Menu
The Linux man page for snprintf(3) give the following example:
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
char *
make_message(const char *fmt, ...)
{
int n;
int size = 100; /* Guess we need no more than 100 bytes */
char *p, *np;
va_list ap;
if ((p = malloc(size)) == NULL)
return NULL;
while (1) {
/* Try to print in the allocated space */
va_start(ap, fmt);
n = vsnprintf(p, size, fmt, ap);
va_end(ap);
/* Check error code */
if (n < 0)
return NULL;
/* If that worked, return the string */
if (n < size)
return p;
/* Else try again with more space */
size = n + 1; /* Precisely what is needed */
if ((np = realloc (p, size)) == NULL) {
free(p);
return NULL;
} else {
p = np;
}
}
}
After the /* check error code */ should this not be:
if (n < 0) {
free(p);
return NULL;
}
in order to avoid a memory leak?
I can't post this because the words to code ratio is not correct, so I have to add some more text at the end. Please ignore this paragraph, as the above is complete and to the point. I hope this is enough text to be acceptable.
BTW: I like the last line p = np;
990
Like any library routine, sprintf and snprintf may or may not allocate memory for internal use. They will not allocate memory for the resulting string. That memory must be allocated somehow by the caller, and its address passed as the first argument.
Snprintf is more secure and if the string number overruns the characters, the string is protected in the buffer even if the format is different. It works with n characters and nth location and hence the location of null character is not considered at all. Allocation of null character memory is preserved in sprintf.
Officially, snprintf() is not a standard C function in the ISO 1990 (ANSI 1989) standard, though sprintf() is, so not all systems include snprintf(). Even worse, some systems' snprintf() do not actually protect against buffer overflows; they just call sprintf directly.
The snprintf() function in C++ is used to write a formatted string to character string buffer. Unlike sprintf(), maximum number of characters that can be written to the buffer is specified in snprintf() .
Yes this code is leaky.
vsnprintf can return a negative number on error. In VC++, vsnprintf returns -1 when the target buffer is too small which break the logic in this code... See here: MSDN The VC implementation doesn't agree with the C standard...
Other sources for vsnprintf failure is sending a NULL 'format' buffer or bad encoding in the format buffer.
98
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
