[libdvdnav-devel] [PATCH] sprintf -> strcpy
Lawrence D'Oliveiro
ldo at geek-central.gen.nz
Wed Sep 9 11:45:07 CEST 2015
On Wed, 09 Sep 2015 12:23:09 +0300, Petri Hintukainen wrote:
> On ke, 2015-09-09 at 19:57 +1200, Lawrence D'Oliveiro wrote:
>
>> On Wed, 9 Sep 2015 10:11:16 +0300, Petri Hintukainen wrote:
>>
>>> - sprintf( filename, "/VIDEO_TS/VIDEO_TS.VOB" );
>>> + strcpy( filename, "/VIDEO_TS/VIDEO_TS.VOB" );
>> [etc]
>>
>> I would not use either. I would use strncpy instead.
>
> Why ?
>
> Constant string is copied to constant-size buffer. Buffer overflow
> checks should be done at compile time, not runtime.
ldo at theon:c_try> cat overflow.c
#include <string.h>
int main(void)
{
char buf[5];
strcpy(buf, "THIS STRING IS MUCH TOO LARGE");
return
0;
} /*main*/
ldo at theon:c_try> gcc -c overflow.c
ldo at theon:c_try>
As you can see, there is no error reported.
What compile-time option should I use to ask for one?
More information about the libdvdnav-devel
mailing list