Click here to Skip to main content
15,888,148 members
Search within:


Does sprintf truncate extra charecters if the destination buffer overflow?
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C++14
Hello Friends,

I was fixing a bug related to sprintf , below is the code:

float initial_temp_setpoint = 60;

sprintf(
bc_buffer, "\n\rVTM: NOT bc_vap_state_off: bc_cf_auto_vap_standby_enable: NOT bc_vap_standby_warmup_completed: warmup time=INC: setpoint<ALI3_STARTUP_COOL: initial_temp_setpoint from bc_vap_standby_temp=AT_ALI3_STARTUP_COOL_DEF_TEMP=%f",initial_temp_setpoint);


Note: bc_buffer is a global char array with a size of 200. However, as per the above code sprintf writes ~223 bytes of data into it.

I thought that the code would crash, but it did not, it printed the output correctly as below:

Quote:
VTM: NOT bc_vap_state_off: bc_cf_auto_vap_standby_enable: NOT bc_vap_standby_warmup_completed: warmup time=INC: setpoint<ali3_startup_cool: initial_temp_setpoint="" from=""
bc_vap_standby_temp="AT_ALI3_STARTUP_COOL_DEF_TEMP=60.000000</blockquote">

I was expecting a crash. I was thinking to fix this by using snprintf, so that memory overflow could be avoided.

But that would result in a truncated log. So, i was thinking to increase the size of bc_buffer including a NULL charecter. But as it is a global variable, i am a little apprehensive as i do not want to play with a global data and it could also affect the memory map.

Could this behaivour be compiler related?

I would request for suggestions.

Thanks,
Rahul VB

What I have tried:

I tried out the above code in eclipse and Visual studio, but it prints the entire string and not truncated.

I also set a break point to view the data of bc_buffer as below:

(x)=bc_buffer[197] char 83 'S'
(x)=bc_buffer[198] char 84 'T'
(x)=bc_buffer[199] char 65 'A'

As you can see above the last charecter is 'A' and no NULL charecter, still it does print the entire string of 223 bytes.
Posted
Updated 4-Dec-19 22:41pm
Add a Solution

3 solutions

No it doesnt. It is one of the major problems in C and often been the cause for backdoor, crashes and attacks. For that reason the snprintf was developed and introduced. It was an epic moment in C. ;-)

Take a look at this tutorial for further details.
 
Share this answer
 
Posted
A much better version to use is sprintf_s, _sprintf_s_l, swprintf_s, _swprintf_s_l | Microsoft Docs[^].
 
Share this answer
 
Posted
No, it doesn't truncate - it has no idea how big the buffer is.
That doesn't mean that the buffer overrun will automatically crash your app, or not immediately - it depends on too many other factors. If the buffer is on the stack then it could easily crash when the function exits, or it could just corrupt other variables and that could cause problems later.

Basically, don't do it. Buffer overrun causes unpredictable results - they may not even be the same results if you execute the same code twice! And remember, buffer overrun is one of the classic ways to subvert an application ...
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Is this buffer overflow node.js?
SetWindowText truncates text in CView
buffer overflow question
SQL sprintf() Statement
The given columnmapping does not match up with any column in the source or destination.
System.invalidoperationexception: the given columnmapping does not match up with any column in the source or destination
code review for buffer overflows
buffer overflow in asp page
BinaryReader overflow error
sprintf date format issues?

Advertise
Privacy
Cookies
Terms of Use
Last Updated 5 Dec 2019
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900