[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4467) snprintf is consistenly used wrongly

Pierangelo Masarati writes:
> In many cases, especially when used to compute the length of a berval,
> snprintf is used under the assumption the buffer is large enough to
> contain the formatted output, based on the knowledge of the value that
> is about to be printed.  For example, when used to format integers,
> the buffer is usually created as
> char buf[] = "18446744073709551615UL";
> which is the string representation of ULONG_MAX, or anything like that.

Ah, so that's what these weird string constants are for.  That's wrong
too - whether or not that's big enough for ULONG_MAX depends on the
width of unsigned long.

We can use something like this.
Not sure if ldap_pvt or some other file is the best place for the macro:


#include <limits.h>

/* Buffer space for sign, decimal digits and \0. Note: log10(2) < 146/485. */
#define LDAP_PVT_INTTYPE_CHARS(type) (((sizeof(type)*CHAR_BIT-1)*146)/485 + 3)

(Did I post that before?  Or was that to some other project?)


  char buf[LDAP_PVT_INTTYPE_CHARS(unsigned long)];

Also, I think any remaining 'char buf[] = "unused text"; code should
be changed to
  char buf[sizeof("whatever")];
so that one can tell from reading the code that the initial contents
is irrelevant.  (As long as it's irrelevant even at failure :-)
I've been staring at some of that code and wondered WTF was going on.