Talk:Reviewing Code for Buffer Overruns and Overflows

From OWASP
Revision as of 12:42, 1 May 2007 by Dd9jn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Under "Walking the stack", the statement "the %n directive in printf()... takes an int* and writes the number of bytes so far to that location" is incorrect. "%n" is defined for the sscanf() function, but not for printf()... unless somebody knows of a non-standard implementation of C which does behave in this way, in which case that implementation should be identified.

Use DIM or sizeof

The good patterns sections should suggest to either use sizeof or the usual DIM macro instead of hard coding the length of the buffer. I.e.:

char  smallBuffer[10]; // size of 10
strncpy(smallBuffer, userId, sizeof smallBuffer);
...