Hi all...
Just a quick question; What are the key issues with using sprintf; I'm guessing that it is array overflow? ...Just doing a little bit of revision for a job interview I have later this afternoon [for a graduate role] thanks!
Hi all...
Just a quick question; What are the key issues with using sprintf; I'm guessing that it is array overflow? ...Just doing a little bit of revision for a job interview I have later this afternoon [for a graduate role] thanks!
Many junglists take pride in their belongin to what may be referred to as a globalised drum & bass subculture, as a subculture though, it is not nearly as distinct at gothic or punk!
Yes, the main problem will always be printing a string into a char array or malloc'ed memory which can't hold the entire string you're printing.
Better would be to use snprintf, where you have to specify the maximum number of characters to print to the string so you won't overflow.
QuantumPete
"No-one else has reported this problem, you're either crazy or a liar" - Dogbert Technical Support
"Have you tried turning it off and on again?" - The IT Crowd
Buffer overflow would be the primary problem. Some libraries support snprintf() or vsnprintf() as alternatives.
And of course, it's not just strings that could cause a problem, consider:
--Code:float f; char str[15]; // Big enough for 8.4... (not!) f = 100000.0; f *= 1000.0; sprintf(str, "%8.4f\n", f); // This will overflow...
Mats
Would that not only overflow if the array was set to less that 12 chars in length? ...I'm assuming with str set to a length of 15 it would not overflow considering you are wanting to print:
XXXXXXXX.XXXX which is less than 15 chars in length! ...Or am I not thinking about this correct?
Many junglists take pride in their belongin to what may be referred to as a globalised drum & bass subculture, as a subculture though, it is not nearly as distinct at gothic or punk!
Ah yes! ...I forgot about the \0 at the end! well pointed out there!!!! ...I was taking the . into consideration there - so the length would have been 13 + the '\0' char!
Thankyou for putting it into a practical form of thinking! helped a lot! ...Now If a question about overflow comes up regarding strings; as one subject they said to read up on was strings, I shud be fine!!!!! LOL!
Thanks again!
Many junglists take pride in their belongin to what may be referred to as a globalised drum & bass subculture, as a subculture though, it is not nearly as distinct at gothic or punk!
Ah yes! ...Is there any advantages to using sprintf? ...other than its super easy to use!!!!
Many junglists take pride in their belongin to what may be referred to as a globalised drum & bass subculture, as a subculture though, it is not nearly as distinct at gothic or punk!
Well, the CLEAR advantage is of course that it already exists and is easy to use. If the library that comes with the compiler, or someone makes up a snprintf, it's only one more argument, and it's now safe, which is better.
However, writing your own snprintf may not be trivial (unless there's a vnsprintf of course, in which case it's a simple case of three or so lines, not counting blank lines piossibly added for readability).
--
Mats