avoid buffer overflow using sprintf?

07-03-2006

How can I rewrite this code to avoid the possibility of a
buffer overflow?

sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );

Here:
errmsg = a string
dwErrCode = a number
s = a string
I do have value 'errbuflen' = length of buffer 'errbuf'.
I'm just not using it.
Is there any easy way? Or is there only the hard way?

07-03-2006

Susan Rice wrote:
> How can I rewrite this code to avoid the possibility of a
> buffer overflow?
>
> sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );
>
> Here:
> errmsg = a string
> dwErrCode = a number
> s = a string
> I do have value 'errbuflen' = length of buffer 'errbuf'.
> I'm just not using it.
> Is there any easy way? Or is there only the hard way?

Use std::strings and std::stringstreams instead:

ostringstream errbuf;
errbuf << errmsg << "\nError is: " << dwErrCode << ':' << s << '\n';

You can retrieve the resulting message with "errbuf.str()" which, if
needed, can be converted to a C-style string like this:
"errbuf.str().c_str()".

Cheers! --M

07-03-2006

* Susan Rice:
> How can I rewrite this code to avoid the possibility of a
> buffer overflow?
>
> sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );
>
> Here:
> errmsg = a string
> dwErrCode = a number
> s = a string
> I do have value 'errbuflen' = length of buffer 'errbuf'.
> I'm just not using it.
> Is there any easy way? Or is there only the hard way?

std:

stringstream stream;
stream << errmsg << "\nError is: " << dwErrCode << ": " << s << "\n";
// Do something with stream.str()

Btw., Hungarian notation like the prefix 'dw' is likely to cause you all
kinds of trouble, and reduces readability, without conferring /any/
advantage with modern tools.

--
A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?

07-04-2006

Susan Rice wrote:
> How can I rewrite this code to avoid the possibility of a
> buffer overflow?
>
> sprintf(errbuf, "%s\nError is: %u: %s\n", errmsg, dwErrCode, s );
>
> Here:
> errmsg = a string
> dwErrCode = a number
> s = a string
> I do have value 'errbuflen' = length of buffer 'errbuf'.
> I'm just not using it.
> Is there any easy way? Or is there only the hard way?

An easy way to do it is with snprintf(), which lets you specify the
maximum number of characters to store in the output buffer. Your code
would become:

snprintf(errbuf, errbuflen, "%s\nError is: %u: %s\n", errmsg,
dwErrCode, s);

If your C library does not snprintf(), you can get a free
implementation here:

http://www.ijs.si/software/snprintf/

Regards,
Markus.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
When using System.IO.FileStream, I write 8 bytes, then seek to the start of the file, does the 8 bytes get flushed on seek and the buffer become a readbuffer at that point instead of being a write buffer?	DR	ASP .Net	2	07-29-2008 09:50 AM
When using System.IO.FileStream, I write 8 bytes, then seek to the start of the file, does the 8 bytes get flushed on seek and the buffer become a readbuffer at that point instead of being a write buffer?	DR	ASP .Net Building Controls	0	07-29-2008 01:37 AM
How to avoid overflow errors	Steven D'Aprano	Python	10	09-16-2007 12:56 AM
How to avoid stack overflow in C????	amit.atray@gmail.com	C Programming	7	02-14-2007 05:18 AM
Using aspnet Impersonation, ASPNET_SETREG, applicaton throws buffer overflow.	jay@gloryfish.org	ASP .Net	2	10-21-2005 04:39 PM