[Python-Dev] PyOS_snprintf() / PyOS_vsnprintf()
M.-A. Lemburg
mal@lemburg.com
Thu, 02 Aug 2001 11:58:26 +0200
Tim Peters wrote:
>
> [MAL]
> > How about always enabling our version in the alpha cycle and then
> > reverting back to the native one in the betas ?
>
> If we have to ship our own code for it anyway, why ever revert to the native
> one? Historically, all that gives us is boundless opportunities to catalog
> and #ifdef our way around gratuitous discrepancies among platform C
> libraries.
>
> since-we-switched-to-our-own-getopt-everywhere-we-no-longer-get-
> getopt-bug-reports-anywhere-ly y'rs - tim
Well, the emulation is not as robust and fast as the native
implementation is, plus it cannot recover from a buffer overrun;
such an overrun is likely to cause a core dump due to sprintf()
writing into the heap -- still better than allowing a cracker to
hack your system by exploiting a stack overrun, but not as good as a
true snprintf() implementation will do.
If we do get complaints about snprintf() failures on systems which
do have a native API, then we can still switch to the emulation
for all platforms.
--
Marc-Andre Lemburg
CEO eGenix.com Software GmbH
______________________________________________________________________
Consulting & Company: http://www.egenix.com/
Python Software: http://www.lemburg.com/python/