[asterisk-dev] [svn-commits] jpeeler: branch 1.6.2 r303677 - in /branches/1.6.2: ./ apps/app_voicemail.c

Tilghman Lesher tilghman at meg.abyt.es
Tue Feb 8 10:48:35 CST 2011

On Tuesday 08 February 2011 06:04:26 Steve Davies wrote:
> > 3) The %30d can potentially overflow an 'int' type. Is it safer to use
> > %9d, which will always fit?

No, it cannot.  The purpose of specifying the 30 maximum characters is to
limit the number of characters in the input string that sscanf will accept
before shutting off input.  There is a bug on some platforms where this
string can overflow the length of an internal buffer when the maximum input
length is not specified.  However, the 'd' specifier limits the highest
value, not the length of the string.


More information about the asterisk-dev mailing list