Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

sprintf_s with a buffer too small

Tags:

c

error-handling

printf

tr24731

The following code causes an error and kills my application. It makes sense as the buffer is only 10 bytes long and the text is 22 bytes long (buffer overflow). 

char buffer[10];    
int length = sprintf_s( buffer, 10, "1234567890.1234567890." );

How do I catch this error so I can report it instead of crashing my application?

Edit:

After reading the comments below I went with _snprintf_s. If it returns a -1 value then the buffer was not updated.

length = _snprintf_s( buffer, 10, 9, "123456789" );
printf( "1) Length=%d\n", length ); // Length == 9

length = _snprintf_s( buffer, 10, 9, "1234567890.1234567890." );
printf( "2) Length=%d\n", length ); // Length == -1

length = _snprintf_s( buffer, 10, 10, "1234567890.1234567890." );
printf( "3) Length=%d\n", length ); // Crash, it needs room for the NULL char
like image 861
Steven Smethurst Avatar asked Oct 01 '09 19:10

Steven Smethurst

3 Answers

Instead of sprintf_s, you could use snprintf (a.k.a _snprintf on windows).

#ifdef WIN32
#define snprintf _snprintf
#endif

char buffer[10];    
int length = snprintf( buffer, 10, "1234567890.1234567890." );
// unix snprintf returns length output would actually require;
// windows _snprintf returns actual output length if output fits, else negative
if (length >= sizeof(buffer) || length<0) 
{
    /* error handling */
}
like image 79
Managu Avatar answered Oct 22 '22 02:10

Managu

It's by design. The entire point of sprintf_s, and other functions from the *_s family, is to catch buffer overrun errors and treat them as precondition violations. This means that they're not really meant to be recoverable. This is designed to catch errors only - you shouldn't ever call sprintf_s if you know the string can be too large for a destination buffer. In that case, use strlen first to check and decide whether you need to trim.

like image 45
Pavel Minaev Avatar answered Oct 22 '22 01:10

Pavel Minaev

This works with VC++ and is even safer than using snprintf (and certainly safer than _snprintf):

void TestString(const char* pEvil)
{
  char buffer[100];
  _snprintf_s(buffer, _TRUNCATE, "Some data: %s\n", pEvil);
}

The _TRUNCATE flag indicates that the string should be truncated. In this form the size of the buffer isn't actually passed in, which (paradoxically!) is what makes it so safe. The compiler uses template magic to infer the buffer size which means it cannot be incorrectly specified (a surprisingly common error). This technique can be applied to create other safe string wrappers, as described in my blog post here: https://randomascii.wordpress.com/2013/04/03/stop-using-strncpy-already/

like image 40
Bruce Dawson Avatar answered Oct 22 '22 03:10

Bruce Dawson
Sign in to Comment

Related questions

Implicit typecasting in C (Converting 32 bit unsigned in to 8 bit u int)
Passing two-dimensional array via pointer
In regards to for(), why use i++ rather than ++i?
Check running processes in C
Loops/timers in C
C program to set k lower order bits
C - expected expression before '=' token... on line without '='
Avoiding all system messages and messages from other software
transfer integer over a socket in C
How to get CPU info in C on Linux, such as number of cores? [duplicate]
How to optimize "u[0]*v[0] + u[2]*v[2]" code line with SSE or GLSL
"undefined reference to `pow'" even with math.h and the library link -lm [duplicate]
Is there an inline way to mix c and c++ prototypes?
How are char* deallocated in C
Why is 1.0f in C code represented as 1065353216 in the generated assembly?
Unix sockets slower than tcp when connected to redis
Is there any reason why not to strip symbols from executable?
How do you get the filename of a tempfile to use in Linux?
Is it a good idea to use varargs in a C API to set key value pairs?
atoi() — string to int

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!