[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: some sprintf cleanups for "who"
From: |
Jim Meyering |
Subject: |
Re: some sprintf cleanups for "who" |
Date: |
Mon, 14 Jun 2004 00:09:57 +0200 |
Paul Eggert <address@hidden> wrote:
> I noticed that who.c's make_id_equals_comment uses sprintf with an
> "%.*s" format to copy a value that might not be null-terminated; this
> results in undefined behavior. I don't know of any host where it
> doesn't work but it's easy to be safe.
>
> I then audited for other sprintf glitches and/or bugs and propose the
> following patch for them all. Each hunk is pretty much independent.
>
> 2004-06-13 Paul Eggert <address@hidden>
>
> * src/who.c (PIDSTR_DECL_AND_INIT): Don't assume pid_t fits
> in int.
> (UT_ID) [!HAVE_STRUCT_XTMP_UT_ID]: Remove bogus comment,
> as (sizeof "??") reliably returns 3.
> (print_line): Guard against idle and pid being too long
> (which is possible when printing headers).
> (print_user): Allocate enough bytes for idlestr. Use IDLESTR_LEN.
> Avoid unnecessary cast of sizeof to int.
> (make_id_equals_comment): Do not assume that UT_ID returns
> a string; it might return a non-null-terminated array.
> Use strncat instead. It's not very often where
> strncat is exactly what you want, but this is one of those rare cases.
Applied. Thanks.