
230 Chapter 6 • Code Auditing and Reverse Engineering
■
sprintf(), snprintf(), vsprintf(), vsnprintf(), swprintf(), and
vswprintf() allow you to compose multiple variables into a
final text string.You should determine that the sum of the vari-
able sizes (as specified by the given format) does not exceed the
maximum size of the destination variable. For snprintf() and
vsnprintf(), the maximum value should not be larger than the
destination variable’s size.
■
gets() and fgets() read in a string of data from various file
descriptors. Both can possibly read in more data than the desti-
nation variable was allocated to hold.The fgets() function
requires a maximum ...