[Cryptography] defaults, black boxes, APIs, and other engineering thoughts

[Jerry Leichter]

On Jan 6, 2014, at 4:01 PM, Jonathan Thornburg wrote:
> Indeed, how many binaries on *your* laptop still use gets() and sprintf()?
gets() is a total loss.

sprintf() can actually be used safely - but it's much, much harder than people realize.  I used sprintf() to implement a collection of C++ functions to format the built-in types.  All the power of sprintf() was there, but in a controlled, type-safe fashion - e.g., length and precision were passed as integer arguments, and were range-checked.

An interesting question to ask in this context:  In the call sprintf(buf, "%f", x) - how large does buf have to be to guarantee there is no buffer overflow.  (I no longer remember the exact number, but its something like 350!  Almost all the digits printed are noise, of course, but printf doesn't care.  Obvious once you think about it through - but people rarely do).

Nevertheless, since snprintf() is universally available these days (it wasn't when I wrote that C++ code) there's no excuse for sprintf().

                                                        -- Jerry