Hal Pomeranz · Oct 23, 2015 · 10:59 PM UTC

Hal Pomeranz @hal_pomeranz

23 Oct 2015

Oh heck no!

Marcos Besteiro 👧🏻👶🏻 @MarcosBL

8 Sep 2015

How to check if a number is negative

Annah Waggoner · Oct 24, 2015 · 12:12 AM UTC

Annah Waggoner @tootsierollpop8

24 Oct 2015

@hal_pomeranz I don't remember much C, but isn't sprintf vulnerable to overflows?

Hal Pomeranz · Oct 24, 2015 · 12:45 AM UTC

Hal Pomeranz · Oct 24, 2015 · 12:45 AM UTC

Hal Pomeranz @hal_pomeranz

24 Oct 2015

@tootsierollpop8 Oh crap, that's sprintf()-- yeah vulnerable. snprintf() is the safe version.

Oct 24, 2015 · 12:45 AM UTC

Annah Waggoner · Oct 24, 2015 · 12:49 AM UTC

Annah Waggoner @tootsierollpop8

24 Oct 2015

@hal_pomeranz One letter difference... whoever came up with that didn't think that through very well...

Hal Pomeranz · Oct 24, 2015 · 7:53 AM UTC

Hal Pomeranz @hal_pomeranz

24 Oct 2015

@tootsierollpop8 Different argument vector too. snprintf() includes a parameter for length of buffer.