[CF-Devel] sprintf bad, snprintf good
Mark Wedel
mwedel at scruz.net
Fri May 25 22:02:38 CDT 2001
Bob Tanner wrote:
>
We can change autoconf to check the system for it and set the appropriate
>
#define's on what it finds.
Yeah - that part is pretty easy. And even if we use the trivial sprintf
suggestion if snprintf does not exist, it still does provide us additional
benefits for the systems that does have it.
>
Has anyone run purecoverage over crossfire?
>
>
What routines are "hot spots"?
>
>
We can keep the strncat out of the hot spots.
Probably not. I've run purify on it a few times. I believe there are other
coverage tools. compiling with -prof and using gprof works pretty good for
finding where cpu time is being spent.
I'm most worried about things that form the packets we send to the client -
they tend to add the pieces in. But anything that can iterate a lot in one tick
could be a problem.
I beleive peter runs electric fence, which should catch these things, but only
when they occur. Things like:
strcpy(buf,query_name(op))
may work fine for 99.9% of the cases, until you get something with a really
long object name, at which point it breaks.
>
IMHO, things like this:
>
>
strcpy(obuf,"Range: nothing");
>
>
There is no problem doing a strncpy (also there is really no overflow potential
>
either).
for strncpy to be useful, you then have to put stuff like:
obuf[LEN-1] =0;
after all the strncpy functions. Otherwise, you have an unterminated string
sitting around which will almost certainly cause other problems.
More information about the crossfire
mailing list