Message-Id:	<200011132031.PAA05607@qnx.com>
Subject:	Re: Summary of the snprintf() situation
To:	djgpp-workers AT delorie DOT com
Date:	Mon, 13 Nov 2000 15:30:53 -0500 (EST)
From:	"Alain Magloire" <alain AT qnx DOT com>
In-Reply-To:	<14EC05411785@HRZ1.hrz.tu-darmstadt.de> from "Juan Manuel Guerrero" at Nov 13, 2000 08:46:56 PM
X-Mailer:	ELM [version 2.5 PL0b1]
MIME-Version:	1.0
Reply-To:	djgpp-workers AT delorie DOT com
Errors-To:	nobody AT delorie DOT com
X-Mailing-List:	djgpp-workers AT delorie DOT com
X-Unsubscribes-To:	listserv AT delorie DOT com

> 
> Date: Thu, 09 Nov 2000 00:07:21 +0000
> From: Richard Dawe <richdawe AT bigfoot DOT com>
> 
> <SNIP>
> > DJ Delorie expressed concern that the prototypes in stdio.h could conflict
> > with packages that provide their own *snprintf functions. He gave an
> > example: "For example, we don't prototype xmalloc() even though we provide
> > it, because the prototypes used by actual software vary widely."
> <SNIP>
> > To DJ's concerns about packages including their own snprintf(), Eli
> > Zaretskii said that he had not seen any packages that use these functions
> > and asked if people could see what declarations packages used.
> <SNIP>
> 
> A couple of weeks ago I "ported" for my own use the latest version of
> Berkeley's DBM (version 3.1.17; no longer included into glibc; can be downloaded www.Sleepycat.com).
> This software expects some kind of flock() function (not the issue in this mail)
> and snprintf() and vsnprintf(). If the configuration script can not find the
> above printf() functions in libc.a it uses it own ones.
> Because both functions are small, I include the complete code of both in this mail.
> This is an example of what a package may expect that snprintf() and vsnprintf()
> definitions looks like.
> Hope the information is of some use.
> 
> *** 0 ****
> --- 1,65 ----
> + /*-
> +  * See the file LICENSE for redistribution information.
> +  *
> +  * Copyright (c) 1996, 1997, 1998, 1999, 2000
> +  *	Sleepycat Software.  All rights reserved.
> +  */
> + 
> + int
> + snprintf(char *str, size_t n, const char *fmt, ...)
> + {
> + 	va_list ap;
> + 	int rval;
> + 
...
> + 	va_start(ap, fmt);
> + 	rval = vsprintf(str, fmt, ap);
> + 	va_end(ap);
> + 	return (rval);
> + }


Aside from the obvious LICENSE issue, this is close to useless.
And those people should be shot for this, this is only a cover
for sprintf() which does not check for overflow.  So it gives
a wrong sense of security.   There is a lot of freestanding snprintf ()
implementations floating around with very liberal license.


-- 
au revoir, alain
----
Aussi haut que l'on soit assis, on n'est toujours assis que sur son cul !!!

- Raw text -