[Dovecot] CVS to Mercurial switch
Timo Sirainen
tss at iki.fi
Sun May 20 19:38:08 EEST 2007
On Sat, 2007-05-19 at 23:33 +0300, Timo Sirainen wrote:
> ~/src/git-1.5.1% grep +=.*snprintf *.c
> builtin-grep.c: len += snprintf(argptr, sizeof(randarg)-len,
> builtin-grep.c: len += snprintf(argptr, sizeof(randarg)-len,
> builtin-grep.c: len += snprintf(argptr, sizeof(randarg)-len,
> commit.c: i += snprintf(parents + i, sizeof(parents) - i - 1, " %s",
> commit.c: i += snprintf(parents + i, sizeof(parents) - i - 1, " %s",
> diff.c: len += snprintf(msg + len, sizeof(msg) - len,
> diff.c: len += snprintf(msg + len, sizeof(msg) - len,
> diff.c: len += snprintf(msg + len, sizeof(msg) - len,
> diff.c: len += snprintf(msg + len, sizeof(msg) - len,
> diff.c: len += snprintf(msg + len, sizeof(msg) - len,
> diff.c: len += snprintf(msg + len, sizeof(msg) - len, "\n");
> path.c: len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
>
> Every single one of those is wrong. Linux kernel's snprintf() handles
> code like this safely, but libc doesn't.
Correcting myself a bit: Actually only diff.c was wrong, in other cases
they checked the overflow.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070520/d564069c/attachment.pgp
More information about the dovecot
mailing list