what should i use instead sprintf

Aug 21, 2012 at 9:55am
i have the following statement:-
1
2
3
4
5
6
7
8
9
10
 printf("%-9s %5s %10s %4s %9s %18s %9s %10s %s\n",
            "COMMAND",
            "PID",
            "USER",
            "FD",
            "TYPE",
            "DEVICE",
            "SIZE/OFF",
            "NODE",
            "NAME");

i have the following declaration global:-
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
#define buffer_ls 2500
 char file11[200]="/sdcard/NewLs.txt";
int WriteToLog(char* str)
   {
	   __android_log_print(ANDROID_LOG_INFO,"Tarun1","IN::WriteToLog");
      FILE* log;
      log = fopen(file11, "a+");
      if (log == NULL)
    	  __android_log_print(ANDROID_LOG_INFO,"Tarun1","cannot open file error %s", strerror(errno));
         return -1;
      fprintf(log, "%s\n", str);
      fclose(log);
      __android_log_print(ANDROID_LOG_INFO,"Tarun1","OUT::WriteToLog");
      return 0;
   }

i want rather than printing in file i would like to print it in txt file so i did like this:-
1
2
3
4
5
6
7
8
9
10
11
sprintf(buffer_ls,"%-9s %5s %10s %4s %9s %18s %9s %10s %s\n",
            "COMMAND",
            "PID",
            "USER",
            "FD",
            "TYPE",
            "DEVICE",
            "SIZE/OFF",
            "NODE",
            "NAME");
WriteToLog(buffer_ls);



My code fails at sprinf what should i use instead sprintf?
Aug 21, 2012 at 10:44am
Don't use sprintf, use snprintf instead. For example:
1
2
3
4
5
6
7
8
9
10
11
12
char buffer[128]; // some arbitrary size
snprintf(buffer, sizeof(buffer),
            "%-9s %5s %10s %4s %9s %18s %9s %10s %s\n",
            "COMMAND",
            "PID",
            "USER",
            "FD",
            "TYPE",
            "DEVICE",
            "SIZE/OFF",
            "NODE",
            "NAME");


You can write to a file with fprintf.
Last edited on Aug 21, 2012 at 10:45am
Aug 21, 2012 at 10:48am
i try'ed snprintf but its failing there too
Aug 21, 2012 at 10:57am
If you're using MSVC, it'll be _snprintf.

In general, try to avoid functions that write into unbounded buffers.
Aug 21, 2012 at 7:42pm
how about stringstream?
Sep 29, 2012 at 1:54pm
For this particular example, where the arguments to sprintf are static, the unbounded copy is probably ok but it is definitely a problem when copying user-controlled data. Check out my blog post for more information about how an sprintf can be disastrous to security:

http://connect.ncircle.com/t5/VERT-Security-Research-Blog/bg-p/VERTBlog/label-name/vert%20vuln%20school:%20stack%20buffer%20overflows%20101

Part 1 deals with demonstrating how an unbounded copy can crash a program: http://connect.ncircle.com/t5/VERT-Security-Research-Blog/VERT-Vuln-School-Stack-Buffer-Overflows-101-Part-1/ba-p/5782

Part 2 explains how the stack works and leads into why the unbounded copy can corrupt crucial data on the stack: http://connect.ncircle.com/t5/VERT-Security-Research-Blog/VERT-Vuln-School-Stack-Buffer-Overflows-101-Part-2/ba-p/5796

And be sure to catch the last piece which demonstrates functional exploit code for the example buffer overflow: http://connect.ncircle.com/t5/VERT-Security-Research-Blog/VERT-Vuln-School-Stack-Buffer-Overflows-101-Part-3/ba-p/5804
Last edited on Sep 29, 2012 at 1:54pm
Oct 1, 2012 at 8:37am
Dont use stringstream, it's out of date.
You can try boost. It's amazing!!
Oct 1, 2012 at 11:36am
Out of date?
Topic archived. No new replies allowed.