capture_client modernization, a call for review

Erik de Castro Lopo:
> Melanie wrote:
>
> > I know of no printf implementation that doesn't
support variable
> > field width specifiers, of the form
> >
> > sprintf(..., "jack_capture_%0*d.wav",
leading_zeros, ++try);
>
> Please don't use sprintf anywhere. The function is
inherently unsafe
> and has led to huge number of buffer overflows. Yes I
know it sprintf
> can, in some circumstances be guaranteed safe, but it
will still be
> flagged as a potential problem by tools like
Flawfinder.
>
> Use snprintf instead.

Oh, come on. Saying "don't use sprintf
anywhere" is just as stupid as
saying "never use goto" or "never use
scanf". We are not first year
computer science students, you don't have to write
statements
like that. Flawfinder sounds like a program I won't use.




------------------------------------------------------------
-------------
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Jackit-devel mailing list
Jackit-devellists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jackit-dev
el

> > Use snprintf instead.
>
> Oh, come on. Saying "don't use sprintf
anywhere" is just as stupid as
> saying "never use goto" or "never use
scanf". We are not first year
> computer science students, you don't have to write
statements
> like that. Flawfinder sounds like a program I won't
use.

Wrong examples: "goto" is different, you can't
jump to the middle of
instruction. Scanf args are validated by gcc.

Erik is absolutely right. Please, don't create potential
security hole.
sprintf is one of the biggest mistakes in libc. snprintf is
how it
should be done from the beginning.

Even if we aren't first year cs students we are still
people. And
still make stupid mistakes.

Regards,

Dmitry.


------------------------------------------------------------
-------------
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Jackit-devel mailing list
Jackit-devellists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jackit-dev
el

On Mon, 17 Jul 2006, Dmitry Baikov wrote:

>> > Use snprintf instead.
>> 
>> Oh, come on. Saying "don't use sprintf
anywhere" is just as stupid as
>> saying "never use goto" or "never
use scanf". We are not first year
>> computer science students, you don't have to write
statements
>> like that. Flawfinder sounds like a program I
won't use.
>
> Wrong examples: "goto" is different, you
can't jump to the middle of
> instruction. Scanf args are validated by gcc.
>
> Erik is absolutely right. Please, don't create
potential security hole.
> sprintf is one of the biggest mistakes in libc.
snprintf is how it
> should be done from the beginning.
>
> Even if we aren't first year cs students we are still
people. And
> still make stupid mistakes.
>

sprintf is a cleaner command than snprintf, so code with
sprintf
is easier to read than snprintf. I think that is a lot more
important
factor to avoid bugs.

Besides, it seems like you think that by using sprintf, you
automatically
create a potential security hole. Thats wrong, its very easy
to make 
secure sprintf calls.



------------------------------------------------------------
-------------
Using Tomcat but need to do more? Need to support web
services, security?
Get stuff done quickly with pre-integrated technology to
make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on
Apache Geronimo
http://sel.as-us.falkag.net/
sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Jackit-devel mailing list
Jackit-devellists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jackit-dev
el

Kjetil S. Matheussen wrote:

> sprintf is a cleaner command than snprintf, so code
with sprintf
> is easier to read than snprintf. I think that is a lot
more important
> factor to avoid bugs.

I disagree. If I am auditing code and I see an sprintf I
have evaluate
the surrounding code very carefully to figure out if that
particular
instance of sprintf is safe or not. With snprintf I know
that if the
size parameter and the buffer size are the same then there
can be no
buffer overrun.

In my own code I often use this:

    snprintf (buffer, sizeof (buffer), ....) ;

That is impossible to get wrong and anyone reading the code
can 
immediately see that there will be no overrun of the buffer.
Now 
look at sprintf:

    sprintf (buffer, .....) ;

Ooops, not enough information. You have to look at the
format string
and figure out the length of the buffer before you can even
begin to
guage if its safe.

Programming is hard. Its especially hard in a languages like
C and
C++ where its so easy to shoot oneself in the foot.
Programmers
should grab every oportunity they can to make their software
better
and the sprintf/snprintf decision should be a no brainer.

Erik
-- 
+-----------------------------------------------------------
+
  Erik de Castro Lopo
+-----------------------------------------------------------
+
The Religion of Peace:
h
ttp://news.bbc.co.uk/2/hi/asia-pacific/4387604.stm

------------------------------------------------------------
-------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the
chance to share your
opinions on IT & business topics through brief surveys
-- and earn cash
http://www.techsay.com/default.
php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Jackit-devel mailing list
Jackit-devellists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jackit-dev
el