False sense of security with `snprintf_s`

Posted by xtofl on Stack Overflow See other posts from Stack Overflow or by xtofl
Published on 2010-04-29T14:46:17Z Indexed on 2010/04/29 14:57 UTC
Read the original article Hit count: 323

Filed under:

c++

|

visual-c++

|

visual-c++-2005

|

visual-studio-2005

MSVC's "secure" sprintf funcions have a template version that 'knows' the size of the target buffer. However, this code happily paints 567890 over the stack after the end of bytes...

char bytes[5];
_snprintf_s( bytes, _TRUNCATE, "%s", "1234567890" );

Any idea what I do wrong, or is this a known bug?

(I'm working in VS2005 - didn't test in 2008 or 2010)

© Stack Overflow or respective owner

Related posts about c++

Which C++ book shold I get between "C++ Primer" vs "C++ Primer Plus"

as seen on Stack Overflow - Search for 'Stack Overflow'
I want to learn C++ by using Vim and MinGW as compiler. I'm interesting at "C++ Primer (4th Edition)" and "C++ Primer Plus (5th Edition)" but I don't know how about it different. It has no book store that I can review those books, so I want to know, what is the different between those book and which… >>> More
C++ : C++ Primer (Stanley Lipmann) or The C++ programming language (special edition)

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a Computer Science degree (long2 time ago) .. I do know Java OOP but i am now trying to pick up C++. I do have C and of course data structure using C or pascal. I have started reading Bjarne Stroustrup book (The C++ Programming Language - Special Edition) but find it extremely difficult esp… >>> More
I need help on my C++ assignment using MS Visual C++

as seen on Stack Overflow - Search for 'Stack Overflow'
Ok, so I don't want you to do my homework for me, but I'm a little lost with this final assignment and need all the help I can get. Learning about programming is tough enough, but doing it online is next to impossible for me... Now, to get to the program, I am going to paste what I have so far. This… >>> More
Managed c++ std::string not accessible in unmanaged c++

as seen on Stack Overflow - Search for 'Stack Overflow'
In unmanaged c++ dll i have a function which takes constant std::string as argument Prototype : void read ( const std::string &imageSpec_ ) I call this function from managed c++ dll by passing a std::string. When i debug the unmanaged c++ code the parameter imageSpec_ shows the value correctly… >>> More
The Definitive C++ Book Guide and List

as seen on Stack Overflow - Search for 'Stack Overflow'
After more than a few questions about deciding on C++ books I thought we could make a better community wiki version. Providing QUALITY books and an approximate skill level. Maybe we can add a short blurb/description about each book that you have personally read / benefited from. Feel free to debate… >>> More

Related posts about visual-c++

The Visual Studio development environment crashes when you open Visual Studio 2005, Visual Studio 20

as seen on Dot net Slackers - Search for 'Dot net Slackers'
983279 ... The Visual Studio development environment crashes when you open Visual Studio 2005, Visual Studio 2008, or Visual Studio 2010This RSS feed provided by kbAlerz.com.Visit kbAlertz.com to subscribe. It's 100% free and you'll be able to recieve e-mail or RSS updates for the technologies… >>> More
The Visual Studio development environment crashes when you open Visual Studio 2005, Visual Studio 20

as seen on Dot net Slackers - Search for 'Dot net Slackers'
983279 ... The Visual Studio development environment crashes when you open Visual Studio 2005, Visual Studio 2008, or Visual Studio 2010This RSS feed provided by kbAlerz.com.Visit kbAlertz.com to subscribe. It's 100% free and you'll be able to recieve e-mail or RSS updates for the technologies… >>> More
Working with Subversion the same as with Visual Source Safe in Visual Studio

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, At work I just started using subversion with ankhsvn instead of visual source safe. I managed to integrate it well enough but it doesn't seem the same. Using VSS the following would happen: A user check out a file by right clicking and selecting "check out" or by editing it. If another user… >>> More
C# development with Mono and MonoDevelop

as seen on Developer IT - Search for 'Developer IT'
In the past two years, I have been developing .NET from my MacBook by running Windows XP into VM Ware and more recently into Virtual Box from OS X. This way, I could install Visual Studio and be able to work seamlessly. But, this way of working has a major down side: it kills the battery of my laptop…… >>> More
ASP.NET MVC 2 Released

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I’m happy to announce that the final release of ASP.NET MVC 2 is now available for VS 2008/Visual Web Developer 2008 Express with ASP.NET 3.5. You can download and install it from the following locations: Download ASP.NET MVC 2 using the Microsoft Web Platform Installer Download… >>> More