string arg overwirtten in sprintf call

string arg overwirtten in sprintf call

Post by John W. Woot » Sat, 24 Aug 1991 02:48:17



Having a curious problem with the following piece of code.
The definition for user_record isn't important, and MAXIN is #defined to be 60.

The problem is that a temporary file name \tmp\tmp<PID> is created and stored  
in character string tmpfile.
The file is created sucessfully and can be written into.  It is then closed  
with the fclose.
Just before the sprintf statement building mail_it in preparation for a system  
call, tmpfile is printed out and is correct.
After the call to sprintf, tmpfile is printed out and contains only "gov"!!!
The string mail_it is created correctly and contains the proper filename
\tmp\tmp<PID>.

I know somehow I'm stepping on something, but I can't figure out how or where.  
If you see my stupid error, please point it out.  Everyone can have a big laugh  
at my stupidity, BUT maybe I can get past this stumbling point and get the code  
finished.

----
int     mk_newuser(user_record,uid,pass)
        struct urec *user_record ;
        char    *uid, *pass;
{

        FILE *fptr;
        char tmpfile[MAXIN];
        char mail_it[MAXIN];
        int i;

        i = getpid();
        sprintf(tmpfile,"/tmp/tmp%d",i);

        printf("\n\n---------Generating new account for uid %s\n",uid);
        printf("-------------User is %s %s %s\n\n",
                user_record[0].data, user_record[1].data, user_record[2].data);

        fptr = fopen(tmpfile,"w");
#if 0
        fprintf(fptr,"\n\n---------Generating new account for uid %s\n",uid);
        for(i=0;i<NRECS;i++)
        {
                fprintf(fptr,"%s\t%s\n",
                        user_record[i].prompt,user_record[i].data);
        }
#endif
        fclose(fptr);
        printf("Before sprintf tmpfile = >%s<\n",tmpfile);
        sprintf(mail_it,"/bin/cat %s | mail -s 'Applicant %s' %s",
                tmpfile,uid,AUTH_AGENT);
        printf("After sprintf tmpfile = >%s<\n",tmpfile);
        printf("%s\n",mail_it);

#if 0
        system(mail_it);
#endif
        if( remove(tmpfile) != 0)
        {
                printf("tmpfile = >%s<\n",tmpfile);
                perror("Error encountered attempting removal of tmpfile");
        }

        return(TRUE);

Quote:}

 
 
 

string arg overwirtten in sprintf call

Post by Dave Eis » Sat, 24 Aug 1991 04:28:30



Quote:>Having a curious problem with the following piece of code.
>The definition for user_record isn't important, and MAXIN is #defined to be 60.

>    char tmpfile[MAXIN];
>    char mail_it[MAXIN];

....

Quote:>    printf("Before sprintf tmpfile = >%s<\n",tmpfile);
>    sprintf(mail_it,"/bin/cat %s | mail -s 'Applicant %s' %s",
>            tmpfile,uid,AUTH_AGENT);
>    printf("After sprintf tmpfile = >%s<\n",tmpfile);

My guess is that 60 bytes isn't big enough and your sprintf into
mail_it is overwriting the next variable, tmpfile. Try it with
MAXIN defines to be 1024 or something and see if you still have
problems.

--

      There's something in my library to offend everybody.
        --- Washington Coalition Against Censorship

 
 
 

string arg overwirtten in sprintf call

Post by Robert Ea » Sat, 24 Aug 1991 09:44:10


Have you considered naming the `tmpfile' variable to something else,
preferably something that isn't already a library function?

--
______________________________________________________________________
 robert earl            /       "Obviously then a Woman is not to be

                        /       where she can turn round."

 
 
 

1. Zero padding in sprintf() doesn't work for strings - HELP !

Hi

I have a problem using gcc 2.95 running on a 2.2.5-15 Red Hat linux.

Regarding sprintf, the man pages say:
0 specifying zero padding.   For  all  conversions  except  n,  the
converted  value  is padded on the left with  zeros  rather  than blanks.
If  a  precision  is  given with a numeric conversion (d, i, o, u,  i,  x,
and X), the 0 flag is ignored.

My source looks like this:

include <stdio.h>

main()
{
 char buff[30];
 char LenBuf[30];

 strcpy(LenBuf,"1");
 sprintf (buff,"%06s", LenBuf);
 printf( "buffer=%s; Length %06d\n",buff, strlen(LenBuf) );

This is the Linux output:
buffer=     1; Length 000001

This is the HP-UX output:
buffer=000001; Length 000001

It seems as if the output on Linux is wrong(using Blanks instead of zeros).

Does anybody has a solution other than rewriting the code ?

Thanks
Gerd

2. undefined versioned symbol name __dynamic_cast@@CXXABI_1.2??

3. to find the string length of a arg in Bourne shell

4. vga console -mach 32 problems

5. passing double-quoted string as C program arg

6. nntp on RS/6000 help needed

7. How to split up a single string arg into separate arguments

8. CD Writer software / CD File system question

9. How to split up a single string arg in

10. Security from outside call-ins

11. invoking ld(1) with -z ld32=arg when arg takes a comma

12. /bin/sh: VAR=function arg arg ? (possible?)

13. call by arg in bash