Talk:Reviewing Code for Buffer Overruns and Overflows

Under "Walking the stack", the statement "the %n directive in printf... takes an int* and writes the number of bytes so far to that location" is incorrect. "%n" is defined for the sscanf function, but not for printf... unless somebody knows of a non-standard implementation of C which does behave in this way, in which case that implementation should be identified.