search

HISKP-LQCD / sLapH-contractions

Stochastic LapH contraction program
GNU General Public License v3.0
3 stars 3 forks source link

sprintf overflows #22

Closed martin-ueding closed 6 years ago

martin-ueding commented 7 years ago

There is an idiom often used in the code:

char buff[200];
sprintf(buff, …);

This is dangerous as sprintf can write more bytes than there is space in the buffer buff. It would be better to use snprintf which does a bounds check. But then one would have to take a look at the return value because this function can fail. In that case one would have to emit an exception.

I can understand that std::ostringstream::operator<< is not as usable as a printf-style format string. Using Boost format would be a viable alternative: easy and safe to use.

martin-ueding commented 6 years ago

I have replaced the sprintf with boost::format. There are some occurrences that one still has to fix in other files.