最近看开源代码中发现一个问题,下面是发表在内核开发论坛上到一篇文章:http://lwn.net/Articles/69419/,主要提到到问题就是stdio.h中的snprintf函数的返回值的问题,该函数定义如下:
int snprintf(char *str, size_t size, const char *format, ...);
很多开发者都会认为该函数的返回值是写入到指定str缓冲区的字符数量,这个想法是错误的,查看源代码可以得到结果是返回值是整个构建字符数,函数假定字数是可以全部被写入到缓冲区中的。当缓冲区小于字符总数时,这样使用返回值进行多次写入就可能会导致缓冲区溢出现象。如下情况:有关snprintf实现细节可查看 http://www.ijs.si/software/snprintf/
if ((len += snprintf (buf+len, buflen-len, "...", ...)) > buflen) {
optionally deal with the error;
len = buflen;
}
snprintf() confusion
[Posted February 3, 2004 by corbet]
Any C coder worth his or her salt knows that encoding text into a string
with sprintf()
invites buffer overflows, and is thus dangerous.
The proper way of doing things is with snprintf()
, which takes the
length of the destination string as a parameter, and will not overrun it.
Callers to snprintf()
generally assume that the return value is
the length of what was actually encoded into the destination array. That
turns out, however, to not be the case. As per the C99 standard,
snprintf()
returns the length the resulting string would
be, assuming it all fit into the destination array. As a result of this
misunderstanding, the kernel is full of snprintf()
calls which use
the return value incorrectly.
This mistake is rarely a problem; snprintf()
almost never has to
truncate its output, so the return value is what the programmer is
expecting. Every miscoded use is an invitation for trouble, however, and
really should be fixed. To that end, the 2.6.2-rc3-mm1
tree contains a patch by Juergen
Quade which adds a couple of new functions:
int scnprintf(char *buf, size_t size, const char *format, ...);
int vscnprintf(char *buf, size_t size, const char *format, va_list args);
The new functions work the way many programmers expected the old ones to:
they return the length of the string actually created in buf
. The
plan is to migrate the kernel over to the new functions; the patch fixes
well over 200 snprintf()
and vsnprint()
calls. Unless
the old functions are eventually removed, however, they are likely to be a
source of programming errors well into the future.
分享到:
相关推荐
C标准库源代码,能提高对C的理解,不错的哦 下载文件列表 Pack : clibsource.rar C 标准库源代码\ABORT.C C标准库源代码\ABS.C C标准库源代码\ACCESS.C C标准库源代码\ADJUSTFD.C C标准库源代码\ALGRITHM C标准库源...
在编程中,需要关注snprintf()的两个问题:一是它的返回值,二是它的第二个参数。
inttypes.h snprintf.c snprintf.h stdint.h
独立的snprintf和vsnprintf 该存储库中包含一个相对简单的snprintf和vsnprintf ,我在一两个小时的时间内编写了这些信息,用于业余爱好者的微内核。 我发现自己过去几次编写此代码或类似代码,因此决定编写一个涵盖...
strncpy, strncat和snprintf的区别,字符串拷贝,最好用snprintf。
用于了解安全函数strcpy_s、strncpy_s、snprintf_s、memcpy_s
一种snprinf实现来自ijs.si 版本号2.2
问题:函数memcpy(dest, src, sizeof(dest))、strncpy(dest, src, sizeof(dest))和snprintf(dest, sizeof(dest), “%s”, src)都可以将src字符串中的内容拷贝到dest字符串中。哪一种方式效率最高呢?就是说,哪种...
但不包含在返回值中。snprintf的引入是为了解决 sprintf函数缓冲区溢出问题。 二、scanf函数族用于分析输入字符串,并将字符 序列转换成指定类型的变量。格式之后的个参数 包含了变量的地址,以用转换结果初始...
以下是对snprintf函数的具体使用方法进行了详细的分析介绍,需要的朋友可以过来参考下
以下是对strncpy与snprintf的具体用法以及区别进行了详细的分析介绍,需要的朋友可以过来参考下
libharu 静态库源码 vc6.0;hpdf.h中 #define snprintf _snprintf,hpdf_config.h 去掉了 zlib 和 libpng 的链接,如需要请自行修改
1、#define snprintf _snprintf 2、int InitService();函数声明放在ServiceMain()函数前面; 3、int InitService()需要有返回值; 不知道算不算一个漏洞,但是确实有效。 在int InitService()中设置断点时候好像...
#字符串工具C++ 中常见字符串操作任务的助手。 ##用法# include < stringtools>using namespace str ;std::string text = format( " hello %s " )( " world " );std::vector<std> v = split( " , " )( " hello, ...
详细的介绍SDP协议,包括各个字段的含义,以及一些具体的例子
WINDOWS下源码编译PHP编程基础-准备工具-测试工具--alt技术--穷举法编程--C语言宏定义
特技实验性托管C字符串库。 v0.2.0 :orange_book:为什么 ? C字符串坚硬,无助且有风险。 在跟踪长度,空终止,重新分配等时进行追加... 也可能因对strlen过多(有时是隐式)调用而减慢了速度。 假设您要创建一个...
经过跟踪调试, 发下不少 bug 源于 sprintf 和 ... 您可能感兴趣的文章:浅析C语言中printf(),sprintf(),scanf(),sscanf()的用法和区别基于C语言sprintf函数的深入理解C++中sprintf()函数的使用详解基于C++中sprintf的错