Safe sprintf?
Posted: Mon Feb 27, 2017 10:35 pm
Is there a safe sprintf in XC?
I used stdio's sprintf and it overflows gladly into the variable after the array. It was my fault, but still. I had forgotten to add space for the NUL in addition to the visible chars. But it could have been worse.
The XMOS Programming Guide talks in chapter 12 about "Using safe pointers for string processing".
Is there an XMOS version of sprintf that's safe (to detect at compile-time)? Or a wrapper (for run-time checks, I assume, to detect overwrite)? Has anybody written one?
I guess that just formatting of an int is difficult in any case since the compiler would need to know the range to know how many characters would be built. And then there's the format string...
I ended up with checking the return value to detect overwrite. But it would have been much nicer to have the compiler take this! Are there cases where a certain piece of code could not be implemented with safe pointers only? From an algorithmic/language point of view?
I used stdio's sprintf and it overflows gladly into the variable after the array. It was my fault, but still. I had forgotten to add space for the NUL in addition to the visible chars. But it could have been worse.
The XMOS Programming Guide talks in chapter 12 about "Using safe pointers for string processing".
Is there an XMOS version of sprintf that's safe (to detect at compile-time)? Or a wrapper (for run-time checks, I assume, to detect overwrite)? Has anybody written one?
I guess that just formatting of an int is difficult in any case since the compiler would need to know the range to know how many characters would be built. And then there's the format string...
I ended up with checking the return value to detect overwrite. But it would have been much nicer to have the compiler take this! Are there cases where a certain piece of code could not be implemented with safe pointers only? From an algorithmic/language point of view?