Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   vsprintf    ( 3 )

преобразование форматированного вывода (formatted output conversion)

Ошибки (баги) (Bugs)

Because sprintf() and vsprintf() assume an arbitrarily long
       string, callers must be careful not to overflow the actual space;
       this is often impossible to assure.  Note that the length of the
       strings produced is locale-dependent and difficult to predict.
       Use snprintf() and vsnprintf() instead (or asprintf(3) and
       vasprintf(3)).

Code such as printf(foo); often indicates a bug, since foo may contain a % character. If foo comes from untrusted user input, it may contain %n, causing the printf() call to write to memory and creating a security hole.