Subject: Re: CVS commit: src/sys
To: None <firstname.lastname@example.org>
From: Charles M. Hannum <email@example.com>
Date: 04/24/2004 18:02:38
On Saturday 24 April 2004 17:36, firstname.lastname@example.org wrote:
> > the original code (with sprintf) is already broken, as sprintf()
> > returns -1 on failure. we just need to fix all of these
> > cp += sprintf (or snprintf).
> happy now?
No. If this is a "security" change, then it should not occur only with
DIAGNOSTIC, especially given that most people don't use DIAGNOSTIC any more.
I'd be happier if snprintf (or some trivial variant) always paniced if a
buffer was too small, and therefore never returned too large a value.