[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf()
|
From: |
Gerd Hoffmann |
|
Subject: |
Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf() |
|
Date: |
Thu, 11 Apr 2024 09:47:03 +0200 |
Hi,
> Due to security concerns inherent in the design of sprintf(3),
> it is highly recommended that you use snprintf(3) instead.
> - char response[40];
> + g_autofree char *response = NULL;
> - sprintf(response, "\033[%d;%dR",
> + response = g_strdup_printf("\033[%d;%dR",
Any specific reason why you don't go with the recommendation above?
While using g_strdup_printf() isn't wrong it allocates memory which
is not needed here because you can continue to use the stack buffer
this way:
snprintf(response, sizeof(response), ...);
take care,
Gerd
- [PATCH 00/12] misc: Remove sprintf() due to macOS deprecation, Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 02/12] hw/vfio/pci: Replace sprintf() by g_strdup_printf(), Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 03/12] hw/ppc/spapr: Replace sprintf() by g_strdup_printf(), Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 04/12] hw/mips/malta: Replace sprintf() by g_string_append_printf(), Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 05/12] system/qtest: Replace sprintf() by g_string_append_printf(), Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 06/12] util/hexdump: Rename @offset argument in qemu_hexdump_line(), Philippe Mathieu-Daudé, 2024/04/10