-
2013.09.20 16:09 "Re: [Tiff] Vulnerabilities in libtiff 4.0.3", by Lee Howard
- 2013.09.20 16:24 "Re: [Tiff] Vulnerabilities in libtiff 4.0.3", by Bob Friesenhahn
- 2013.09.24 06:55 "Re: [Tiff] Vulnerabilities in libtiff 4.0.3", by Albert Cahalan
2013.09.20 16:59 "Re: [Tiff] Vulnerabilities in libtiff 4.0.3", by Olivier Paquet
On Fri, Sep 20, 2013 at 12:34 PM, Lee Howard <faxguy@howardsilvan.com>wrote:
On 09/20/2013 09:24 AM, Bob Friesenhahn wrote:
snprintf(buf, sizeof(buf), "YCbCr conversion of %s",
Please be aware that snprintf is not assured to null-terminate the destination string. Is this being handled by subsequent statements or is the problem only changed?
The snprintf man page says:
The functions snprintf() and vsnprintf() write at most size
bytes (including the trailing null byte ('\0')) to str.
The trailing null byte is added to str, unless size is zero.
Is it wrong? What am I missing?
Perhaps Bob confused it with strncpy which does have that problem. The man page wording on linux is a little ambiguous but the OS X one is quite clear and other online references also state that the null is always added by snprintf. glibc certainly does add it.
Olivier