vsprintf considered dangerous

[Richard A. O'Keefe]

In article <18746 at think.UUCP>, bromley at think.COM (Mark Bromley) writes:
> I have always disliked the sprintf and sscanf interface.  A somewhat different
> interface would allow the standard functions to be used with complete error
> checking in the case of io to/from strings.  In the context of stdio, what would
> be provided is an sopen function, which is given a buffer and its size and
> returns a stream in which i/o is done directly to the buffer.  Since the size is
> given at open time, attempts to write outside the buffer can be trapped.
> 
> Implementing this on top of stdio should be almost trivial.  In fact, every
> implementation of sprintf/sscanf that I have seen uses a mechanism almost
> identical to this internally.
> 
In 1984 I posted source code for such a thing.  Here it is again.
It isn't derived from anyone's proprietary source code, which means that
(a) you can do what you like with it, but
(b) it probably won't work in 4.[23]BSD or V.[23].
Have fun, anyway.

cat >fsopen.c <<'End-Of-File'
#include <stdio.h>

extern FILE *_lastbuf;

FILE *fsopen(area, size, mode)
    char *area;		/* the memory area to be read/written */
    int   size;		/* the size of the area in bytes      */
    char *mode;		/* "r", "w", or "a"		      */
    {
	register FILE *iop = &_iob[3];

	while (iop->_flag&(_IOREAD|_IOWRT|_IORW)) 
	    if (iop++ >= _lastbuf) return NULL;

	if (size < 0) {
	    register char *t = area;
	    register int n = 0;
	    while (*t++) n++;
	    size = n;
	}

	switch (*mode) {
	    case 'a':
		while (*area && size > 0) area++, size--;
	    case 'w':
		iop->_flag = _IOWRT|_IOSTRG;
		break;
	    case 'r':
		iop->_flag = _IOREAD|_IOSTRG;
		break;
	    default:
		return NULL;
	}

	iop->_ptr = iop->_base = area,
	iop->_cnt = size;
	return iop;
    }

End-Of-File