On Mon, Jul 21, 1997 at 08:05:34AM -0400, Steve "Stevers!" Coile wrote:
> It's still not clear to me why people only suggest snprintf().
> I would imagine that there are only a few cases were a program coulnd't
> pre-determine the length of a string that would be generated by sprintf()
> and malloc() enough memory to contain it all.
Well, you don't necessarily want to malloc all the space you might
need. Otherwise, you might end up being vulnerable to DoS attacks
through users filling up your memory, like the (disputed) qmail DoS
attacks posted to this list.
-- Manoj Kasichainula - manojk at io dot com - http://www.io.com/~manojk/ "I am J. D. Falk, Sysadmin. I own a web-server and a LART." -- Jeff Mercer--YxWXEtizwpuPcl6r Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE----- Version: 2.6.2
iQEVAwUBM9Q6kebiBQxKQSStAQFmFAf/bmshFld+6MdTawo488kQ80p1KTSaB+JQ hMSkwCPnsZfsCSO4Lap9CehL6EfhtTQ9r7e+oOpCvsYfeCI/47WirwMUtXLKvNOf n6xuvokD+RvqiTjNM99YsKkAutFacPH6c4iKCAqVm2c30OElyAanR2X7I6d50mOF +q8tjbV/IBewNZYSOT6sPWGd8oEpRT14AonRJUus6z+xwtynzF6EfUNbLXdJhC8F Jw9TijNPGhZvdZYe+h8rCoxNuBMH1ObIihEndu3rBtiZxb3DKz4mKQoAxqpxx6vQ Bek09LyGRWvjIFJZ6KEma2CLyrRHcvaIZ7vwQnKTTwhmeymyiyJCrg== =JSX2 -----END PGP SIGNATURE-----
--YxWXEtizwpuPcl6r--