"C library functions such as strcpy
(), strcat (), sprintf () and vsprintf
() operate on null terminated strings
and perform no bounds checking."
sprintf(str, "%s", message); // assume declaration and
// initialization of variables
You're correct on both problems, though they're really both the same problem (which is accessing data beyond the boundaries of an array).
A solution to your first problem is to instead use
snprintf, which accepts a buffer size as an argument.
A solution to your second problem is to give a maximum length argument to
s[n]printf. For example:
char buffer; snprintf(buffer, sizeof(buffer), "This is a %.4s\n", "testGARBAGE DATA"); // strcmp(buffer, "This is a test\n") == 0
If you want to store the entire string (e.g. in the case
sizeof(buffer) is too small), run
// Behaviour is different in SUSv2; see // "conforming to" section of man 3 sprintf int length = snprintf(NULL, 0, "This is a %.4s\n", "testGARBAGE DATA"); ++length; // +1 for null terminator char *buffer = malloc(length); snprintf(buffer, length, "This is a %.4s\n", "testGARBAGE DATA");
(You can probably fit this into a function using