RFR: 8308071: [REDO] update for deprecated sprintf for src/utils [v2]
Kim Barrett
kbarrett at openjdk.org
Wed May 17 03:29:46 UTC 2023
On Tue, 16 May 2023 16:49:27 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> src/utils/hsdis/binutils/hsdis-binutils.c line 248:
>>
>>> 246: size_t used_size = strlen(close);
>>> 247: char* p = buf + used_size;
>>> 248: bufsize -= used_size;
>>
>> May not happen in practice, but if `used_size` is larger than `bufsize` this will wrap to a very large value. Perhaps the `strcpy` above should also be an `snprintf`, and the return value handled the same way as for the subsequent `snprintf` calls?
>
> I think it is safe as the `buf` size has been checked at around line 230. However, it may make the code easier to read if replacing `strcpy` with `snprintf`. The patch was updated accordingly.
This and all uses of snprintf in this change are incorrect. If the output is truncated, snprintf returns the
number of characters that would have been written if there had been enough space. That is, the result
may be larger than bufsize.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/13995#discussion_r1195887441
More information about the build-dev
mailing list