diff options
author | rubidium <rubidium@openttd.org> | 2008-10-28 14:42:31 +0000 |
---|---|---|
committer | rubidium <rubidium@openttd.org> | 2008-10-28 14:42:31 +0000 |
commit | 0d254e8914f294a8f9a0e177e2d0208e57b2d5c9 (patch) | |
tree | b5fc23e46516c5f53edc37ad11559ac6e8586d4c /src/string_func.h | |
parent | cf4cffd91adbe563e4cd9f892ad3ab54a2fef13e (diff) | |
download | openttd-0d254e8914f294a8f9a0e177e2d0208e57b2d5c9.tar.xz |
(svn r14540) -Codechange: introduce [v]seprintf which are like [v]snprintf but do return the number of characters written instead of the number of characters that would be written; as size_t is unsigned substraction can cause integer underflows quite quickly.
Diffstat (limited to 'src/string_func.h')
-rw-r--r-- | src/string_func.h | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/string_func.h b/src/string_func.h index 1453170ad..c6d71b56d 100644 --- a/src/string_func.h +++ b/src/string_func.h @@ -1,6 +1,19 @@ /* $Id$ */ -/** @file string_func.h Functions related to low-level strings. */ +/** @file string_func.h Functions related to low-level strings. + * + * @note Be aware of "dangerous" string functions; string functions that + * have behaviour that could easily cause buffer overruns and such: + * - strncpy: does not '\0' terminate when input string is longer than + * the size of the output string. Use strecpy instead. + * - [v]snprintf: returns the length of the string as it would be written + * when the output is large enough, so it can be more than the size of + * the buffer and than can underflow size_t (uint-ish) which makes all + * subsequent snprintf alikes write outside of the buffer. Use + * [v]seprintf instead; it will return the number of bytes actually + * added so no [v]seprintf will cause outside of bounds writes. + * - [v]sprintf: does not bounds checking: use [v]seprintf instead. + */ #ifndef STRING_FUNC_H #define STRING_FUNC_H @@ -28,6 +41,9 @@ void ttd_strlcpy(char *dst, const char *src, size_t size); char *strecat(char *dst, const char *src, const char *last); char *strecpy(char *dst, const char *src, const char *last); +int CDECL seprintf(char *str, const char *last, const char *format, ...); +int CDECL vseprintf(char *str, const char *last, const char *format, va_list ap); + char *CDECL str_fmt(const char *str, ...); /** Scans the string for valid characters and if it finds invalid ones, |