Topic: snprintf/vsnprintf
Author: Jack Klein <jackklein@spamcop.net>
Date: Wed, 1 Nov 2000 16:43:51 GMT Raw View
On Mon, 30 Oct 2000 14:36:11 GMT, "Timur Aydin" <taydin@snet.net>
wrote in comp.std.c++:
> These are the safe versions of the standard "sprintf" and "vsprintf" and
> exist in the runtime libraries of some compilers. In addition to the
> arguments of the standard functions, these take an additional argument that
> specifies the size of the destination buffer to prevent writing beyond the
> end of the buffer. I think it would be beneficial to have this function part
> of the C and C++ standard specified. Here are some reasons:
Note that both of these functions are now part of the C standard,
since the adoption of the "C99" update about a year ago.
Jack Klein
--
Home: http://jackklein.home.att.net
---
[ comp.std.c++ is moderated. To submit articles, try just posting with ]
[ your news-reader. If that fails, use mailto:std-c++@ncar.ucar.edu ]
[ --- Please see the FAQ before posting. --- ]
[ FAQ: http://www.research.att.com/~austern/csc/faq.html ]
[ Note that the FAQ URL has changed! Please update your bookmarks. ]
Author: James.Kanze@dresdner-bank.com
Date: Mon, 30 Oct 2000 20:14:38 GMT Raw View
In article <zQ0L5.41331$KI6.8171531@typhoon.snet.net>,
"Timur Aydin" <taydin@snet.net> wrote:
> These are the safe versions of the standard "sprintf" and "vsprintf"
> and exist in the runtime libraries of some compilers. In addition to
> the arguments of the standard functions, these take an additional
> argument that specifies the size of the destination buffer to
> prevent writing beyond the end of the buffer. I think it would be
> beneficial to have this function part of the C and C++ standard
> specified. Here are some reasons:
In C++, you would normally use an ostringstream, rather than sprintf,
so the problem doesn't occur. In C, you would normally use snprintf,
so the only problems are those typical of the printf family in general
(no type checking, no extensibility to user defined types...).
--
James Kanze mailto:kanze@gabi-soft.de
Conseils en informatique orient e objet/
Beratung in objektorientierter Datenverarbeitung
Ziegelh ttenweg 17a, 60598 Frankfurt, Germany Tel. +49(069)63198627
Sent via Deja.com http://www.deja.com/
Before you buy.
---
[ comp.std.c++ is moderated. To submit articles, try just posting with ]
[ your news-reader. If that fails, use mailto:std-c++@ncar.ucar.edu ]
[ --- Please see the FAQ before posting. --- ]
[ FAQ: http://www.research.att.com/~austern/csc/faq.html ]
[ Note that the FAQ URL has changed! Please update your bookmarks. ]
Author: "Timur Aydin" <taydin@snet.net>
Date: Mon, 30 Oct 2000 14:36:11 GMT Raw View
These are the safe versions of the standard "sprintf" and "vsprintf" and
exist in the runtime libraries of some compilers. In addition to the
arguments of the standard functions, these take an additional argument that
specifies the size of the destination buffer to prevent writing beyond the
end of the buffer. I think it would be beneficial to have this function part
of the C and C++ standard specified. Here are some reasons:
1) With the sprintf and vsprintf functions, it is very difficult to add this
safety by writing additional code. It is not straightforward to predict how
long the string representation of all arguments passed in to the function
will be.
2) One could argue that std::stringstream could be used as a safe (both
typewise and sizewise) alternative to sprintf/vsprintf, but for some
applications it is not feasible to use std::stringstream. For instance,
runtime logging (or tracing). Using sprintf there will be only one function
call, no matter how many variables are being logged. However, using
stringstream, the << operator would be called for each variable that is
being logged and each << operator will result in a function call:
char buffer[BUFSIZE];
_snprintf(buffer, sizeof(buffer), "FuncName - a=%d, b=%d, c=%d, d=%d, e=%d",
a, b, c, d, e);
LogBuffer(priority, buffer);
sstm << "FuncName - " << "a= " << a << "b= " << b << "c= " << c << "d= " <<
d << "e= " << e
LogBuffer(priority, sstm.str().c_str());
3) Also, in a runtime logging application, the stringstream has to be
initialized for each log. Otherwise, new log strings will just be added to
any previous contents of stringstream.
sstm << "FuncName - Enter"
LogBuffer(priority, sstm.str().c_str());
sstm.init()
sstm << "FuncName - param1 = " << param1
LogBuffer(priority, sstm.str().c_str());
sstm.init()
sstm << "FuncName - Error occurred"
LogBuffer(priority, sstm.str().c_str());
So in short, to have the efficiency of sprintf with added safety against
buffer overflow, I think snprintf and vsnprintf (or whatever name would be
considered adequate) would be a good addition to the standard C++ library.
Timur.
---
[ comp.std.c++ is moderated. To submit articles, try just posting with ]
[ your news-reader. If that fails, use mailto:std-c++@ncar.ucar.edu ]
[ --- Please see the FAQ before posting. --- ]
[ FAQ: http://www.research.att.com/~austern/csc/faq.html ]
[ Note that the FAQ URL has changed! Please update your bookmarks. ]