{"id":587,"date":"2025-11-30T16:52:34","date_gmt":"2025-11-30T08:52:34","guid":{"rendered":"https:\/\/hsiang.cc\/?p=587"},"modified":"2025-11-27T16:55:16","modified_gmt":"2025-11-27T08:55:16","slug":"c-%e8%aa%9e%e8%a8%80%e7%82%ba%e4%bb%80%e9%ba%bcsprintf%e8%a6%81%e6%94%b9%e7%94%a8-snprintf%ef%bc%9f%e4%b8%80%e6%ac%a1%e6%90%9e%e6%87%82-c-%e8%aa%9e%e8%a8%80%e7%9a%84%e7%b7%a9%e8%a1%9d%e5%8d%80","status":"publish","type":"post","link":"https:\/\/hsiang.cc\/?p=587","title":{"rendered":"[C \u8a9e\u8a00]\u70ba\u4ec0\u9ebcsprintf\u8981\u6539\u7528 snprintf\uff1f\u4e00\u6b21\u641e\u61c2 C \u8a9e\u8a00\u7684\u7de9\u885d\u5340\u5b89\u5168"},"content":{"rendered":"

\u9084\u8a18\u5f97\u7b2c\u4e00\u6b21\u88ab code reviewer \u9000\u56de\u7a0b\u5f0f\u78bc\u7684\u5fc3\u60c5\u55ce\uff1f\u7576\u6642\u6211\u53ea\u662f\u7528\u4e86\u4e00\u500b\u770b\u4f3c\u5e73\u51e1\u7121\u5947\u7684 sprintf<\/code> \u51fd\u6578\uff0c\u537b\u88ab\u6a19\u8a3b\u70ba\u300c\u56b4\u91cd\u5b89\u5168\u554f\u984c\u300d\u3002\u7576\u4e0b\u6211\u5fc3\u60f3\uff1a\u300c\u4e0d\u5c31\u662f\u683c\u5f0f\u5316\u5b57\u4e32\u55ce\uff1f\u6709\u9019\u9ebc\u56b4\u91cd\uff1f\u300d\u76f4\u5230\u6211\u6df1\u5165\u4e86\u89e3\u5f8c\u624d\u767c\u73fe\uff0c\u9019\u500b\u5c0f\u5c0f\u7684\u51fd\u6578\u9078\u64c7\uff0c\u53ef\u80fd\u662f\u99ed\u5ba2\u5165\u4fb5\u7cfb\u7d71\u7684\u5927\u9580\u3002\u4eca\u5929\uff0c\u8b93\u6211\u5011\u4e00\u8d77\u4f86\u63a2\u8a0e\u70ba\u4ec0\u9ebc sprintf<\/code> \u5982\u6b64\u5371\u96aa\uff0c\u4ee5\u53ca\u70ba\u4ec0\u9ebc\u6240\u6709 C \u8a9e\u8a00\u958b\u767c\u8005\u90fd\u61c9\u8a72\u6539\u7528 snprintf<\/code>\u3002<\/p>\n

\n

\u4e00\u3001sprintf vs snprintf\uff1a\u770b\u4f3c\u76f8\u540c\uff0c\u5be6\u5247\u5929\u5dee\u5730\u5225<\/strong><\/h4>\n

<\/p>\n

\u9019\u5169\u500b\u51fd\u6578\u7684\u529f\u80fd\u770b\u8d77\u4f86\u5e7e\u4e4e\u4e00\u6a23\u2014\u2014\u90fd\u662f\u5c07\u683c\u5f0f\u5316\u7684\u5b57\u4e32\u5beb\u5165\u7de9\u885d\u5340\u3002\u4f46\u95dc\u9375\u5dee\u7570\u5728\u65bc\uff1asnprintf \u6703\u6aa2\u67e5\u7de9\u885d\u5340\u908a\u754c\uff0csprintf \u4e0d\u6703<\/strong>\u3002<\/p>\n

\/\/ \u4e0d\u5b89\u5168\u7684\u5beb\u6cd5\nchar buffer[10];\nsprintf(buffer, \"%s\", some_string);  \/\/ \u26a0\ufe0f \u6c92\u6709\u9577\u5ea6\u4fdd\u8b77\n\n\/\/ \u5b89\u5168\u7684\u5beb\u6cd5\nchar buffer[10];\nsnprintf(buffer, sizeof(buffer), \"%s\", some_string);  \/\/ \u2705 \u6709\u9577\u5ea6\u9650\u5236\n<\/code><\/pre>\n
\u9019\u500b\u5dee\u7570\u770b\u4f3c\u5fae\u5c0f\uff0c\u4f46\u5728\u771f\u5be6\u4e16\u754c\u4e2d\uff0c\u5b83\u53ef\u80fd\u662f\u7cfb\u7d71\u5b89\u5168\u8207\u5426\u7684\u5206\u6c34\u5dba\u3002<\/p>\n
\n
\u4e8c\u3001\u7de9\u885d\u5340\u6ea2\u4f4d\uff1a\u4e00\u500b\u53e4\u8001\u4f46\u81f4\u547d\u7684\u6f0f\u6d1e<\/strong><\/h4>\n
\u7de9\u885d\u5340\u6ea2\u4f4d\uff08Buffer Overflow\uff09\u662f\u8cc7\u8a0a\u5b89\u5168\u53f2\u4e0a\u6700\u7d93\u5178\u7684\u653b\u64ca\u624b\u6cd5\u4e4b\u4e00\u3002\u7576\u6211\u5011\u4f7f\u7528 sprintf<\/code> \u800c\u8f38\u5165\u5b57\u4e32\u8d85\u904e\u7de9\u885d\u5340\u5927\u5c0f\u6642\uff0c\u591a\u9918\u7684\u8cc7\u6599\u6703\u8986\u84cb\u5230\u76f8\u9130\u7684\u8a18\u61b6\u9ad4\u5340\u57df\uff0c\u53ef\u80fd\u5c0e\u81f4\uff1a<\/p>\n
    \n
  1. \u7a0b\u5f0f\u5d29\u6f70<\/strong>\uff1a\u8986\u84cb\u5230\u91cd\u8981\u7684\u8cc7\u6599\u7d50\u69cb<\/li>\n
  2. \u8cc7\u6599\u640d\u6bc0<\/strong>\uff1a\u7834\u58de\u5176\u4ed6\u8b8a\u6578\u7684\u503c<\/li>\n
  3. \u5b89\u5168\u6f0f\u6d1e<\/strong>\uff1a\u88ab\u653b\u64ca\u8005\u5229\u7528\u57f7\u884c\u60e1\u610f\u7a0b\u5f0f\u78bc<\/li>\n<\/ol>\n
    \u8b93\u6211\u5011\u770b\u4e00\u500b\u5be6\u969b\u6848\u4f8b\uff1a<\/p>\n
    void process_login(char *username) {\n    char buffer[32];\n    char admin_flag = 0;  \/\/ \u7dca\u63a5\u5728 buffer \u4e4b\u5f8c\u7684\u8a18\u61b6\u9ad4\n\n    \/\/ \u5371\u96aa\uff01\u5982\u679c username \u8d85\u904e 32 \u5b57\u5143\n    sprintf(buffer, \"User: %s\", username);\n\n    if (admin_flag) {\n        grant_admin_access();  \/\/ \u53ef\u80fd\u88ab\u653b\u64ca\u8005\u89f8\u767c\uff01\n    }\n}\n<\/code><\/pre>\n
    \u653b\u64ca\u8005\u53ea\u9700\u8981\u63d0\u4f9b\u4e00\u500b\u8d85\u9577\u7684 username\uff0c\u5c31\u53ef\u80fd\u8986\u84cb admin_flag<\/code> \u7684\u503c\uff0c\u9032\u800c\u53d6\u5f97\u7ba1\u7406\u54e1\u6b0a\u9650\u3002\u9019\u4e0d\u662f\u7406\u8ad6\u4e0a\u7684\u98a8\u96aa\uff0c\u800c\u662f\u771f\u5be6\u767c\u751f\u904e\u7121\u6578\u6b21\u7684\u653b\u64ca\u6848\u4f8b\u3002<\/p>\n
    \n
    \u4e09\u3001snprintf \u5982\u4f55\u4fdd\u8b77\u4f60\u7684\u7a0b\u5f0f<\/strong><\/h4>\n
    snprintf<\/code> \u7684\u8a2d\u8a08\u54f2\u5b78\u5f88\u7c21\u55ae\uff1a\u6c38\u9060\u4e0d\u8981\u5beb\u5165\u8d85\u904e\u6307\u5b9a\u5927\u5c0f\u7684\u8cc7\u6599<\/strong>\u3002<\/p>\n
    \u7279\u9ede 1\uff1a\u81ea\u52d5\u622a\u65b7<\/strong><\/p>\n
    char buf[10];\nsnprintf(buf, sizeof(buf), \"Hello, World!\");\n\/\/ \u7d50\u679c\uff1abuf = \"Hello, Wo\\0\" (\u6700\u591a 9 \u500b\u5b57\u5143 + null terminator)\n<\/code><\/pre>\n
    \u7279\u9ede 2\uff1a\u8fd4\u56de\u503c\u544a\u8a34\u4f60\u771f\u76f8<\/strong><\/p>\n
    char buf[10];\nint len = snprintf(buf, sizeof(buf), \"Hello, World!\");\n\nif (len >= sizeof(buf)) {\n    printf(\"\u8b66\u544a\uff1a\u5b57\u4e32\u88ab\u622a\u65b7\uff01\u5be6\u969b\u9700\u8981 %d bytes\\n\", len + 1);\n    \/\/ \u4f60\u53ef\u4ee5\u9078\u64c7\u91cd\u65b0\u5206\u914d\u66f4\u5927\u7684\u7de9\u885d\u5340\n}\n<\/code><\/pre>\n
    \u7279\u9ede 3\uff1a\u53ef\u9810\u6e2c\u7684\u884c\u70ba<\/strong><\/p>\n
    char buffer[50];\nint written = snprintf(buffer, sizeof(buffer), \n                       \"Name: %s, Age: %d\", name, age);\n\nif (written < 0) {\n    \/\/ \u7de8\u78bc\u932f\u8aa4\n    handle_error();\n} else if (written >= sizeof(buffer)) {\n    \/\/ \u8f38\u51fa\u88ab\u622a\u65b7\uff0c\u4f46\u81f3\u5c11\u4e0d\u6703\u9020\u6210\u5b89\u5168\u554f\u984c\n    log_truncation_warning();\n}\n<\/code><\/pre>\n
    \n
    \u56db\u3001\u771f\u5be6\u4e16\u754c\u7684\u6559\u8a13\uff1a\u6b77\u53f2\u4e0a\u7684\u91cd\u5927\u6f0f\u6d1e<\/strong><\/h4>\n
    \u8a31\u591a\u77e5\u540d\u7684\u5b89\u5168\u4e8b\u4ef6\u90fd\u8207\u7de9\u885d\u5340\u6ea2\u4f4d\u6709\u95dc\uff1a<\/p>\n
      \n
    • Morris Worm (1988)<\/strong>\uff1a\u7b2c\u4e00\u500b\u5927\u898f\u6a21\u7db2\u8def\u8815\u87f2\uff0c\u5229\u7528 gets()<\/code> \u548c sprintf()<\/code> \u7684\u6f0f\u6d1e<\/li>\n
    • Code Red (2001)<\/strong>\uff1a\u611f\u67d3\u8d85\u904e 35 \u842c\u53f0\u4f3a\u670d\u5668\uff0c\u5229\u7528 IIS \u7684\u7de9\u885d\u5340\u6ea2\u4f4d<\/li>\n
    • Heartbleed (2014)<\/strong>\uff1a\u96d6\u7136\u4e0d\u662f sprintf \u9020\u6210\uff0c\u4f46\u540c\u6a23\u662f\u8a18\u61b6\u9ad4\u908a\u754c\u6aa2\u67e5\u4e0d\u8db3<\/li>\n<\/ul>\n
      \u9019\u4e9b\u4e8b\u4ef6\u9020\u6210\u7684\u640d\u5931\u4ee5\u6578\u5341\u5104\u7f8e\u5143\u8a08\uff0c\u800c\u8d77\u56e0\u5f80\u5f80\u53ea\u662f\u4e00\u500b\u5c0f\u5c0f\u7684\u51fd\u6578\u9078\u64c7\u932f\u8aa4\u3002<\/p>\n
      \n
      \u4e94\u3001\u6700\u4f73\u5be6\u8e10\uff1a\u5982\u4f55\u6b63\u78ba\u4f7f\u7528 snprintf<\/strong><\/h4>\n
      #define BUFFER_SIZE 256\n\nvoid safe_string_formatting() {\n    char buffer[BUFFER_SIZE];\n\n    \/\/ \u2705 \u63a8\u85a6\uff1a\u4f7f\u7528 sizeof\n    snprintf(buffer, sizeof(buffer), \"User: %s\", username);\n\n    \/\/ \u2705 \u4e5f\u53ef\u4ee5\uff1a\u4f7f\u7528\u5e38\u6578\uff08\u4f46 sizeof \u66f4\u5b89\u5168\uff09\n    snprintf(buffer, BUFFER_SIZE, \"User: %s\", username);\n\n    \/\/ \u274c \u907f\u514d\uff1a\u786c\u7de8\u78bc\u6578\u5b57\n    snprintf(buffer, 256, \"User: %s\", username);\n\n    \/\/ \u274c \u7d55\u5c0d\u4e0d\u8981\uff1a\u4f7f\u7528 sprintf\n    sprintf(buffer, \"User: %s\", username);\n}\n<\/code><\/pre>\n
      \u9032\u968e\u6280\u5de7\uff1a\u52d5\u614b\u6aa2\u67e5\u8207\u8655\u7406<\/strong><\/p>\n
      char *safe_format_string(const char *format, ...) {\n    char buffer[1024];\n    va_list args;\n\n    va_start(args, format);\n    int needed = vsnprintf(buffer, sizeof(buffer), format, args);\n    va_end(args);\n\n    if (needed >= sizeof(buffer)) {\n        \/\/ \u9700\u8981\u66f4\u5927\u7684\u7de9\u885d\u5340\n        char *large_buffer = malloc(needed + 1);\n        if (large_buffer) {\n            va_start(args, format);\n            vsnprintf(large_buffer, needed + 1, format, args);\n            va_end(args);\n            return large_buffer;\n        }\n    }\n\n    return strdup(buffer);\n}\n<\/code><\/pre>\n
      \n
      \u516d\u3001\u7de8\u8b6f\u5668\u4e5f\u5728\u5e6b\u4f60\uff1a\u73fe\u4ee3\u5de5\u5177\u7684\u8b66\u544a<\/strong><\/h4>\n
      \u73fe\u4ee3\u7de8\u8b6f\u5668\uff08\u5982 GCC\u3001Clang\uff09\u90fd\u6703\u5c0d sprintf<\/code> \u767c\u51fa\u8b66\u544a\uff1a<\/p>\n
      warning: 'sprintf' is deprecated: This function is provided for \ncompatibility reasons only. Due to security concerns inherent in \nthe design of sprintf(3), it is highly recommended that you use \nsnprintf(3) instead.\n<\/code><\/pre>\n
      \u5982\u679c\u4f60\u770b\u5230\u9019\u500b\u8b66\u544a\uff0c\u8acb\u7acb\u5373\u4fee\u6b63<\/strong>\u3002\u9019\u4e0d\u662f\u53ef\u4ee5\u5ffd\u7565\u7684\u5c0f\u554f\u984c\u3002<\/p>\n
      \u4f60\u4e5f\u53ef\u4ee5\u5728\u7de8\u8b6f\u6642\u52a0\u4e0a\u66f4\u56b4\u683c\u7684\u6aa2\u67e5\uff1a<\/p>\n
      gcc -Wall -Wextra -Wformat-security -D_FORTIFY_SOURCE=2 your_code.c\n<\/code><\/pre>\n
      \n
      \u7d50\u5c3e\uff1a<\/strong><\/p>\n
      \u5f9e sprintf<\/code> \u5230 snprintf<\/code> \u7684\u8f49\u8b8a\uff0c\u4e0d\u50c5\u50c5\u662f\u51fd\u6578\u540d\u7a31\u591a\u4e86\u4e00\u500b\u5b57\u6bcd\uff0c\u66f4\u4ee3\u8868\u8457\u5f9e\u300c\u80fd\u7528\u5c31\u597d\u300d\u5230\u300c\u5b89\u5168\u7b2c\u4e00\u300d\u7684\u601d\u7dad\u8f49\u8b8a\u3002\u5728\u73fe\u4ee3\u8edf\u9ad4\u958b\u767c\u4e2d\uff0c\u5b89\u5168\u6027\u5df2\u7d93\u4e0d\u662f\u53ef\u9078\u9805\uff0c\u800c\u662f\u5fc5\u9700\u54c1\u3002<\/p>\n
      \u8a18\u4f4f\u9019\u500b\u7c21\u55ae\u7684\u539f\u5247\uff1a\u6c38\u9060\u4f7f\u7528 snprintf\uff0c\u6c38\u9060\u4e0d\u8981\u4f7f\u7528 sprintf<\/strong>\u3002\u9019\u500b\u5c0f\u5c0f\u7684\u6539\u8b8a\uff0c\u53ef\u80fd\u5c31\u662f\u4fdd\u8b77\u4f60\u7684\u7cfb\u7d71\u514d\u53d7\u653b\u64ca\u7684\u7b2c\u4e00\u9053\u9632\u7dda\u3002<\/p>\n
      \u5982\u679c\u4f60\u5728\u65e2\u6709\u7684\u7a0b\u5f0f\u78bc\u4e2d\u767c\u73fe\u4e86 sprintf<\/code>\uff0c\u4e0d\u8981\u7336\u8c6b\uff0c\u7acb\u5373\u91cd\u69cb\u5b83\u3002\u4f60\u7684 code reviewer \u6703\u611f\u8b1d\u4f60\uff0c\u4f60\u7684\u4f7f\u7528\u8005\u6703\u611f\u8b1d\u4f60\uff0c\u672a\u4f86\u7684\u4f60\u4e5f\u6703\u611f\u8b1d\u73fe\u5728\u505a\u51fa\u6b63\u78ba\u9078\u64c7\u7684\u81ea\u5df1\u3002<\/p>\n
      \u4f60\u6709\u9047\u904e\u56e0\u70ba\u7de9\u885d\u5340\u6ea2\u4f4d\u9020\u6210\u7684\u554f\u984c\u55ce\uff1f\u6216\u662f\u6709\u5176\u4ed6 C \u8a9e\u8a00\u5b89\u5168\u5be6\u8e10\u60f3\u5206\u4eab\uff1f\u6b61\u8fce\u5728\u4e0b\u65b9\u7559\u8a00\u8a0e\u8ad6\uff01<\/p>\n
      \n
      \ud83c\udff7\ufe0f \u7522\u751f\u95dc\u9375\u5b57<\/h2>\n
      C\u8a9e\u8a00\u5b89\u5168, sprintf vs snprintf, \u7de9\u885d\u5340\u6ea2\u4f4d, Buffer Overflow, \u5b89\u5168\u7de8\u7a0b\u5be6\u8e10, C\u8a9e\u8a00\u6700\u4f73\u5be6\u8e10, \u8a18\u61b6\u9ad4\u5b89\u5168, \u7a0b\u5f0f\u78bc\u5be9\u67e5, \u8edf\u9ad4\u5b89\u5168\u6f0f\u6d1e, snprintf\u7528\u6cd5, C\u8a9e\u8a00\u5b57\u4e32\u8655\u7406, \u5b89\u5168\u51fd\u6578, \u7a0b\u5f0f\u78bc\u91cd\u69cb, \u8cc7\u8a0a\u5b89\u5168, \u9632\u79a6\u6027\u7de8\u7a0b<\/p>\n
      \n
      \ud83c\udfa8 \u7522\u751f\u5e7e\u500b\u76f8\u95dc\u7684\u63d2\u5716\u63cf\u8ff0\u8a5e<\/h2>\n
        \n
      1. \u7de9\u885d\u5340\u6ea2\u4f4d\u793a\u610f\u5716<\/strong>\uff1a\u4e00\u500b\u8996\u89ba\u5316\u7684\u8a18\u61b6\u9ad4\u4f48\u5c40\u5716\uff0c\u986f\u793a\u6b63\u5e38\u7684\u7de9\u885d\u5340\u8207\u6ea2\u4f4d\u5f8c\u8cc7\u6599\u8986\u84cb\u76f8\u9130\u8a18\u61b6\u9ad4\u7684\u5c0d\u6bd4\uff0c\u4f7f\u7528\u7d05\u8272\u6a19\u793a\u5371\u96aa\u5340\u57df\u3002<\/p>\n<\/li>\n
      2. \n
        sprintf vs snprintf \u6bd4\u8f03\u5716\u8868<\/strong>\uff1a\u4e26\u6392\u7684\u7a0b\u5f0f\u78bc\u5340\u584a\u5c0d\u6bd4\uff0c\u5de6\u5074\u6a19\u793a\u5371\u96aa\u7684 sprintf\uff08\u7d05\u8272\u8b66\u544a\u6a19\u8a8c\uff09\uff0c\u53f3\u5074\u5c55\u793a\u5b89\u5168\u7684 snprintf\uff08\u7da0\u8272\u52fe\u9078\u6a19\u8a8c\uff09\u3002<\/p>\n<\/li>\n
      3. \n
        \u5b89\u5168\u6aa2\u67e5\u6d41\u7a0b\u5716<\/strong>\uff1a\u5c55\u793a snprintf \u5982\u4f55\u5728\u5beb\u5165\u8cc7\u6599\u524d\u6aa2\u67e5\u7de9\u885d\u5340\u908a\u754c\uff0c\u5305\u542b\u6c7a\u7b56\u6a39\u548c\u8cc7\u6599\u6d41\u5411\u7bad\u982d\u3002<\/p>\n<\/li>\n
      4. \n
        \u6b77\u53f2\u6f0f\u6d1e\u6642\u9593\u8ef8<\/strong>\uff1a\u5f9e 1988 \u5e74 Morris Worm \u5230\u8fd1\u4ee3\u7684\u5b89\u5168\u4e8b\u4ef6\uff0c\u8996\u89ba\u5316\u5448\u73fe\u7de9\u885d\u5340\u6ea2\u4f4d\u9020\u6210\u7684\u91cd\u5927\u8cc7\u5b89\u4e8b\u4ef6\u3002<\/p>\n<\/li>\n
      5. \n
        \u7a0b\u5f0f\u78bc\u5be9\u67e5\u5834\u666f<\/strong>\uff1a\u958b\u767c\u8005\u5728\u87a2\u5e55\u524d\u6aa2\u8996\u7a0b\u5f0f\u78bc\uff0c\u87a2\u5e55\u4e0a\u986f\u793a\u7de8\u8b6f\u5668\u8b66\u544a\u8a0a\u606f\uff0c\u5f37\u8abf code review \u7684\u91cd\u8981\u6027\u3002<\/p>\n<\/li>\n<\/ol>\n
        \n
        \ud83d\ude80 \u5217\u51fa\u5e7e\u500b\u672a\u4f86\u53ef\u4ee5\u63a2\u8a0e\u7684\u5ef6\u4f38\u4e3b\u984c\u5efa\u8b70<\/h2>\n
          \n
        1. \n
          C \u8a9e\u8a00\u5176\u4ed6\u5371\u96aa\u51fd\u6578\u5927\u76e4\u9ede<\/strong>\uff1a\u6df1\u5165\u63a2\u8a0e strcpy<\/code> vs strncpy<\/code>\u3001gets<\/code> vs fgets<\/code>\u3001scanf<\/code> \u7684\u5b89\u5168\u4f7f\u7528\u7b49\uff0c\u5efa\u7acb\u5b8c\u6574\u7684\u5b89\u5168\u51fd\u6578\u66ff\u4ee3\u6307\u5357\u3002<\/p>\n<\/li>\n
        2. \n
          \u8a18\u61b6\u9ad4\u5b89\u5168\u5de5\u5177\u5be6\u6230<\/strong>\uff1a\u4ecb\u7d39 Valgrind\u3001AddressSanitizer\u3001MemorySanitizer \u7b49\u5de5\u5177\u7684\u4f7f\u7528\u65b9\u6cd5\uff0c\u6559\u8b80\u8005\u5982\u4f55\u5728\u958b\u767c\u968e\u6bb5\u5c31\u767c\u73fe\u8a18\u61b6\u9ad4\u554f\u984c\u3002<\/p>\n<\/li>\n
        3. \n
          \u5f9e C \u5230 Rust\uff1a\u8a18\u61b6\u9ad4\u5b89\u5168\u7684\u5178\u7bc4\u8f49\u79fb<\/strong>\uff1a\u6bd4\u8f03 C \u8a9e\u8a00\u7684\u624b\u52d5\u8a18\u61b6\u9ad4\u7ba1\u7406\u8207 Rust \u7684\u6240\u6709\u6b0a\u7cfb\u7d71\uff0c\u63a2\u8a0e\u73fe\u4ee3\u8a9e\u8a00\u5982\u4f55\u5f9e\u6839\u672c\u4e0a\u89e3\u6c7a\u9019\u4e9b\u554f\u984c\u3002<\/p>\n<\/li>\n
        4. \n
          \u5be6\u6230\u6848\u4f8b\u5206\u6790\uff1a\u77e5\u540d\u958b\u6e90\u5c08\u6848\u7684\u5b89\u5168\u6f0f\u6d1e\u4fee\u5fa9<\/strong>\uff1a\u5206\u6790 Linux Kernel\u3001OpenSSL \u7b49\u5c08\u6848\u7684 CVE \u4fee\u5fa9\u904e\u7a0b\uff0c\u5b78\u7fd2\u5982\u4f55\u9032\u884c\u5b89\u5168\u6027\u7a0b\u5f0f\u78bc\u5be9\u67e5\u3002<\/p>\n<\/li>\n
        5. \n
          \u5efa\u7acb\u5b89\u5168\u7684 C \u8a9e\u8a00\u7de8\u78bc\u898f\u7bc4<\/strong>\uff1a\u6574\u5408 CERT C\u3001MISRA C \u7b49\u6a19\u6e96\uff0c\u70ba\u5718\u968a\u5efa\u7acb\u4e00\u5957\u5be6\u7528\u7684\u5b89\u5168\u7de8\u78bc\u6aa2\u67e5\u6e05\u55ae\u8207\u81ea\u52d5\u5316\u6aa2\u6e2c\u6d41\u7a0b\u3002<\/p>\n<\/li>\n
        6. \n
          \u7de9\u885d\u5340\u6ea2\u4f4d\u653b\u64ca\u5be6\u6230\u89e3\u6790<\/strong>\uff1a\u5f9e\u653b\u64ca\u8005\u89d2\u5ea6\u7406\u89e3 Stack Smashing\u3001ROP (Return-Oriented Programming) \u7b49\u9032\u968e\u653b\u64ca\u6280\u8853\uff0c\u77e5\u5df1\u77e5\u5f7c\u624d\u80fd\u66f4\u597d\u9632\u79a6\u3002<\/p>\n<\/li>\n<\/ol>\n
          \n
          \u5e0c\u671b\u9019\u7bc7\u6587\u7ae0\u80fd\u5e6b\u52a9\u66f4\u591a\u958b\u767c\u8005\u91cd\u8996 C \u8a9e\u8a00\u7684\u5b89\u5168\u554f\u984c\uff01\u5982\u679c\u60a8\u9700\u8981\u6211\u91dd\u5c0d\u4efb\u4f55\u5ef6\u4f38\u4e3b\u984c\u9032\u884c\u64b0\u5beb\uff0c\u6216\u662f\u9700\u8981\u8abf\u6574\u6587\u7ae0\u7684\u8a9e\u6c23\u3001\u6df1\u5ea6\uff0c\u90fd\u6b61\u8fce\u544a\u8a34\u6211\uff01 \ud83d\udcaa<\/p>\n","protected":false},"excerpt":{"rendered":"
          \u9084\u8a18\u5f97\u7b2c\u4e00\u6b21\u88ab code reviewer \u9000\u56de\u7a0b\u5f0f\u78bc\u7684\u5fc3\u60c5\u55ce\uff1f\u7576\u6642\u6211\u53ea\u662f\u7528\u4e86\u4e00 … \u95b1\u8b80\u5168\u6587 →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[15],"tags":[590,594,591,595,589,592,593,596],"class_list":["post-587","post","type-post","status-publish","format-standard","hentry","category-prog","tag-buffer-overflow","tag-snprintf","tag-591","tag-595","tag-589","tag-592","tag-593","tag-596"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/hsiang.cc\/index.php?rest_route=\/wp\/v2\/posts\/587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hsiang.cc\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hsiang.cc\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hsiang.cc\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hsiang.cc\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=587"}],"version-history":[{"count":1,"href":"https:\/\/hsiang.cc\/index.php?rest_route=\/wp\/v2\/posts\/587\/revisions"}],"predecessor-version":[{"id":588,"href":"https:\/\/hsiang.cc\/index.php?rest_route=\/wp\/v2\/posts\/587\/revisions\/588"}],"wp:attachment":[{"href":"https:\/\/hsiang.cc\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=587"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hsiang.cc\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=587"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hsiang.cc\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}