[asterisk-dev] [svn-commits] jpeeler: branch 1.6.2 r303677 - in /branches/1.6.2: ./ apps/app_voicemail.c

Steve Davies davies147 at gmail.com
Tue Feb 8 11:44:32 CST 2011


On 8 February 2011 16:48, Tilghman Lesher <tilghman at meg.abyt.es> wrote:
> On Tuesday 08 February 2011 06:04:26 Steve Davies wrote:
>> > 3) The %30d can potentially overflow an 'int' type. Is it safer to use
>> > %9d, which will always fit?
>
> No, it cannot.  The purpose of specifying the 30 maximum characters is to
> limit the number of characters in the input string that sscanf will accept
> before shutting off input.  There is a bug on some platforms where this
> string can overflow the length of an internal buffer when the maximum input
> length is not specified.  However, the 'd' specifier limits the highest
> value, not the length of the string.


Thanks for taking the time to explain that :)
Steve



More information about the asterisk-dev mailing list