Like Tree3Likes
  • 1 Post By laserlight
  • 1 Post By grumpy
  • 1 Post By c99tutorial

Is using a small buffer with sprintf causes overflow/problem?

This is a discussion on Is using a small buffer with sprintf causes overflow/problem? within the C Programming forums, part of the General Programming Boards category; Code: char buffer1[10]; char buffer2[10] = "something"; sprintf(buffer1, "with %s", buffer2); In a statement like the one above, is there ...

  1. #1
    Registered User
    Join Date
    Aug 2007
    Posts
    2

    Question Is using a small buffer with sprintf causes overflow/problem?

    Code:
    char buffer1[10];
    char buffer2[10] = "something";
    
    
    sprintf(buffer1, "with %s", buffer2);
    In a statement like the one above, is there a threat/leak or does it only truncate the string that is loaded into buffer1?

  2. #2
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    21,439
    You have a buffer overflow. You could avoid it by specifying the width, e.g., "with %4s"
    seyyah likes this.
    C + C++ Compiler: MinGW port of GCC
    Version Control System: Bazaar

    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  3. #3
    Registered User
    Join Date
    Aug 2007
    Posts
    2
    Yes but the compiler does not complain about it. I don't care if the string is truncated, will it cause any problem?

  4. #4
    Registered User
    Join Date
    Jun 2005
    Posts
    6,207
    Buffer overflows yield what the C standard calls "undefined behavior". If code is otherwise correct (syntactically, etc) compilers are not required to complain about code that exhibits undefined behaviour.

    Truncating the string is a way to avoid the problem of buffer overflow (assuming you truncate it sufficiently, of course).

    The total number of characters written to buffer1, in your example, needs to be 10 or less (and that includes the terminating char with value zero that sprintf() always appends to the end). That means, at most, you can only write 4 characters from buffer2 (which is the reason for the 4 in %4s suggested by laserlight). Write 5 or more characters, and your code has a buffer overrun.
    Last edited by grumpy; 01-03-2014 at 04:27 AM.
    seyyah likes this.
    Right 98% of the time, and don't care about the other 3%.

  5. #5
    Registered User
    Join Date
    Nov 2012
    Posts
    1,053
    You can also use snprintf in this situation. If there is not room the string will be truncated. Also, you can make use of the return value of snprintf to see if you "ran out" of space in your 10-byte buffer. Alternatively you can use this to decide how big a dynamically-allocated buffer should be for an arbitrary format string and parameters.

    The functions snprintf() and vsnprintf() do not write more than size bytes (including the terminating null byte ('\0')). If the output was truncated due to this limit then the return value is the number of characters (excluding the terminating null byte) which would have been written to the final string if enough space had been available.
    snprintf(3): formatted output conversion - Linux man page

  6. #6
    Registered User
    Join Date
    Nov 2012
    Posts
    1,053
    Quote Originally Posted by seyyah View Post
    Yes but the compiler does not complain about it.
    Most compilers will not warn about this. One way to force a complaint to occur is to make use of assert. For example if N is 10

    Code:
    char buffer1[N];
    char buffer2[N] = "something";
    
    assert(memset(buffer1, '\0', N));
     /* ... */
     /* write to buffer1 */
     /* ... */
    assert(buffer1[N-1] == '\0');
    If you accidentally overrun buffer1 inbetween the asserts, technically the behavior is undefined, but with the second assert you have a good chance to catch the problem, since overrunning the buffer will also typically overwrite the final '\0' character.
    Last edited by c99tutorial; 01-03-2014 at 12:11 PM.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Buffer Overflow
    By AlexTank853 in forum C Programming
    Replies: 3
    Last Post: 09-25-2013, 04:14 PM
  2. Replies: 3
    Last Post: 03-20-2011, 01:39 PM
  3. sprintf getenv buffer overflow
    By bue in forum Linux Programming
    Replies: 7
    Last Post: 08-15-2005, 07:17 AM
  4. buffer overflow problem
    By Renski in forum C++ Programming
    Replies: 2
    Last Post: 05-22-2003, 08:15 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21