[OT] Re: Why Is Escaping Data Considered So Magical?
Michael Torrie
torriem at gmail.com
Wed Jun 30 00:05:17 EDT 2010
On 06/29/2010 06:25 PM, Lawrence D'Oliveiro wrote:
> I have yet to find an architecture or C compiler where it DOESN’T work.
>
> Feel free to try and prove me wrong.
Okay, I will. Your code passes a char** when a char* is expected. Every
compiler I know of will give you a *warning*. Mistaking char*, char**,
and char[] is a common mistake that almost every C program makes in the
beginning. Now for the proof:
Consider this variation where I use a dynamically allocated buffer
instead of static:
#include <stdio.h>
int main(int argc, char ** argv)
{
char *buf = malloc(512 * sizeof(char));
const int a = 2, b = 3;
snprintf(&buf, sizeof buf, "%d + %d = %d\n", a, b, a + b);
fprintf(stdout, buf);
free(buf);
return 0;
} /*main*/
On my machine, an immediate segfault (stack overrun). Your code only
works because your buf is statically allocated, which means &buf==buf.
But this equivalance does not hold for any other situation. If your
buffer was dynamically allocated on the heap, instead of passing a
pointer to the buffer (which *is* what buf itself is), you are passing a
pointer to the pointer, which is where buf is stored on the stack, but
not the buffer itself. Instant stack corruption.
More information about the Python-list
mailing list