[Patches] [ python-Patches-1428655 ] Use snprintf for static buffers

[SourceForge.net]

Patches item #1428655, was opened at 2006-02-09 22:35
Message generated for change (Comment added) made by calvin
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1428655&group_id=5470

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Core (C code)
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Wummel (calvin)
Assigned to: Nobody/Anonymous (nobody)
Summary: Use snprintf for static buffers

Initial Comment:
Hi,

there are some uses of sprintf in the Python C code.
Unfortunately sprintf is known to cause buffer
overruns. To prevent this I have written a patch that
replaces sprintf with snprintf. To be on the safe side
(and since I don't know much of the C code internals) I
only changed static buffers, where the sizeof()
operator is known to work.

The patch is against SVN 42293, and tested on a i386
Debian Linux system.

----------------------------------------------------------------------

>Comment By: Wummel (calvin)
Date: 2006-02-13 20:13

Message:
Logged In: YES 
user_id=9205

The snprintf had implementations which did not
null-terminate the buffer if it was too small. I detected
that Python itself has a wrapper function defined for that
reason: PyOS_snprintf.

I will attach a patch in the next days that makes use of
PyOS_snprintf, which should remove the trailing null-byte lines.

I noted that none of the calls of both sprintf and
PyOS_snprintf actually check the return code. But I found
out that Guido does not care, as said in this message:
http://permalink.gmane.org/gmane.comp.python.devel/33591


----------------------------------------------------------------------

Comment By: Martin v. Löwis (loewis)
Date: 2006-02-10 20:51

Message:
Logged In: YES 
user_id=21627

The patch has several problems:

1. It is unnecessary. The print calls actually *cannot*
cause buffer overruns, because in all cases, the buffers are
large enough.

2. The insertion of a trailing null-byte is unnecessary:
snprintf will already add that byte, even if it runs out of
space.

The first argument could be discarded, since using snprintf
can be considered as improving maintainability; point 2
actually decreases maintainability.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=305470&aid=1428655&group_id=5470