29 Jul, 2015, alteraeon wrote in the 21st comment:
Votes: 0
AA almost exclusively uses sprintf, and all but a few of the uses are safe, with sanity checks that would tell us if there was an overflow that didn't crash the system. It's pretty easy:

- we use global static print buffers and guard space in such a way as to give a safe overflow area and detection logic

- the maximum size of user entered data is known and small

- the maximum size of user data after expansions, aliases, and variable replacement is known and small

- the maximum size of descriptions is known and less than the print buffers

Taken together? The last time we had a sprintf overflow was on the order of 2005. I think. I honestly cant even remember one that didn't involve violating the sprintf constraints by printing a string on top of itself, back when I was more of a noob than now.

I'd be the last one to say that our setup is perfect. Strictly using snprintf would certainly add another layer of protection. I even considered using it back in the olden days, but decided against it because it didn't exist in most c libraries at the time. What I will say is that if you regularly see sprintf overflow issues, it's because you're doing it wrong, not because sprintf is naturally unsafe.
29 Jul, 2015, Rarva.Riendf wrote in the 22nd comment:
Votes: 0
>it's because you're doing it wrong, not because sprintf is naturally unsafe.

Or because a program evolves and now takes user input when it only used a sanitized database before.
It IS naturally unsafe. Just like a landmine is. One day you get drunk and forget one step and you are dead.
20.0/22