Mail Archives: djgpp/2003/08/05/16:30:19
On Mon, 04 Aug 2003 09:48:46 GMT, Martin Ambuhl wrote:
> Just use sprintf(); there is no function called "fcvt" in the standard C
> libraries, while sprintf is there. Even those of us who are die-hard
> gcc fans know to avoid non-portable constructs when there is an
> acceptable solution in the standard libraries.
That sounds good, but there's several arguments against it, some of which
are application specific.
1. Many strings can be replaced via user editing facilities. A hard limit
on the number of characters in the resultant string can't be guaranteed,
so this would open up a lot of security and usability issues.
2. I can't always be sure how many characters the resultant string will
contain to begin with. I'm not sure exactly what the standard says for
sprintf's behavior, but I can't accept having buffers being overflowed
or not ending up null-terminated. Also, even if a string has not been
initialized before use, snprintf will not cause a buffer overflow. I
always initialize my own buffers, but this large program has been worked
on by many people before, and some of them did not. This caused serious
instability, where changes in one distant part of the program would
suddenly cause buffer overflows elsewhere. With snprintf, its not a
concern any more.
3. There's still the whole issue with buggy implementations in some
libc's, even when snprintf is available on the platform.
James
- Raw text -