Re: [Lcms-user] Beta for lcms-1.18 available on site
An ICC-based CMM for color management
Brought to you by:
mm2
From: Dirck B. <lis...@da...> - 2009-03-11 04:44:41
|
Graeme Gill wrote: > Dirck Blaskey wrote: > >> * use of strcat, strcpy, sprintf are all problematic - fortunately most >> of this is in code that I'm not using. >> > > Contrary to what some people would have you believe, > strcat, strcpy, sprintf are not inherently unsafe > in all usage, anymore than the "n" versions are > inherently safe, and the former have the advantage > of better availability. > I have clients who require a clean build on VS 2005 or newer. strcat and strcpy can be used safely, but the aren't designed to be safe, and it's hard for a compiler to tell if any use of them is safe or not. It's very easy to use sprintf incorrectly and overflow the target buffer, and impossible for the compiler to tell. I don't recommend the "n" versions, either; strncat is somewhat safe but still hard to use correctly, and any use of strncpy is a disaster waiting to happen. Grabbing one usage at random, In 2.0 cmscgats.c: char Buffer[256]; strncpy(Buffer, Data, 255); if (strlen(Buffer) <= strlen(Data)) strcpy(Data, Buffer); Buffer may be non-null terminated, and passed to strlen. This is bad. Sadly, if you have to use null terminated C strs, the only safe and portable approach is to "roll your own", but it's not that hard to do bounded copies correctly; for example: #define strncpyz(D,S,SZ) do { *(D)=0; strncat(D, S, (SZ)-1); } while(0) There are some freely available implementations of snprintf that work ok. |