Here's the situation:
We received code from an outside source that uses sprintf like strcat. Like this:
char buffer[1024];
sprintf(buffer, "Some text.");
sprintf(buffer, "%s%s", buffer, "Some more text");
sprintf(buffer, "%s%s", buffer, "again more text");
Now, this looks weird. We all agree this looks weird. That's not what I'm asking about. We all know that strcat should have been used, and it's more straightforward. I'm asking about the potential issues, aside from looking weird, that this could cause. We're running on RHEL6, and using gcc 4.9.3.
Thanks for your help.
CodePudding user response:
The function is declared like
int sprintf(char * restrict s, const char * restrict format, ...);
pay attention to the type qualifier restrict.
According to the C Standard (7.21.6.6 The sprintf function)
2 The sprintf function is equivalent to fprintf, except that the output is written into an array (specified by the argument s) rather than to a stream. A null character is written at the end of the characters written; it is not counted as part of the returned value. If copying takes place between objects that overlap, the behavior is undefined.
So these calls
sprintf(buffer, "%s%s", buffer, "Some more text");
sprintf(buffer, "%s%s", buffer, "again more text");
invoke undefined behavior.
Instead the calls could be written like
char buffer[1024];
int offset = 0;
offset = sprintf( buffer offset, "Some text.");
offset = sprintf( buffer offset, "%s", "Some more text");
sprintf( buffer offset, "%s", "again more text");
Or
char buffer[1024];
char *p = buffer;
p = sprintf( p, "Some text.");
p = sprintf( p, "%s", "Some more text");
sprintf( p, "%s", "again more text");
As for the qualifier restrict then in general words in means (6.7.3 Type qualifiers)
8 An object that is accessed through a restrict-qualified pointer has a special association with that pointer. This association, defined in 6.7.3.1 below, requires that all accesses to that object use, directly or indirectly, the value of that particular pointer