[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: commit ee46f6404b033f4d1312c6b52a207ec2da99d94b
|
From: |
Ben Pfaff |
|
Subject: |
Re: commit ee46f6404b033f4d1312c6b52a207ec2da99d94b |
|
Date: |
Wed, 29 Jul 2009 08:55:43 -0700 |
|
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/22.3 (gnu/linux) |
John Darrington <address@hidden> writes:
> Regarding Jason's latest commit to master, ("Merged changes from
> branch interaction-review"):
>
> I get nervous when I see memcpy used, because :
>
> 1) Its use of void * arguments circumvents type checking.
> 2) It offers no protection against buffer overflow.
>
> The patch below fixes the first problem (you'll have to re-run make -f Smake).
I don't mind using a function that provides more type-checking,
but for that purpose u8_cpy() is a better choice than
u8_strncpy(), since it has less overhead. It also won't stop at
a null byte, which matches the behavior of most of our current
code. (It might make sense to change that behavior, but I would
want to do it as a conscious choice all at one time, not
accidentally bit by bit, if possible.)
> Regarding the second problem, (specifically, I can't see anything to ensure
> that result->val will be large enough to contain the concatenated string)
> I suggest an assertion similar to assert (offset < val_width);
result->val should be large enough because it should have been
created by interaction_variable_create(), which sums up the
widths of the values that are to be concatenated.
--
Ben Pfaff
http://benpfaff.org