More thinking securely...

jarkko.hietaniemi at nokia.com jarkko.hietaniemi at nokia.com
Thu Dec 11 00:32:44 PST 2003


> :Safe?
> :
> :	char buf[8];
> :	sprintf(buf, "%d", v);
> :
> :> 
> 
>     If 'v' is a short :-)
> 
>     Most programmers don't make that mistake.. that is, it isn't a common
>     mistake.  A more common mistake is to use strcpy() and strcat() without
>     checking for possible overflows.

Agreed.  The real-life example I showed was (of course :-) simplified.  What really
happened was more like this this:

	numeric_type_t v;
	char buf[enough_for_numeric_type_t_using_a_certain_sprintf_format_and_the_nul];
	sprintf(buf, format_string_right_for_the_numeric_type_t, v);

and then later someone in a header changing the definition of the numeric_type_t
to allow greater range.







More information about the Kernel mailing list