[Insight-developers] snprintf portability (was: Fix possibility of buffer overflow in itkNumericSeriesF...)
Brad King
brad.king at kitware.com
Wed Jan 19 11:01:00 EST 2011
On 01/19/2011 10:49 AM, Code Review wrote:
> From Bill Lorensen <bill.lorensen at gmail.com>:
> I think a better job could be done for windows. Currently, the first snprintf
> will always return -1 for windows. If char c[10000]; was used instead of char c;
> most of the time (except for huge filenames) snprintf will return a valid value
> on all platforms.
> To view, visit http://review.source.kitware.com/521
In that case we might as well just use that result directly and only
fall back to dynamic allocation when the stack buffer isn't big enough.
For reference, I just experimented with snprintf and _snprintf on a
bunch of compilers:
- HP
- SunPro
- SGI MipsPro
- IBM XL
- GNU on Linux
- Intel on Linux
- Intel on Windows
- VS 6, 7, 7.1, 8, 9, 10
- Borland 5.5, 5.6, 5.8
- Watcom
- GNU on Windows (MinGW)
- GNU on Cygwin (default, -mwin32, -c99, -mwin32 -c99)
The attached snprintf.c shows the results I encountered. The most
interesting was on SGI where -D_XOPEN_SOURCE=500 changes the result.
Only cases in which the buffer is large enough are consistent everywhere.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snprintf.c
Type: text/x-csrc
Size: 2103 bytes
Desc: not available
URL: <http://www.itk.org/mailman/private/insight-developers/attachments/20110119/7d06f8ab/attachment.c>
More information about the Insight-developers
mailing list