Re: Problem mac os X version 10.6 when using sprinft
Re: Problem mac os X version 10.6 when using sprinft
- Subject: Re: Problem mac os X version 10.6 when using sprinft
- From: "Sean McBride" <email@hidden>
- Date: Fri, 7 May 2010 19:27:57 -0400
- Organization: Rogue Research Inc.
On Fri, 7 May 2010 21:50:46 +0100, Alastair Houghton said:
>On 7 May 2010, at 21:16, Sean McBride wrote:
>
>> Also, you should never use sprintf. Use snprintf instead.
>
>snprintf() is safer, certainly, but "never" is a little strong for my
>taste. Like goto or longjmp(), it depends who is using it and what for.
Well, yes, there's an exception to every rule (even this one). :)
But really, sprintf is more evil than goto, especially since snprintf
can be easily substituted. Using sprintf is risking exploitable buffer
overflows, a common security problem, especially if the string is user-
input. See also:
<http://developer.apple.com/mac/library/documentation/Security/
Conceptual/SecureCodingGuide/Articles/BufferOverflows.html#//apple_ref/
doc/uid/TP40002577-SW10>
>*Anyway*, this is cocoa-dev, and that being the case, this entire
>question is off-topic. So to bring it back *on* topic, a better
>alternative would be to use NSString's -stringWithFormat: method, which
>is safer than sprintf() or snprintf(), and means you get an NSString
>object which is a much richer type than a plain C string. -
>stringWithFormat: also supports pretty much the same set of specifiers
>that printf() does, with the addition of %@, of course.
>
>Oh, and there's also NSNumberFormatter if you want to format numbers in
>a more sophisticated manner.
Agreed!
--
____________________________________________________________
Sean McBride, B. Eng email@hidden
Rogue Research www.rogue-research.com
Mac Software Developer Montréal, Québec, Canada
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden