INN commit: trunk (backends/actsync.c doc/pod/actsync.pod)
rra at stanford.edu
Thu Aug 9 17:55:40 UTC 2007
Bill Davidsen <davidsen at tmr.com> writes:
> I would not be surprised if some snprintf calls should not be converted.
> Not all instances are intended to prevent overflow, some are useful to
> limit the length of a string for other reasons.
This is true in general, but in specific in INN, I don't recall seeing any
cases like that and I touched every instance of sprintf or snprintf in the
code a while back. When we're limiting lengths, we use %.<length>s
> Automatic allocation is neat, but every path must free the string, and
> format elements may need to be limited in length to avoid unwanted
> arbitrarily long results.
The code pattern that we're replacing already does allocate memory, so the
frees already needed to be there.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers