Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

snprintf()

From: maf () net ohio-state edu (Mark A. Fullmer)
Date: Tue, 29 Aug 1995 23:28:09 -0400

I poked around at the various snprintf()'s again today..


Both the db and nvi source have compat routines that don't actually
do the bounds checking:

nvi.1.34/PORT/clib/snprintf.c, db.1.85/PORT/clib

...
#ifdef VSPRINTF_CHARSTAR
    rp = vsprintf(str, fmt, ap);
    va_end(ap);
    return (strlen(rp));
#else
    rval = vsprintf(str, fmt, ap);
    va_end(ap);
    return (rval);
#endif




--
mark
maf+ () osu edu
Previous By Date Next
Previous By Thread Next

Current thread: