[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Enabling compiler warning flags

From: Jeffrey Walton
Subject: Re: Enabling compiler warning flags
Date: Tue, 18 Dec 2012 01:23:33 -0500

On Tue, Dec 18, 2012 at 1:16 AM, Russ Allbery <address@hidden> wrote:
> Jeffrey Walton <address@hidden> writes:
>> FORTIFY_SOURCE=2 (FORTIFY_SOURCE=1 on Android 4.1+), where available.
>> I know Drepper objects to the safer string/memory functions, but his
>> way (the way of 1970's strcpy and strcat) simply does not work. I
>> don't disagree that the safer functions are not completely safe, but I
>> refuse to throw the baby out with the bath water.
> Having tried both styles, what works even better than replacing strcpy and
> strcat with strlcpy and strlcat, or the new *_s functions, is to replace
> them with asprintf.  You have to do a little bit of work to be guaranteed
> to have asprintf (or a lot of work if you want to support platforms with a
> broken snprintf as well), but gnulib will do it for you, and that coding
> style is so much nicer than trying to deal with static buffers and
> worrying about truncation, particularly if you design the software with
> that in mind from the start.  Yes, it's probably slower, but I'll trade
> speed for clarity and safety nearly all of the time.
Yeah, I think you are right about asprintf (though I have never used it).

I can't count how many times I've seen silent truncation due to
sprint. Most recently, I pointed it out on some SE Android patches
(Android port of SE Linux) that passed by the NSA sponsored mailing
list. They went unfixed. Amazing.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]