Re: [Clax86list] Feedback please (Linux, NASM code)
- From: Tim Roberts <spamtrap@xxxxxxxxxx>
- Date: Thu, 23 Nov 2006 21:22:05 GMT
Frank Kotler <spamtrap@xxxxxxxxxx> wrote:
Charles A. Crayne wrote:
On Wed, 22 Nov 2006 15:03:00 -0500
Frank Kotler <spamtrap@xxxxxxxxxx> wrote:
:(why the hell can't I find "itoa" in the man pages???)
Probably because the man pages spells it "sprintf",
Yipes! Isn't that dangerous? It was "sprintf" that allowed the buffer
overflow in Nasm - had to replace it with "snprintf". Well, won't be a
problem here...
If you are using sprintf to do the equivalent of itoa, then you have an
absolute upper bound on the size of the output string.
char xyz[12];
sprintf( xyz, "%d", i );
That can't overflow.
--
Tim Roberts, timr@xxxxxxxxx
Providenza & Boekelheide, Inc.
.
- Follow-Ups:
- Re: Feedback please (Linux, NASM code)
- From: Spoon
- Re: Feedback please (Linux, NASM code)
- References:
- Feedback please (Linux, NASM code)
- From: Shay
- Re: Feedback please (Linux, NASM code)
- From: Frank Kotler
- Re: [Clax86list] Feedback please (Linux, NASM code)
- From: Charles A. Crayne
- Re: [Clax86list] Feedback please (Linux, NASM code)
- From: Frank Kotler
- Feedback please (Linux, NASM code)
- Prev by Date: Re: doubt in protected mode
- Next by Date: Re: Confused by Intel's Opcode docs
- Previous by thread: Re: [Clax86list] Feedback please (Linux, NASM code)
- Next by thread: Re: Feedback please (Linux, NASM code)
- Index(es):
Relevant Pages
|
