Why ISC developing wheel again?

Paul Vixie Paul_Vixie at isc.org
Fri Oct 5 19:46:51 UTC 2007


> ... Generally using of sprintf is very bad. snprintf should be used instead.

i disagree.  if the code is easily proved correct by inspection, then it's
safe, no matter what api you're using or what latent problems it has.  gets()
is evil because you cannot know the size of the input.  but in the following
two examples, sprintf() is better:

	char buf[100];

	sprintf(buf, "hello, my name is %.10s\n", name);

vs:

	char buf[100];

	if (snprintf(buf, sizeof buf, "hello, my name is %.10s\n", name)
	    >= sizeof buf) {
	       perror("snprintf");
	       exit(1);
	}

code quality isn't just a matter of compilation speed or execution speed
or compiled code speed or portability, it's also a matter of auditability
and editability and readability.  any code that has extra crap in it just
to add safety where a shorter simpler fragment would be provably safe, is
a recipe for things like using > instead of >=, or taking sizeof the wrong
thing (like if it's a pointer) or taking sizeof different things in the
two different places you're taking sizeof.  if exit(1) is the wrong thing
to do then perhaps some function that could have been void has to become
int just to signal an error condition that can't happen.  the likelihood
that a program will be buggy, or become buggy, goes up drastically when
you start adding seatbelts everywhere.


More information about the bind-workers mailing list