|
|
Boost Users : |
From: McGrath, Justin M (jmcgrath_at_[hidden])
Date: 2023-11-16 15:22:01
Hi Matt,
In ODEINT it's called in max_step_checker.hpp.
```
const int m_max_steps;
...
char error_msg[200];
std::sprintf(error_msg, "Max number of iterations exceeded (%d).", m_max_steps);
...
char error_msg[200];
std::sprintf(error_msg, "Max number of iterations exceeded (%d).", m_max_steps);
```
It looks to me that neither of these uses could possibly overflow, but for whatever reason people have latched onto the idea that sprintf should never be used.
Cheers,
Justin
________________________________________
From: Matt Borland <matt_at_[hidden]>
Sent: Thursday, November 16, 2023 1:49 AM
To: Boost users list
Cc: McGrath, Justin M
Subject: Re: [Boost-users] Could sprintf be replaced with snprintf?
On Wed, Nov 15, 2023 at 17:56, McGrath, Justin M via Boost-users <boost-users_at_[hidden]<mailto:On%20Wed,%20Nov%2015,%202023%20at%2017:56,%20McGrath,%20Justin%20M%20via%20Boost-users%20<<a%20href=>> wrote:
I am using some Boost libraries in a code base that does not want any use of sprintf. An automatic test flags any calls to it or vsprintf.
Is it possible to replace all uses of sprintf with snprintf? I really doubt there are actually any security issues here, but I'm hoping this wouldn't be too difficult or cause any problems other than the effort to do it.
Cheers,
Justin,
Which libraries are you using that have that issue?
Matt
Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net
Justin
_______________________________________________
Boost-users mailing list
Boost-users_at_[hidden]
https://lists.boost.org/mailman/listinfo.cgi/boost-users