hamon | Measurement Lab

http://measurementlab.net

<ndt-sprintf.patch>

TIP2013, University of Hawaii Mānoa
January 13 - January 17, 2013, Honolulu, HI
http://events.internet2.edu/2013/tip/