Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C++ > Buffer overrun - exit or abort?

Reply
Thread Tools

Buffer overrun - exit or abort?

 
 
Martin Eisenberg
Guest
Posts: n/a
 
      01-16-2006
Hi,

If I want to terminate a program upon finding that sprintf has
overrun its output buffer, should I prefer exit or abort from
cstdlib? Thanks.


Martin

--
Quidquid latine scriptum sit, altum viditur.
 
Reply With Quote
 
 
 
 
Victor Bazarov
Guest
Posts: n/a
 
      01-16-2006
Martin Eisenberg wrote:
> If I want to terminate a program upon finding that sprintf has
> overrun its output buffer, should I prefer exit or abort from
> cstdlib? Thanks.


This is a C question, is it not?

V
 
Reply With Quote
 
 
 
 
Martin Eisenberg
Guest
Posts: n/a
 
      01-17-2006
Victor Bazarov wrote:

> Martin Eisenberg wrote:
>> If I want to terminate a program upon finding that sprintf has
>> overrun its output buffer, should I prefer exit or abort from
>> cstdlib? Thanks.

>
> This is a C question, is it not?


No. I'm not using C and I have no reason to presume that it's just
the same or that a C user would know all that may be relevant in the
C++ context. Some also like to point out in such cases that the
mentioned functions do belong to C++...

While I'm at it, I anticipate being told just to use iostream -- the
response to that is that I really want to know, I can second-guess
myself just fine, and will do so at least twice in any case.


Martin

--
Quidquid latine scriptum sit, altum viditur.
 
Reply With Quote
 
Victor Bazarov
Guest
Posts: n/a
 
      01-17-2006
Martin Eisenberg wrote:
> Victor Bazarov wrote:
>
>> Martin Eisenberg wrote:
>>> If I want to terminate a program upon finding that sprintf has
>>> overrun its output buffer, should I prefer exit or abort from
>>> cstdlib? Thanks.

>>
>> This is a C question, is it not?

>
> No. I'm not using C and I have no reason to presume that it's just
> the same or that a C user would know all that may be relevant in the
> C++ context. Some also like to point out in such cases that the
> mentioned functions do belong to C++...
>
> While I'm at it, I anticipate being told just to use iostream -- the
> response to that is that I really want to know, I can second-guess
> myself just fine, and will do so at least twice in any case.


The reason I asked was simple: 'sprintf', 'exit', and 'abort' are
all Standard C library functions, and they (C folks) probably know
more what's going to happen and what to do to rectify things. I
only know one thing: if the buffer gets overrun, the behaviour of
the program in which it happens is undefined. For all we know, if
you call 'exit', it might instead behave as if you called 'abort'
and vice versa...

V


 
Reply With Quote
 
Ian Collins
Guest
Posts: n/a
 
      01-17-2006
Martin Eisenberg wrote:
> Hi,
>
> If I want to terminate a program upon finding that sprintf has
> overrun its output buffer, should I prefer exit or abort from
> cstdlib? Thanks.
>

Depends on your platform I guess, if abort provides some form of
post-mortem debug (like a UNIX core file), use it. This more of an
exception tan an error condition, this sort of thing you'd trap with an
assert - which often calls abort.

--
Ian Collins.
 
Reply With Quote
 
Jack Klein
Guest
Posts: n/a
 
      01-17-2006
On 16 Jan 2006 23:09:31 GMT, Martin Eisenberg
<(E-Mail Removed)> wrote in comp.lang.c++:

> Hi,
>
> If I want to terminate a program upon finding that sprintf has
> overrun its output buffer, should I prefer exit or abort from
> cstdlib? Thanks.
>
>
> Martin


Once your program has written beyond memory that belongs to it, you
have entered the realm of undefined behavior. There is no guarantee
that your program will survive to detect it.

If you can't guarantee that your program will not overwrite a buffer
using sprintf(), don't use sprintf().

--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://c-faq.com/
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.learn.c-c++
http://www.contrib.andrew.cmu.edu/~a...FAQ-acllc.html
 
Reply With Quote
 
Markus Becker
Guest
Posts: n/a
 
      01-17-2006
Martin Eisenberg <(E-Mail Removed)> schrieb:

> If I want to terminate a program upon finding that sprintf has
> overrun its output buffer, should I prefer exit or abort from
> cstdlib? Thanks.


Don't use sprintf, use snprintf.

Markus
 
Reply With Quote
 
Martin Eisenberg
Guest
Posts: n/a
 
      01-18-2006
Markus Becker wrote:

> Martin Eisenberg <(E-Mail Removed)> schrieb:
>
>> If I want to terminate a program upon finding that sprintf has
>> overrun its output buffer, should I prefer exit or abort from
>> cstdlib? Thanks.

>
> Don't use sprintf, use snprintf.


Is vsnprintf also standard? GCC has it but I don't see either in the
'97 standard draft.


Martin

--
Quidquid latine scriptum sit, altum viditur.
 
Reply With Quote
 
Earl Purple
Guest
Posts: n/a
 
      01-18-2006

Martin Eisenberg wrote:
> Markus Becker wrote:
>
> > Martin Eisenberg <(E-Mail Removed)> schrieb:
> >
> >> If I want to terminate a program upon finding that sprintf has
> >> overrun its output buffer, should I prefer exit or abort from
> >> cstdlib? Thanks.

> >
> > Don't use sprintf, use snprintf.

>
> Is vsnprintf also standard? GCC has it but I don't see either in the
> '97 standard draft.


Why use a printf variant at all? Use streams, or boost::format if you
really want printf-style.

Better not to use variable argument lists too.

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
buffer overrun error Peter Computer Support 7 04-28-2007 09:53 PM
Buffer overrun error? no one Computer Support 5 01-08-2007 05:53 PM
.net takes some mesures to prevent the buffer overrun, I want to know something about it Nico C++ 2 10-15-2006 06:42 PM
SECURITY ADVISORY [PSF-2006-001] Buffer overrun in repr() for UCS-4encoded unicode strings Anthony Baxter Python 0 10-12-2006 07:31 AM
wot is buffer overrun how do i fix it Leanne McLoughlin Computer Support 7 01-26-2006 01:20 PM



Advertisments