understanding the dangers of sprintf(…)

by

You’re correct on both problems, though they’re really both the same problem (which is accessing data beyond the boundaries of an array).

A solution to your first problem is to instead use std::snprintf, which accepts a buffer size as an argument.

A solution to your second problem is to give a maximum length argument to snprintf. For example:

char buffer[128];

std::snprintf(buffer, sizeof(buffer), "This is a %.4s\n", "testGARBAGE DATA");

// std::strcmp(buffer, "This is a test\n") == 0

If you want to store the entire string (e.g. in the case sizeof(buffer) is too small), run snprintf twice:

int length = std::snprintf(nullptr, 0, "This is a %.4s\n", "testGARBAGE DATA");

++length;           // +1 for null terminator
char *buffer = new char[length];

std::snprintf(buffer, length, "This is a %.4s\n", "testGARBAGE DATA");

(You can probably fit this into a function using va or variadic templates.)

More Related Contents:

  1. Difference between printing the address and Structure address [closed]
  2. Please provide me the logic to print the result using PRINTF [closed]
  3. Why does printf not print out just one byte when printing hex?
  4. ‘printf’ vs. ‘cout’ in C++
  5. printf with std::string?
  6. What is the difference between conversion specifiers %i and %d in formatted IO functions (*printf / *scanf)
  7. How to pass variable number of arguments to printf/sprintf
  8. cout not printing unsigned char
  9. Printing 1 to 1000 without loop or conditionals
  10. Is there a way to specify how many characters of a string to print out using printf()?
  11. Why does printf() promote a float to a double?
  12. mixing cout and printf for faster output
  13. What is the printf format specifier for bool?
  14. Where is `%p` useful with printf?
  15. warning: format not a string literal and no format arguments
  16. C++ equivalent of sprintf?
  17. Correct printf format specifier for size_t: %zu or %Iu?
  18. Why are arguments which do not match the conversion specifier in printf undefined behavior?
  19. Arduino sprintf float not formatting
  20. How many spaces for tab character(\t)?
  21. Cross platform format string for variables of type size_t? [duplicate]
  22. Why does printf(“%f”,0); give undefined behavior?
  23. How to truncate a floating point number after a certain number of decimal places (no rounding)?
  24. printf rounding behavior for doubles
  25. C++: how to get fprintf results as a std::string w/o sprintf
  26. generic way to print out variable name in c++
  27. How to use C++ std::ostream with printf-like formatting?
  28. Extra leading zeros when printing float using printf?
  29. Error while using if statements [closed]
  30. Why can’t I make a vector of references?

Leave a Comment