[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnokii gtk2 port

From: BORBELY Zoltan
Subject: Re: [PATCH] gnokii gtk2 port
Date: Tue, 2 Aug 2005 11:54:17 +0200
User-agent: Mutt/


On Mon, Aug 01, 2005 at 11:01:57PM +0100, Bastien Nocera wrote:
> g_strdup_printf is just because sprintf is dangerous (there's no way to
> tell whether the destination string can fit the whole string) and
> snprintf not secure either (there's no way of telling whether the string
> has been fully copied to the destination string, or that it is
> null-terminated).

There are a lot of old code in gnokii which contain buffer overflow
errors. gnokii is evolving from an ordinary application to some kind
of server application, so we have to remove these errors from the code.
Maybe we have to redesign parts of the API to reach this goal...

configure detects wheter C99 compatible snprintf() and vsnprintf()
implementation are available. gnokii will use a replacement function
if these functions aren't available or they aren't C99 compatible.
If there's no asprintf() or vasprintf() implementation, the snprintf
code provides them (look into common/snprintf.c). I think asprintf()
is the function you are looking for... :-)


reply via email to

[Prev in Thread] Current Thread [Next in Thread]