Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace sprintf with snprintf #6

Closed
morgant opened this issue Dec 11, 2020 · 3 comments
Closed

Replace sprintf with snprintf #6

morgant opened this issue Dec 11, 2020 · 3 comments
Assignees
@morgant
Labels
enhancement
Milestone
0.9.2

Comments

@morgant
Copy link
Owner

morgant commented Dec 11, 2020
edited
Loading

Much of the code still uses sprintf(), but should use snprintf() instead to prevent potential buffer overflows.
@morgant morgant self-assigned this Dec 11, 2020
morgant added a commit that referenced this issue Dec 26, 2020
@morgant
Convert sprintf()s to snprintf()s. Issue #6
7c8f22f
@morgant
Copy link
Owner Author

morgant commented Dec 26, 2020

I have converted all the sprintf() calls that used string formats to snprintf() calls. I didn't convert any of the calls using numerical formats as it was explained to me that there wasn't a buffer overrun issue with those (please correct me if wrong).

I also see a couple strcat() calls that should probably be replaced with snprintf() calls.

morgant added a commit that referenced this issue Dec 27, 2020
@morgant
Convert strcat()s to snprintf()s. Issue #6
5ed03df
@morgant
Copy link
Owner Author

morgant commented Dec 27, 2020
edited
Loading

I was tempted to replace the strcat() calls with strlcat() from OpenBSD, but I didn't want to include another dependency on non-OpenBSD platforms, so went with snprintf(). This is how fvwm on OpenBSD does it and mlvwm was originally based on fvwm, so it feels right.

Further discussion of the options, including OpenBSD's strlcat() can be found in Efficient string copying and concatenation in C.

@morgant morgant added this to the 0.9.2 milestone Dec 27, 2020
@morgant
Copy link
Owner Author

morgant commented Dec 30, 2020

I haven't run into any issues with my — admittedly light — testing so far, so l merged in these changes.

@morgant morgant closed this as completed Dec 30, 2020
This was referenced Sep 3, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@morgant morgant

Labels
enhancement
Projects
None yet
Milestone
0.9.2
Development

No branches or pull requests
1 participant
@morgant