[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4467) snprintf is consistenly used wrongly

Full_Name: Hallvard B Furuseth
Version: HEAD
Submission from: (NULL) (
Submitted by: hallvard

OpenLDAP is full of code like
  ptr += snprintf( ptr, ... );
  bv.bv_len = snprintf( ... );
  <use bv>;

However snprintf does not return the number of characters written, it
returns the number of characters it would write if no truncation occurs,
not including the terminating '\0'.

Correct use is:
  len = snprintf( buf, buflen, ... );
  if ( len >= buflen ) {
    Truncated to (buflen-1) chars + '\0' - or no change if buflen == 0;

I imagine we could use some helper functions here, e.g. a snprintf_long()
for output of just a single arg, but I won't dive into that now.
The snprintf calls that just output a %s can probably just as well
be replaced with something else.