Re: Buffer overflow in documentation

bug-gettext

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Buffer overflow in documentation

From:	Bruno Haible
Subject:	Re: Buffer overflow in documentation
Date:	Sat, 11 Apr 2020 23:42:27 +0200
User-agent:	KMail/5.1.3 (Linux/4.4.0-174-generic; KDE/5.18.0; x86_64; ; )

Hi Roland,

> https://www.gnu.org/software/gettext/manual/html_node/Preparing-Strings.html
> 
> The above documentation mentions the sprintf function. It should rather
> mention snprintf instead, to protect against buffer overflows.

These two code snippets

  strcpy (s, "Replace ");
  strcat (s, object1);
  strcat (s, " with ");
  strcat (s, object2);
  strcat (s, "?");

and

  sprintf (s, "Replace %s with %s?", object1, object2);

are meant to highlight the difference between pieces of strings and a format
string.

In both snippets, enough memory must be present at 's'.

If the doc were to use safer string primitives, like snprintf, it would only
distract from what the example is meant to focus on.

Bruno

[Prev in Thread]

Current Thread

[Next in Thread]

Buffer overflow in documentation, Roland Illig, 2020/04/11
- Re: Buffer overflow in documentation, Markus Gothe, 2020/04/11
  - Re: Buffer overflow in documentation, Markus Gothe, 2020/04/11
- Re: Buffer overflow in documentation, Bruno Haible <=

Prev by Date: Re: Buffer overflow in documentation
Next by Date: gettext fails to parsed PHP 7.3 relaxed heredoc and phpdoc
Previous by thread: Re: Buffer overflow in documentation
Next by thread: gettext fails to parsed PHP 7.3 relaxed heredoc and phpdoc
Index(es):
- Date
- Thread