tinyxml2 icon indicating copy to clipboard operation
tinyxml2 copied to clipboard

Published 20 hours ago verified publisher icon leethomason

No error return for too small buffers in XMLUtil::ToString

Open khReichel opened this issue 3 years ago • 0 comments

I did some code analysis for the XMLUtil class of the code. There are some findings regarding the usage of ToStr functions.

The user of the ToStr methods has to make an assumption of the buffersize in which the variable should be rendered. If the buffersize will be too small the used snprintf will cut the generated string to the given buffersize (good) but will report no error if a truncation of the generated string appears (bad)

So there will be some workarounds for that case.

  1. return the result of snprintf to the user of that method (minimum)
  2. return the result with the required length of buffer to the user (somehow better)
  3. use e.g. the stream functionality of c++ to get rid of the size assumptions at all (with the drawback of internal memory allocations and maybe a performance drawback)

I would like to contribute one of the topics above (but only if there will be an acceptance for these proposals)

khReichel avatar Jan 01 '22 09:01 khReichel