INN commit: trunk (backends/actsync.c doc/pod/actsync.pod)

Russ Allbery rra at
Thu Aug 9 17:55:40 UTC 2007

Bill Davidsen <davidsen at> writes:

> I would not be surprised if some snprintf calls should not be converted.
> Not all instances are intended to prevent overflow, some are useful to
> limit the length of a string for other reasons.

This is true in general, but in specific in INN, I don't recall seeing any
cases like that and I touched every instance of sprintf or snprintf in the
code a while back.  When we're limiting lengths, we use %.<length>s

> Automatic allocation is neat, but every path must free the string, and
> format elements may need to be limited in length to avoid unwanted
> arbitrarily long results.

The code pattern that we're replacing already does allocate memory, so the
frees already needed to be there.

Russ Allbery (rra at             <>

    Please send questions to the list rather than mailing me directly.
     <> explains why.

More information about the inn-workers mailing list