Hylafax Mailing List Archives
|
[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
potential hazard in Str.c++
There are two big potential problems with fxStr::format and
fxStr::vformat. Copiees of the functions are supplied here.
This comes from hylafax v4.0p1
First of all is the potential (but not what prompted me to write) for a
buffer-overflow. You may want to check for the existance of vsnprintf
or __vsnprintf and use those in place of vsprintf.
Secondly, and most importantly, is that you are returning a pointer
to an automatic buffer which is not guarunteed to be there any longer.
In fact, certain programming practices in C++ make it a pretty darned
good reality that they won't exist! Never return the address of
an automatic variable--the value, sure--but never the address. This
space either needs to have static allocation or dynamic allocation that
must then be freed later.
fxStr
fxStr::format(const char* fmt ...)
{
char buf[4096];
va_list ap;
va_start(ap, fmt);
vsprintf(buf, fmt, ap);
va_end(ap);
return fxStr(buf);
}
fxStr
fxStr::vformat(const char* fmt, va_list ap)
{
char buf[4096];
vsprintf(buf, fmt, ap);
return fxStr(buf);
}
--
Michael Douglass
Texas Networking, Inc.
"I broke perl again"
-- Anonymous TexasNet sysadmin
-----End of forwarded message-----
--
Michael Douglass
Texas Networking, Inc.
"Hrmmmmm."