Is sprintf(buffer, “%s […]”, buffer, […]) safe?

Question

I saw use of this pattern to concatenate onto a string in some code I was working on:

sprintf(buffer, \"%s \\r\\n\",         


        

Answer 1

If you want to concatenate formatted text to the end of a buffer using printf(), I'd recommend you use an integer to keep track of the end position.

int i = strlen(buffer);
i += sprintf(&buffer[i], " \r\n", id);
i += sprintf(&buffer[i], "");

or:

int i = strlen(buffer);
i += sprintf(&buffer[i], " \r\n", id);
strcat(&buffer[i], "");

And before people go berserk downvoting this ("This isn't safe! You can overrun the buffer!"), I'm just addressing a reasonable way to build a formatted string in C/C++.