[cfe-dev] sprintf -> snprintf conversion
Sean McBride
sean at rogue-research.com
Mon Oct 25 08:13:57 PDT 2010
On Mon, 25 Oct 2010 11:00:09 +0300, Vladimir Kirillov said:
>I'm using LLVM/Clang on OpenBSD. This project proactively advocates
>usage of 'secure' C apis, especially related to memory bounds
>checking. Thus using functions like sprintf/strcpy/etc usually spits
>out a linker warning in base toolchain:
>
>/home/proger/dev/llvm/Debug+Asserts/lib/libclangFrontend.a(DocumentXML.o)
>(.text+0xc65): In function `clang::DocumentXML::escapeString(char
>const*, unsigned long)':
>/home/proger/dev/llvm/tools/clang/lib/Frontend/DocumentXML.cpp:107:
>warning: sprintf() is often misused, please use snprintf()
>
>I've done some conversions from sprintf to snprintf, please commit those.
Apple also recommends avoiding those:
<http://developer.apple.com/library/ios/documentation/Security/
Conceptual/SecureCodingGuide/Articles/BufferOverflows.html#//apple_ref/
doc/uid/TP40002577-SW10>
I've filed a bug recommending that the static analyzer flag their usage:
<http://llvm.org/bugs/show_bug.cgi?id=5988>
hth,
--
____________________________________________________________
Sean McBride, B. Eng sean at rogue-research.com
Rogue Research www.rogue-research.com
Mac Software Developer Montréal, Québec, Canada
More information about the cfe-dev
mailing list