[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Enabling compiler warning flags
|
From: |
Jeffrey Walton |
|
Subject: |
Re: Enabling compiler warning flags |
|
Date: |
Tue, 18 Dec 2012 01:23:33 -0500 |
On Tue, Dec 18, 2012 at 1:16 AM, Russ Allbery <address@hidden> wrote:
> Jeffrey Walton <address@hidden> writes:
>
>> FORTIFY_SOURCE=2 (FORTIFY_SOURCE=1 on Android 4.1+), where available.
>> I know Drepper objects to the safer string/memory functions, but his
>> way (the way of 1970's strcpy and strcat) simply does not work. I
>> don't disagree that the safer functions are not completely safe, but I
>> refuse to throw the baby out with the bath water.
>
> Having tried both styles, what works even better than replacing strcpy and
> strcat with strlcpy and strlcat, or the new *_s functions, is to replace
> them with asprintf. You have to do a little bit of work to be guaranteed
> to have asprintf (or a lot of work if you want to support platforms with a
> broken snprintf as well), but gnulib will do it for you, and that coding
> style is so much nicer than trying to deal with static buffers and
> worrying about truncation, particularly if you design the software with
> that in mind from the start. Yes, it's probably slower, but I'll trade
> speed for clarity and safety nearly all of the time.
Yeah, I think you are right about asprintf (though I have never used it).
I can't count how many times I've seen silent truncation due to
sprint. Most recently, I pointed it out on some SE Android patches
(Android port of SE Linux) that passed by the NSA sponsored mailing
list. They went unfixed. Amazing.
Jeff