On Tuesday 19 October 2004 01:21 am, Atro Tossavainen wrote:
> David,
>
> > I know it is probably not much help, but I don't see this behavior.
> > I get the above command with no "unresolved" messages. Here is my
> > system:
> >
> > % cc -V
> > cc (cc)
> > Digital UNIX Compiler Driver 3.11
> > Compaq C V6.1-120 on Digital UNIX V4.0G (Rev. 1530)
>
> You have a newer compiler and a newer OS release than we do.
>
> (cf. DEC C V5.9-011 on Digital UNIX V4.0 (Rev. 1229))
>
> > % uname -a
> > OSF1 peano.scripps.edu V4.0 1530 alpha
>
> "sizer -v" tells you the exact version, but the cc -V already indicated
> it's 4.0G in your case, 4.0F here.
>
> >> "-ldb"
> >
> > Sounds reasonable to me; why not try it??
>
> I know it compiles if I do that. It probably even works most of the
> time, but I imagined there was a specific point to your using snprintf
> instead of sprintf in the first place, and consequently, that using a
> wrapped sprintf (which does not check arguments the way snprintf should)
> in lieu of a proper snprintf could expose the program to just the kind
> of buffer overflow problems you must have wanted to avoid by using
> snprintf in the first place. Am I being unnecessarily paranoid?
Well, let me offer a comment. Unless you have users you think
might try to crack your machine from within an amber program, it
is probably OK. But there are plenty of places (Linux, NetBSD,
FreeBSD) where well tested, machine independent, source code for
snprintf is readily and legitimately available. It should run
with no problem (get the code from one of the 64-bit branches,
e.g., alpha, sparc64, if you question the machine independence).
Bud Dodson
--
M. L. Dodson bdodson.scms.utmb.edu
409-772-2178 FAX: 409-772-1790
-----------------------------------------------------------------------
The AMBER Mail Reflector
To post, send mail to amber.scripps.edu
To unsubscribe, send "unsubscribe amber" to majordomo.scripps.edu
Received on Tue Oct 19 2004 - 13:53:00 PDT