谈谈 snprintf
转自: [url=http://www.1-100.org/other/19321.htm]http://www.1-100.org/other/19321.htm[/url]众所周知,sprintf不能检查目标字符串的长度,可能造成众多安全问题,所以都会推荐使用snprintf.[code]
snprintf(_snprintf)的声明是这样的
int _snprintf(
?? char *buffer,
?? size_t count,
?? const char *format [,
????? argument] ...
);
[/code]
If len < count, then len characters are stored in buffer, a null-terminator is appended, and len is returned.
If len = count, then len characters are stored in buffer, no null-terminator is appended, and len is returned.
If len > count, then count characters are stored in buffer, no null-terminator is appended, and a negative value is returned.
最常见的错误用法有:
[code]
1.
char sa[256]={0};
_snprintf(sa,sizeof(sa),"%s",sb);
//错误原因:当sb的长度>=256的时候,sa将没有'\0'结尾
2.
char sa[256];
_snprintf(sa,sizeof(sa)-1,"%s",sb);
//错误原因:当sb的长度>=255的时候,sa将没有'\0'结尾,忘记给sa初始化
3.
char sa[256];
_snprintf(sa,sizeof(sa)-1,"%s",sb);
sa[sizeof(sa)]=0;
//错误原因:最后一行数组越界
[/code]
正确的用法
[code]
1. //推荐用法
char sa[256];
sa[sizeof(sa)-1]=0;
_snprintf(sa,sizeof(sa),"%s",sb);
if(sa[sizeof(sa)-1]!=0)
{
???printf("warning:string will be truncated");
?? sa[sizeof(sa)-1]=0;
}
2.
char sa[256]={0};
int?result = _snprintf(sa,sizeof(sa),"%s",sb);
if(result==sizeof(sa) || result<0)
{
????printf("warning:sting will be truncated");
?? sa[sizeof(sa)-1]=0;
}
[/code]
页:
[1]