apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: cvs commit: apr/strings apr_strings.c
Date Wed, 30 Jun 2004 10:07:51 GMT
On Wed, Jun 30, 2004 at 06:00:29AM -0400, Jeff Trawick wrote:
> IMHO the original version is sufficient for now.

Agreed.

..
> Note that libc has to have broken sprintf() or somebody has to introduce a 
> new bug into the apr_strfsize() function in order to have such an overflow 
> anyway. Due to the API, we can't catch the problem where the caller passes 
>  a buffer which is not large enough.

And the person who screws up the code in the future may also screw up
and remove the snprintf calls when they work out they are redundant. 
Adding tests seems like the best way to protect against someone screwing
up in the future...

joe

Mime
View raw message