|
From: | Domingo Alvarez Duarte |
Subject: | Re: [Tinycc-devel] Small patch |
Date: | Thu, 31 Jan 2013 11:58:47 +0000 |
Yes strcat append name to "__bound_" and the reason to switch to snprintf on several places like this is to prevent buffer overflow.
On Thu, Jan 31, 2013 at 11:43 AM, Thomas Preud'homme <address@hidden> wrote:Le jeudi 31 janvier 2013 12:34:27, Stephan Beal a écrit :
> On Thu, Jan 31, 2013 at 12:07 PM, Thomas Preud'hommestrcat copy the second argument at the end of the string pointed at by the
<address@hidden>wrote:
> > > - strcpy(buf, "__bound_");
> > > - strcat(buf, name);
> > > + snprintf(buf, sizeof(buf), "__bound_%s", name);
>
> strcpy and strcat are C89 and C99 while snprintf is only C99.
>
>
> The semantics of the above variants are not the same, are they? strcpy()
> and strcat() are both writing to the same address in buf, i.e. strcat is
> overwriting what strcpy() copied into buf. So the end result, unless i'm
> sorely mistaken, is a copy of the name with the __bound_ prefix. strncat()
> is c89, BTW.
first argument.
So after strcpy you'll have __bound_ and then the strcat will add name at the
end of this string.
Did I misunderstand what you said?
Best regards,
Thomas
_______________________________________________
Tinycc-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/tinycc-devel
[Prev in Thread] | Current Thread | [Next in Thread] |