Message-Id: <200011132031.PAA05607@qnx.com> Subject: Re: Summary of the snprintf() situation To: djgpp-workers AT delorie DOT com Date: Mon, 13 Nov 2000 15:30:53 -0500 (EST) From: "Alain Magloire" In-Reply-To: <14EC05411785@HRZ1.hrz.tu-darmstadt.de> from "Juan Manuel Guerrero" at Nov 13, 2000 08:46:56 PM X-Mailer: ELM [version 2.5 PL0b1] MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Reply-To: djgpp-workers AT delorie DOT com Errors-To: nobody AT delorie DOT com X-Mailing-List: djgpp-workers AT delorie DOT com X-Unsubscribes-To: listserv AT delorie DOT com Precedence: bulk > > Date: Thu, 09 Nov 2000 00:07:21 +0000 > From: Richard Dawe > > > > DJ Delorie expressed concern that the prototypes in stdio.h could conflict > > with packages that provide their own *snprintf functions. He gave an > > example: "For example, we don't prototype xmalloc() even though we provide > > it, because the prototypes used by actual software vary widely." > > > To DJ's concerns about packages including their own snprintf(), Eli > > Zaretskii said that he had not seen any packages that use these functions > > and asked if people could see what declarations packages used. > > > A couple of weeks ago I "ported" for my own use the latest version of > Berkeley's DBM (version 3.1.17; no longer included into glibc; can be downloaded www.Sleepycat.com). > This software expects some kind of flock() function (not the issue in this mail) > and snprintf() and vsnprintf(). If the configuration script can not find the > above printf() functions in libc.a it uses it own ones. > Because both functions are small, I include the complete code of both in this mail. > This is an example of what a package may expect that snprintf() and vsnprintf() > definitions looks like. > Hope the information is of some use. > > *** 0 **** > --- 1,65 ---- > + /*- > + * See the file LICENSE for redistribution information. > + * > + * Copyright (c) 1996, 1997, 1998, 1999, 2000 > + * Sleepycat Software. All rights reserved. > + */ > + > + int > + snprintf(char *str, size_t n, const char *fmt, ...) > + { > + va_list ap; > + int rval; > + ... > + va_start(ap, fmt); > + rval = vsprintf(str, fmt, ap); > + va_end(ap); > + return (rval); > + } Aside from the obvious LICENSE issue, this is close to useless. And those people should be shot for this, this is only a cover for sprintf() which does not check for overflow. So it gives a wrong sense of security. There is a lot of freestanding snprintf () implementations floating around with very liberal license. -- au revoir, alain ---- Aussi haut que l'on soit assis, on n'est toujours assis que sur son cul !!!