sprintf buffer sizes

Question

I\'m a novice programmer, but usually I can unravel my own issues. This time I solved the issue, but it still stumps me. A friend suggested I ask this community for input.

Answer 1

C strings are null terminated. If you have 2 characters ("10" for example) you need a buffer sized 2 + 1 for the null terminator.

sprintf() adds this to the end of your buffer; in your current case you actually have a buffer overflow because you're not providing enough space.

The modern, safer approach is to use snprintf() to which you supply the length of the buffer.

Answer 2

I assume that sprintf adds a \0 at the end of the generated string. So for instance if you print the number 99, you'd get "99\0" in your buffer, so for a buffer with length 2, that causes problems.

Answer 3

You're forgetting the NUL terminator. In C, strings require an extra character for the terminator, so char buf[2] ought to be char buf[3] to accommodate numbers between 10 and 99.

Incidentally, your code demonstrates why sprintf is dangerous as it can write past the output buffer and enable stack smashing attacks. A better options is to use snprintf.