Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1997: Re: better snprintf replacement, anyone?

Re: better snprintf replacement, anyone?

Alan Cox (alanLXORGUK.UKUU.ORG.UK)
Tue, 22 Jul 1997 09:36:35 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: James Bonfield: "Re: better snprintf replacement, anyone?"
Previous message: Casper Dik: "Re: Solaris ld.so possibly vulnerable?"
In reply to: Steve \: "Re: better snprintf replacement, anyone?"
Next in thread: James Bonfield: "Re: better snprintf replacement, anyone?"

> you have a large enough buffer, you eliminate the buffer overflow problem,
> and you don't truncate the string.  Is malloc()-ing the memory *that*
> inefficient?  Less efficient than the scanning and parsing snprintf()
> must do to the format string?

In the case of a dynamic loader you don't have a libc backing you, thats
why someone took the (very wrong) shortcut they did originally when doing
ld.so

You are right about malloc for many cases, but its also true that you
normally know the length of a buffer anyway

Next message: James Bonfield: "Re: better snprintf replacement, anyone?"
Previous message: Casper Dik: "Re: Solaris ld.so possibly vulnerable?"
In reply to: Steve \: "Re: better snprintf replacement, anyone?"
Next in thread: James Bonfield: "Re: better snprintf replacement, anyone?"