@hal_pomeranz I don't remember much C, but isn't sprintf vulnerable to overflows?
2
Replying to @tootsierollpop8
@tootsierollpop8 Oh crap, that's sprintf()-- yeah vulnerable. snprintf() is the safe version.

Oct 24, 2015 路 12:45 AM UTC

1
1
Replying to @hal_pomeranz
@hal_pomeranz One letter difference... whoever came up with that didn't think that through very well...
1
@tootsierollpop8 Different argument vector too. snprintf() includes a parameter for length of buffer.
1
1