Spot the bug: wchar_t buf[123]; swprintf(buf, sizeof buf, "%s/%d", str, num);
-
-
Replying to @RichFelker
sizeof computes size in bytes. swprintf's second arg is a number of wide characters.
1 reply 0 retweets 1 like -
Replying to @volatile_void
Yep. But look how easy it is to overlook or even write the long thing.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
From a usable security standpoint, an API that /looks just like/ one where sizeof works, but where it's wrong, is utterly awful.
2 replies 0 retweets 0 likes -
Replying to @RichFelker
it also seems like something ripe for static analysis. Wonder if compiler makers will do stricter warns
1 reply 0 retweets 0 likes
Replying to @kevinbowling1
_FORTIFY_SOURCE should be able to catch it in most cases.
5:51 PM - 7 Nov 2016
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.