Re: patch for #4293

From: Hubert Figuiere <hfiguiere_at_teaser.fr>
Date: Tue Sep 14 2004 - 21:28:54 CEST

On Tue, 2004-09-14 at 12:08 -0700, Dom Lachowicz wrote:
> 2) Why use sprintf() instead of g_snprintf()?
> 2.a) Why use sprintf() when you're actually just doing
> a strcpy()?

Just a short notice: sprintf() should be banned. snprintf() should be
used instead (g_snprintf() is OK in UNIX only code).
If it was done this way, then it should be fixed. I might end up
grepping thru the source before release.

People may object that snprintf() may truncate the output string, but
sprintf() will simply overflow which is by anyway worse (buffer overflow
vulnerabilities, memore overwritting, etc)

Anyway I 100% agree with Dom, I just wanted to make that clear for code
sanity

Hub

-- 
Crazy French - http://www.figuiere.net/hub/
Received on Tue Sep 14 21:33:20 2004

This archive was generated by hypermail 2.1.8 : Tue Sep 14 2004 - 21:33:20 CEST