Subject: Re: CVS commit: syssrc
To: Allen Briggs <firstname.lastname@example.org>
From: Matthew Jacob <email@example.com>
Date: 12/05/1999 09:54:55
I'd also like to point out that the code in question is edge case debug
output code which can be removed as well. The most well-written software
On Sun, 5 Dec 1999, Allen Briggs wrote:
> > > Make sure we have a big enough buffer to sprintf into (noticed by
> > > firstname.lastname@example.org).
> > Why not use snprintf instead?
> In many cases, just substituting snprintf() for sprintf() will fix
> an overflow, but leave the code just as broken (but not exploitably
> so, perhaps). Of course, I'd rather have the overflows fixed than
> not, but I'd much rather have code that was designed to prevent or
> at least handle the overflows in the first place.
> Well-written software should rarely need snprintf() to protect itself.