sprintf

**bobthebullet990** · 08-31-2007

Hi all...

Just a quick question; What are the key issues with using sprintf; I'm guessing that it is array overflow? ...Just doing a little bit of revision for a job interview I have later this afternoon [for a graduate role] thanks!

**QuantumPete** · 08-31-2007

Yes, the main problem will always be printing a string into a char array or malloc'ed memory which can't hold the entire string you're printing.
Better would be to use snprintf, where you have to specify the maximum number of characters to print to the string so you won't overflow.

QuantumPete

**matsp** · 08-31-2007

Buffer overflow would be the primary problem. Some libraries support snprintf() or vsnprintf() as alternatives.

And of course, it's not just strings that could cause a problem, consider:

Code:

float f;
char str[15];  // Big enough for 8.4... (not!)

f = 100000.0;

f *= 1000.0;

sprintf(str, "%8.4f\n", f);  // This will overflow...

--
Mats

**bobthebullet990** · 08-31-2007

Originally Posted by matsp

Buffer overflow would be the primary problem. Some libraries support snprintf() or vsnprintf() as alternatives.

And of course, it's not just strings that could cause a problem, consider:

Code:

float f;
char str[15];  // Big enough for 8.4... (not!)

f = 100000.0;

f *= 1000.0;

sprintf(str, "&#37;8.4f\n", f);  // This will overflow...

--
Mats

Would that not only overflow if the array was set to less that 12 chars in length? ...I'm assuming with str set to a length of 15 it would not overflow considering you are wanting to print:

XXXXXXXX.XXXX which is less than 15 chars in length! ...Or am I not thinking about this correct?

**matsp** · 08-31-2007

Originally Posted by bobthebullet990

Would that not only overflow if the array was set to less that 12 chars in length? ...I'm assuming with str set to a length of 15 it would not overflow??

"12345678.1234" is 13 characters with the dot, 14 with the '\0' which is ALWAYS added.

But you're right, it would fit (only just) because I multiply with 1000 - if it was -1000 or 10000 it would not fit.

It's too early in the morning still... ;-)

--
Mats

**bobthebullet990** · 08-31-2007

Originally Posted by matsp

"12345678.1234" is 13 characters with the dot, 14 with the '\0' which is ALWAYS added.

But you're right, it would fit (only just) because I multiply with 1000 - if it was -1000 or 10000 it would not fit.

It's too early in the morning still... ;-)

--
Mats

Ah yes! ...I forgot about the \0 at the end! well pointed out there!!!! ...I was taking the . into consideration there - so the length would have been 13 + the '\0' char!

Thankyou for putting it into a practical form of thinking! helped a lot! ...Now If a question about overflow comes up regarding strings; as one subject they said to read up on was strings, I shud be fine!!!!! LOL!

Thanks again!

**bobthebullet990** · 08-31-2007

Ah yes! ...Is there any advantages to using sprintf? ...other than its super easy to use!!!!

**matsp** · 08-31-2007

Originally Posted by bobthebullet990

Ah yes! ...Is there any advantages to using sprintf? ...other than its super easy to use!!!!

Well, the CLEAR advantage is of course that it already exists and is easy to use. If the library that comes with the compiler, or someone makes up a snprintf, it's only one more argument, and it's now safe, which is better.

However, writing your own snprintf may not be trivial (unless there's a vnsprintf of course, in which case it's a simple case of three or so lines, not counting blank lines piossibly added for readability).

--
Mats

Thread: sprintf

Thread Tools

Search Thread

Display

sprintf

Similar Threads

Sprintf overflows my buffer -- why?

sprintf : garbage appended

sprintf in C and C++

sprintf and sscanf

Sprintf