Skip to Content.
Sympa Menu

ndt-dev - Re: [ndt-dev] Replacing sprintf with snprintf

Subject: NDT-DEV email list created

List archive

Re: [ndt-dev] Replacing sprintf with snprintf

Chronological Thread 
  • From: Dominic Hamon <>
  • To: Aaron Brown <>
  • Cc:
  • Subject: Re: [ndt-dev] Replacing sprintf with snprintf
  • Date: Wed, 31 Oct 2012 15:48:30 -0700

That's possible for those that are defined as array types. However, for those that are defined within a function as raw pointers, this would not work as they would have sizeof(char*). I'll rework the patch to clean the static ones up.

Dominic Hamon | Measurement Lab

On Wed, Oct 31, 2012 at 3:24 PM, Aaron Brown <> wrote:
Since all of the buffers are static sized, why not do:

+ snprintf(tmpstr, sizeof(tmpstr), "%s/%s", BASEDIR, LOGFILE);

instead of 

+ snprintf(tmpstr, TMPSTR_STRLEN, "%s/%s", BASEDIR, LOGFILE);

Gets rid of the #define's for temporary things


On Oct 31, 2012, at 5:30 PM, Dominic Hamon <> wrote:


I noticed that there were a few instances of sprintf in the codebase that weren't taking into account the destination buffer's size. This seemed a little dangerous to me as buffer runs can lead to invalid data as well as buffer overflow attacks.

Attached is a patch that replaces every sprintf instance with a call to sprintf.

Dominic Hamon | Measurement Lab

TIP2013, University of Hawaii Mānoa
January 13 - January 17, 2013, Honolulu, HI

Archive powered by MHonArc 2.6.16.

Top of Page