search

Starlink / starlink

Starlink Software Collection
162 stars 53 forks source link

Sprintf considered harmful #27

Open timj opened 10 years ago

timj commented 10 years ago

In commit 0b368eae3bcc7e88352355824b2329d4f234e3d5 we are left with the following code:

/* Get the name for the Q NDF for this block. Start of with "Q" followed by
   the block index. */
                  iblock++;
                  nc = sprintf( ndfname, "Q%d", iblock );

/* Append the subarray name to the NDF name. */
                  nc += sprintf( ndfname + nc, "_%s", subarray );

/* Append the chunk index to the NDF name. */
                  nc += sprintf( ndfname + nc, "_%d", (int) ichunk );

in smurf_calcqu.c. The second two lines were historically protected by if-statements and so were distinct. Now this could all be done in a single sprintf. Furthermore, one_snprintf should be used to protect against buffer overflow.

There are many unprotected sprintf uses in SMURF. Particular care should be taken when using %s.

MalcolmCurrie commented 10 years ago

Please could you expand the recommendations in http://starlink.jach.hawaii.edu/starlink/StarlinkCProgramming.

timj commented 10 years ago

I have added an entry about ONE.