Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Note that snprintf returns the number of bytes that would have been written if the dest buffer were large enough, not the number of bytes actually written. I've seen a few projects misunderstand that and write code like this:

    for (i = 0; i < ...; i++) {
        offset += snprintf(
            dest + offset,
            sizeof(dest) - offset,
            "%s...",
            str[i]);
    }
That will cause a buffer overflow: if iteration n gets truncated because the dest buffer fills up, iteration n+1 will write past the end of the buffer.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: