/hg/icedtea-web: Changed usage of sprintf to snprintf. Made some...

Adam Domurad adomurad at redhat.com
Wed May 23 07:10:36 PDT 2012 

Resending as it is not showing up on the mailing list ?

Here is the revised changelog and patch:
Changelog:

2012-05-23  Adam Domurad  <adomurad at redhat.com>
        Removed instances of snprintf where buffer size was not known. Added
        buffer size constant for allocating buffers for numeric conversions.
        * plugin/icedteanp/IcedTeaNPPlugin.cc: Removed usage of snprintf for 
        simple blanking of strings. Buffer size was misguided previously. 
        Used NUM_STR_BUFFER_SIZE constant to replace magic numbers.
        * plugin/icedteanp/IcedTeaPluginUtils.cc: Made 
        NPVariantToString(NPVariant variant, std::string* result) use space 
        indentation. Used NUM_STR_BUFFER_SIZE constant to replace magic 
        numbers.
        * plugin/icedteanp/IcedTeaPluginUtils.h: Added constant, 
        NUM_STR_BUFFER_SIZE.


On Wed, 2012-05-23 at 11:23 +0200, Pavel Tisnovsky wrote:
> Hi Adam,
> 
> most changes looks ok - I mean the changes from malloced strings to a normal char arrays.
> I just think it would be better to replace "magical" constants to a symbolic constants, ie.
> 20 // max = long long = 8446744073709551615 == 19 chars etc.
> 
> I'm not sure what's the actual meaning of following lines (either old and new version):
> 
> > -          sprintf(parts[0], "");
> > -          sprintf(parts[1], "");
> > -          sprintf(parts[2], "");
> > +          snprintf(parts[0], sizeof(""), "");
> > +          snprintf(parts[1], sizeof(""), "");
> > +          snprintf(parts[2], sizeof(""), "");
> 
> The new version is not safer than the old version, because to made it safer you need
> to set max.string length according to destination buffer, not according to source buffer.
> 
> After all is not it the same as pushing '\0' to the first byte of parts[*] array?
> (it would be much faster)
> 
> Cheers,
> Pavel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: revised.patch
Type: text/x-patch
Size: 5816 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120523/95a7ff4e/revised.patch

More information about the distro-pkg-dev mailing list