-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathSnprintfOverflow.qhelp
More file actions
27 lines (21 loc) · 1.04 KB
/
SnprintfOverflow.qhelp
File metadata and controls
27 lines (21 loc) · 1.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>The return value of a call to <code>snprintf</code> is the number of characters that <i>would have</i> been written to the buffer assuming there was sufficient space. In the event that the operation reaches the end of the buffer and more than one character is discarded, the return value will be greater than the buffer size. This can cause incorrect behavior, for example:
</p>
</overview>
<example><sample src="SnprintfOverflowBad.cpp" />
</example>
<recommendation>
<p>The return value of <code>snprintf</code> should always be checked if it is used, and values larger than the buffer size should be accounted for.
</p>
</recommendation>
<example><sample src="SnprintfOverflowGood.cpp" />
</example>
<references>
<li>cplusplus.com: <a href="http://www.cplusplus.com/reference/cstdio/snprintf/">snprintf</a>.</li>
<li>Red Hat Customer Portal: <a href="https://access.redhat.com/blogs/766093/posts/1976193">The trouble with snprintf</a>.</li>
</references>
</qhelp>