Why Is Escaping Data Considered So Magical?
Lawrence D'Oliveiro
ldo at geek-central.gen.new_zealand
Sun Jun 27 07:46:36 EDT 2010
In message <mailman.2184.1277626565.32709.python-list at python.org>, Kushal
Kumaran wrote:
> On Sun, Jun 27, 2010 at 9:47 AM, Lawrence D'Oliveiro
> <ldo at geek-central.gen.new_zealand> wrote:
>
>> In message <roy-854954.20435125062010 at news.panix.com>, Roy Smith wrote:
>>
>>> I recently fixed a bug in some production code. The programmer was
>>> careful to use snprintf() to avoid buffer overflows. The only problem
>>> is, he wrote something along the lines of:
>>>
>>> snprintf(buf, strlen(foo), foo);
>>
>> A long while ago I came up with this macro:
>>
>> #define Descr(v) &v, sizeof v
>>
>> making the correct version of the above become
>>
>> snprintf(Descr(buf), foo);
>
> Not quite right. If buf is a char array, as suggested by the use of
> sizeof, then you're not passing a char* to snprintf.
What am I passing, then?
More information about the Python-list
mailing list