Word Lens
Word Lens. Real-time text translation on the iPhone. All I can say is 'wow'.
Jim on 12.16.10 @ 09:12 PM ET [link]
I just found a bug in someone else's C code today caused by a misuse of snprintf(). It's worth pointing out because of the subtlety.
The general form of the bug is:
char buffer[LEN];
char* p = buffer;
char* limit = &buffer[LEN-1];
while(something)
{
...
p += snprintf(p, limit - p, "%s", somestring);
}
The idea was that the use of snprintf would prevent a buffer overrun. But to quote the man page:
If the output was truncated due to this limit then the return value is the number of characters (not including the trailing ’\0’) which would have been written to the final string if enough space had been available.
So the value "limit - p" actually goes negative, giving snprintf free rein to overwrite the stack.
Jim on 12.09.10 @ 05:42 PM ET [link]
Email: jim@jimandbarb.DELETETHISPART.net
(please remove the DELETETHISPART before sending me mail!)