[SDL] Re: How do I get SDL_TTF to print out numbers?
j_post at pacbell.net
Mon Mar 28 08:38:43 PST 2005
On Monday 28 March 2005 06:02 am, David Olsen wrote:
> > #include <stdio.h>
> > char Buffer;
> > int Number;
> > Number=45;
> > sprintf(Buffer,"%i",Number);
> > Buffer then contains "45" as a string.
> > nice and easy, gotta love sprintf (unless your worried about security
> This is exactly how I do it! It's so easy, and quick... But please tell me
> about the security issue? I am not terribly experienced with security
> issues. I figured quick and easy = good. But maybe it doesn't in this case?
Anytime you write to a memory buffer, there is the potential for a buffer
overflow (unless the function doing the writing checks the buffer size, which
sprintf doesn't). However, converting an integer or a double into ascii with
sprintf and a buffer size of 256 is not going to overflow.
Overflowing a buffer will scribble data over memory other than the buffer. In
this case it might be the stack, which could corrupt your return address and
then execute random code when returning from the function. This is a popular
exploit among crackers; more effective on Windows than other OSs (simply
because Windows allows ordinary users priviledges that other OSs don't).
More information about the SDL