ansaurus

Question

Answer 1

+7 A:

Use fputs instead:

FILE * f = fopen( "myfile.txt", "w" );
fputs( "Hello world\n", f );

anon 2010-02-07 09:41:44

Answer 2

A:

You can use fputs, but using functions that require the size to be written are safer (buffer overrun).

So, IMHO, using fwrite would be the preferred choice.

Am 2010-02-07 09:42:27

fwrite gives you no such protection - you have to get the size with strlen(), which does effectively what fputs does

anon 2010-02-07 09:43:52

How's fwrite with strlen safer than fputs? Both will overrun the buffer if the string is missing a zero-termination.

roe 2010-02-07 09:44:42

Using fwrite with strlen gives no overrun protection, because strlen itself offers no such protection.

gnud 2010-02-07 09:45:38

no function really gives this protection. but once you must pass the length you are writing, it is less likely to make BO mistakes.

Am 2010-02-07 09:46:02

@Am No you are more likely to make mistakes - for example by supplying a bad length explicitly.

anon 2010-02-07 09:47:35

@Neil, True, but it also makes you think about it. Though i cant think of an example that will expose a threat to fputs which won't do it for fwrite+strlen.

Am 2010-02-07 09:51:41

@Am: If having to do tedious manual work would make people think harder and thus avoid mistakes, we wouldn't have those thousands of security bugs due to buffer overruns.

sbi 2010-02-07 09:59:45

comments accepted, was wrong to mention BO in this scope.

Am 2010-02-07 22:55:25

Answer 3

A:

You might check for a null within the expected length first.

Arthur Kalliokoski 2010-02-07 09:47:43

ansaurus

tags:

views:

answers:

How to write a full string to a file?

related questions