> In addition, it is worth noting that snprintf() as specified by the > C9x draft has return value semantics different from those commonly > found. As a result, calls to snprintf() where the return value is > checked should be scrutinized, since this change could presumably pose > a security risk. > > To cite one place where this changes, glibc 2.1 uses the C9x return > value semantics, whereas glibc 2.0 uses the older semantics. Yes, people should be really careful about this. - The 4.4 BSD snprintf routines were mostly right before, and now they are even better. I can only speak for OpenBSD. - The older Solaris versions are broken. - The newer Solaris versions are wrong (7+?). - The opengroup XPG web documentation is wrong. - But the opengroup group internal documentation is fixed (we believe) - Older C9X specifications are wrong. - Newer versions of the C9X specification are fixed (we believe) Casper Dik, Todd Miller, Chris Torek, and I got in touch with the standards commitees and got it fixed. The fixed versions return the amount of data they wanted to put into the string, even if they fail. The broken versions returned -1 or the truncation length. A few other issues regarding -1 return values also existed.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:57 PDT