Thread: Avoiding Buffer Overflows

  1. #1
    Registered User
    Join Date
    Dec 2002
    Posts
    162

    Avoiding Buffer Overflows

    How can one avoid buffer overflows when wanting to format strings or convert numbers to strings? Is there any equivalent functions to for ex. itoa() or sprintf(), where a maximum buffer length can be sent or a required length can be retained? Or is the only way of achieving this by writing your own functions?

    Please note that simply allocating a very large buffer is not the solution I am looking for.
    Thanks in advance
    Last edited by Aidman; 01-03-2004 at 11:31 AM.
    We haven't inherited Earth from our parents; instead we have borrowed her from our children - old Indian saying.

  2. #2
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,656
    Are you asking for a C answer (since you mention sprintf), or a C++ answer since you posted on the C++ forum?

    The new C99 standard introduces things like snprintf() to limit the amount of data which is copied into a buffer.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  3. #3
    Code Goddess Prelude's Avatar
    Join Date
    Sep 2001
    Posts
    9,897
    >How can one avoid buffer overflows when wanting to format strings or convert numbers to strings?
    One would use std::string and std::stringstream.
    My best code is written with the delete key.

  4. #4
    Registered User
    Join Date
    Dec 2002
    Posts
    162
    Thanks for the quick replies, no it doesn't really matter if it's a C or C++ answer.

    Is there was any function able to give the required buffer size for a number-to-string conversions?
    We haven't inherited Earth from our parents; instead we have borrowed her from our children - old Indian saying.

  5. #5
    Registered User
    Join Date
    Jan 2003
    Posts
    648
    Here's the specification for VC++2003:
    Code:
    #include <stdio.h>
    int _snprintf(
       char *buffer,
       size_t count,
       const char *format [,
       argument] ...
    );
    In your compiler, it might be different. Here's an example:
    Code:
    int num = 3434;
    char str[3];
    _snprintf(str, sizeof(str), "%d", num);

  6. #6
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,656
    In the absense of C99, or some implementation specific version of snprintf(), you have to do some things yourself

    > the required buffer size for a number-to-string conversions?
    For integral types, its determined by
    numchars = sizeof_type_in_bits / log2(10)

    sizeof_type_in_bits = sizeof(type) * CHAR_BIT
    log2(10) is approx 3.32, so for an easy life, use 3

    And don't forget to allow for the \0 at the end
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 16
    Last Post: 10-29-2006, 05:04 AM
  2. writing a pack-style function, any advices?
    By isaac_s in forum C Programming
    Replies: 10
    Last Post: 07-08-2006, 08:09 PM
  3. Question on buffer overflows
    By maxhavoc in forum C++ Programming
    Replies: 3
    Last Post: 11-25-2004, 03:48 PM
  4. buffer contents swapping
    By daluu in forum C++ Programming
    Replies: 7
    Last Post: 10-14-2004, 02:34 PM
  5. Console Screen Buffer
    By GaPe in forum Windows Programming
    Replies: 0
    Last Post: 02-06-2003, 05:15 AM