undefined | Better HN

0 pointsAnimats10y ago0 comments

An unchecked "sprintf" is a potential buffer overflow, especially in something like this where the input and output string buffers are parameters to the function.

I didn't even go looking for bad code. I was just curious to see what language they were using. This was near the top of the first file I looked at.

The code looks like C code circa 1990. If a first glance turned up this, what else bad is in there?

0 comments

1 comments · 1 top-level

ArkyBeagle10y ago

Whether this is bad in practice depends. It is declared static, so it's just a small helper function, not a major API entry point.

In a review, I'd call out requirements for buffer overflow detection outside this function.

j / k navigate · click thread line to collapse