what should i use instead sprintf

i have the following statement:-
1
2
3
4
5
6
7
8
9
10
 printf("%-9s %5s %10s %4s %9s %18s %9s %10s %s\n",
            "COMMAND",
            "PID",
            "USER",
            "FD",
            "TYPE",
            "DEVICE",
            "SIZE/OFF",
            "NODE",
            "NAME");

i have the following declaration global:-
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
#define buffer_ls 2500
 char file11[200]="/sdcard/NewLs.txt";
int WriteToLog(char* str)
   {
	   __android_log_print(ANDROID_LOG_INFO,"Tarun1","IN::WriteToLog");
      FILE* log;
      log = fopen(file11, "a+");
      if (log == NULL)
    	  __android_log_print(ANDROID_LOG_INFO,"Tarun1","cannot open file error %s", strerror(errno));
         return -1;
      fprintf(log, "%s\n", str);
      fclose(log);
      __android_log_print(ANDROID_LOG_INFO,"Tarun1","OUT::WriteToLog");
      return 0;
   }

i want rather than printing in file i would like to print it in txt file so i did like this:-
1
2
3
4
5
6
7
8
9
10
11
sprintf(buffer_ls,"%-9s %5s %10s %4s %9s %18s %9s %10s %s\n",
            "COMMAND",
            "PID",
            "USER",
            "FD",
            "TYPE",
            "DEVICE",
            "SIZE/OFF",
            "NODE",
            "NAME");
WriteToLog(buffer_ls);



My code fails at sprinf what should i use instead sprintf?
Don't use sprintf, use snprintf instead. For example:
1
2
3
4
5
6
7
8
9
10
11
12
char buffer[128]; // some arbitrary size
snprintf(buffer, sizeof(buffer),
            "%-9s %5s %10s %4s %9s %18s %9s %10s %s\n",
            "COMMAND",
            "PID",
            "USER",
            "FD",
            "TYPE",
            "DEVICE",
            "SIZE/OFF",
            "NODE",
            "NAME");


You can write to a file with fprintf.
Last edited on
i try'ed snprintf but its failing there too
If you're using MSVC, it'll be _snprintf.

In general, try to avoid functions that write into unbounded buffers.
how about stringstream?
For this particular example, where the arguments to sprintf are static, the unbounded copy is probably ok but it is definitely a problem when copying user-controlled data. Check out my blog post for more information about how an sprintf can be disastrous to security:

http://connect.ncircle.com/t5/VERT-Security-Research-Blog/bg-p/VERTBlog/label-name/vert%20vuln%20school:%20stack%20buffer%20overflows%20101

Part 1 deals with demonstrating how an unbounded copy can crash a program: http://connect.ncircle.com/t5/VERT-Security-Research-Blog/VERT-Vuln-School-Stack-Buffer-Overflows-101-Part-1/ba-p/5782

Part 2 explains how the stack works and leads into why the unbounded copy can corrupt crucial data on the stack: http://connect.ncircle.com/t5/VERT-Security-Research-Blog/VERT-Vuln-School-Stack-Buffer-Overflows-101-Part-2/ba-p/5796

And be sure to catch the last piece which demonstrates functional exploit code for the example buffer overflow: http://connect.ncircle.com/t5/VERT-Security-Research-Blog/VERT-Vuln-School-Stack-Buffer-Overflows-101-Part-3/ba-p/5804
Last edited on
Dont use stringstream, it's out of date.
You can try boost. It's amazing!!
Out of date?
Topic archived. No new replies allowed.