-
-
Notifications
You must be signed in to change notification settings - Fork 211
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use snprintf instead of sprintf (even in trivial case) #1236
Conversation
snprintf() always writes a null terminator as well, so I think you can safely pass the full buffer size when calling it (no -1). |
return buffer ; | ||
} | ||
template <> | ||
inline const char* coerce_to_string<RAWSXP >(Rbyte from){ | ||
static char buff[3]; | ||
::sprintf(buff, "%02x", from); | ||
snprintf(buff, 2, "%02x", from); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have a unit test for this one? I'm worried we might be truncating the representation here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would welcome one. Can you think of one?
I did run it over nearly 2600 CRAN packages though as the usual reverse depends check...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll try to put one together later this morning.
Here's an example showcasing the issue:
Running with this PR, you'll see:
Given that this change doesn't cause any failures I guess this isn't a commonly-exercised code path. |
Whoops. Scrambled egg on my face. |
I was a little fuzzy / unaware on this one but do recall seeing many use of -1 in the wild. Including in the same source file a few lines above: Rcpp/inst/include/Rcpp/internal/r_coerce.h Lines 240 to 241 in b3b9bd9
but then not here (so I changed it in the PR -- the link shown is from the master branch) Rcpp/inst/include/Rcpp/internal/r_coerce.h Lines 248 to 249 in 4015d89
What is a good rule about when 'n == n' is safe and when it is not? |
b3b9bd9
to
52bfbac
Compare
Rebased and updated. Let me know what you think @kevinushey |
Good question... it's complicated and comes down to whether the format / print routine writes a null terminator for you or not. Since Another wrinkle for
So you might write code like:
tl;dr: it's unfortunately complicated and depends on whether the formatter writes a null terminator for you, and in what conditions it writes the null terminator. |
This is also why I am so happy to have fmt. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Thanks for the comment above. Reading it I realize I once knew only n-1 may be copied to leave room. So yes, 'it depends'. Anyway, we made a nice improvement and you rightly took me to school as there shouldn't be a PR without a test under it. All good. |
This commit replace the sole use
sprintf
withsnprintf
. A full run of reverse depends checks revealed no 'change to worse'.Checklist
R CMD check
still passes all tests