C Language formatted output function and the use of restricted area

Compilation Environment: debian:7.6gcc:4.7.2

first, the format of the output functionthe standard format output functions designed in the C language are as follows:

#include <stdio.h>int printf (const char *format, ...); int fprintf (FILE *stream, const char *format, ...); int sprintf (char *str, const char *format, ...); int snprintf (char *str, size_t size, const char *format, ...); #include <stdarg.h>int vprintf (const char *format, va_list AP); int vfprintf (FILE *stream, const char *format, Va_lis T ap); int vsprintf (char *str, const char *format, va_list AP); int vsnprintf (char *str, size_t size, const char *format, VA _list AP);

Ii. The relationship between each other 1. Common denominator :The data is output to the output device under the control of the formatted string. The format string specifies how the subsequent parameters are converted. such as:

printf ("%02x", +);    /* Output is 16 binary */printf ("%DX", +);     /* Output is 10 binary */

2, different points :according to the output to the device points:

printf () vprintf ()	output to standard output stream stdout
fprintf () vfprintf ()	output to specified output stream
sprintf () snprintf () vsprintf () vsnprintf ()	output to string str

by whether to specify the operation byte points:

snprintf () vsnprintf ()	write to a maximum of size bytes (with " " ) to DTR
vprintf () vfprintf () vsprintf () vsnprintf ()	equivalent to:printf () fprintf () sprintf () snprintf () The difference is that they all have a va_list list, and once the call is complete, the AP becomes "undefined" state

3. Return value :Normally, the function returns the number of characters that the output succeeded (without ' s '). If an error occurs, a negative value is returned. the number of snprintf () and vsnprintf () output characters does not exceed the size byte (with 'if size is less than the length of the string (without ' s '), the string is truncated and the return value is the length of the string (without ' s '), as follows:int len;Char str_buf[100];len = snprintf (buf, ten, "%s$", "1234567890123");//Len:13, buf: "1234567890"
if size is greater than the length of the data buffer, the buffer length string is copied, and the return value is the length of the strings (without ' s '), as follows:Char str_buf[5];//Len:13, buf: "12345"       
third, the use of attention1, when using sprintf () and vsprintf (), should ensure that the data size does not exceed the size of the STR buffer , otherwise overflow, causing disaster. If there is no guarantee, snprintf () and vsnprintf () should be chosen.
2. Add string to the back of the original string, as follows:sprintf (buf, "%s append text", buf);In my gcc, this usage works as expected, but in some GCC versions, the results are not correct. So, don't do that. Moreover, the standard explicitly states that the call sprintf (), snprintf (), vsprintf (), vsnprintf () function, if the source, destination address overlap, the result is undefined (undefined).  3. Code printf (foo), like this, tends to introduce bugs. Because if "%n" is included in Foo, it causes printf () to write to memory and create a security vulnerability . For example:printf ("%n"); Segmentation Fault

C Language formatted output function and the use of restricted area