Why Is Escaping Data Considered So Magical?
Jorgen Grahn
grahn+nntp at snipabacken.se
Sun Jun 27 16:30:48 EDT 2010
On Sun, 2010-06-27, Lawrence D'Oliveiro wrote:
> In message <roy-854954.20435125062010 at news.panix.com>, Roy Smith wrote:
>
>> I recently fixed a bug in some production code. The programmer was
>> careful to use snprintf() to avoid buffer overflows. The only problem
>> is, he wrote something along the lines of:
>>
>> snprintf(buf, strlen(foo), foo);
>
> A long while ago I came up with this macro:
>
> #define Descr(v) &v, sizeof v
>
> making the correct version of the above become
>
> snprintf(Descr(buf), foo);
This is off-topic, but I believe snprintf() in C can *never* safely be
the only thing you do to the buffer: you also have to NUL-terminate it
manually in some corner cases. See the documentation.
/Jorgen
--
// Jorgen Grahn <grahn@ Oo o. . .
\X/ snipabacken.se> O o .
More information about the Python-list
mailing list