|
| From: | Paul Eggert |
| Subject: | Re: best way to deal with macOS deprecation of sprintf? |
| Date: | Thu, 3 Nov 2022 14:37:02 -0700 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.0 |
On 11/3/22 12:43, Jeffrey Walton wrote:
Apple deprecated sprintf starting at MacOS 10.12.
Yes, though that change in 10.12 apparently didn't adversely affect developers. What appears to be new in 10.13 is that the compiler is now warning about calls to sprintf. This is an unnecessary pain.
Saying that snprintf is "more secure" than sprintf is like saying strlcpy and strcpy_s are "more secure" than strcpy. (Apple's documentation[1] says strlcpy is "fully safe", which is laughably wrong.) Functions like these are not "less secure" or "more secure" in isolation, because security depends on the overall system, not just single functions.
Besides, with sprintf and adequate checking you reliably get a crash instead of snprintf's silent truncation, and this is a security win. This is one reason I'm not a fan of laboriously going through code and replacing sprintf calls with snprintf calls.
[1] https://developer.apple.com/library/archive/documentation/Security/Conceptual/SecureCodingGuide/Articles/BufferOverflows.html
| [Prev in Thread] | Current Thread | [Next in Thread] |