#6943 closed defect (fixed)
Potential unsafe uses of snprintf() / vsnprintf() with VS < 2015
Reported by: | Even Rouault | Owned by: | warmerdam |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | default | Version: | unspecified |
Severity: | normal | Keywords: | |
Cc: |
Description
We use the _snprintf() and _vsnprintf() implementations of the Microsoft C runtime for VS < 2015. But those functions have at least 2 differences with C99 requirements :
- they return -1 if the buffer isn't large enough, instead of the number of bytes that would have been written if the buffer was large enough. The return value of those functions is rarely used in the code base
- more annoying, if the buffer isn't large enough, they don't NUL terminate it
Note:
See TracTickets
for help on using tickets.
In 39285: