[splint-discuss] Confused
Ralf Wildenhues
Ralf.Wildenhues at gmx.de
Sat Oct 9 03:49:21 EDT 2004
* Rick Bischoff wrote on Thu, Oct 07, 2004 at 02:31:02PM CEST:
>
> Problem #1
> In my project, I have a series of functions that write "stuff" to a
> char pointer (cstring). These functions then return the pointer to
> where the null terminator currently is on the cstring. This allows me
> to, when I am ready to actually collect all of the output together, to
> do the following:
>
> /* Sample writing function */
> char* writeSomeStuff(char* buffer) {
char* writeSomeStuff(/*@out@*/ /*@returned@*/ char* buffer);
> *buffer++ = '!';
> *buffer = '\0';
> return buffer;
> }
>
> /* Sample use of said function */
> void printSomeStuff() {
> char buf[1024];
> char* temp;
/*@dependent@*/ /*@temp@*/ char* temp;
> temp = writeSomeStuff(buf);
> temp = writeSomeStuff1(temp);
> temp = writeSomeStuff2(temp);
> temp = writeSomeStuff3(temp);
>
> printf("%s\n", temp);
> }
Then these don't produce any more errors. But you really should not be
using an interface like this, since it makes it extremely difficult and
error-prone to prevent buffer overflows. Use one that keeps track of
the total size.
> However, if I use the "snprintf" function to write some more
> complicated things to the output string, splint complains:
If above hints were not enough: Show complete example code exhibiting
the problem (including the snprintf!).
Regards,
Ralf
More information about the splint-discuss
mailing list