Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup

qemu-block

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf()

From:	Gerd Hoffmann
Subject:	Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf()
Date:	Thu, 11 Apr 2024 12:02:54 +0200

On Thu, Apr 11, 2024 at 11:36:10AM +0200, Philippe Mathieu-Daudé wrote:
> On 11/4/24 09:47, Gerd Hoffmann wrote:
> >    Hi,
> > 
> > >      Due to security concerns inherent in the design of sprintf(3),
> > >      it is highly recommended that you use snprintf(3) instead.
> > 
> > > -    char response[40];
> > > +    g_autofree char *response = NULL;
> > 
> > > -                    sprintf(response, "\033[%d;%dR",
> > > +                    response = g_strdup_printf("\033[%d;%dR",
> > 
> > Any specific reason why you don't go with the recommendation above?
> > 
> > While using g_strdup_printf() isn't wrong it allocates memory which
> > is not needed here because you can continue to use the stack buffer
> > this way:
> > 
> >     snprintf(response, sizeof(response), ...);
> 
> I thought GLib/GString was recommended for formatting,

If you allocate the output buffer anyway (and there are patches in this
series where this is the case) it's clearly better to use
g_strdup_printf instead of malloc + snprintf.

In case a fixed-size buffer can be used I wouldn't switch to dynamic
allocation ...

take care,
  Gerd

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 00/12] misc: Remove sprintf() due to macOS deprecation, Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf(), Philippe Mathieu-Daudé, 2024/04/10
  - Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf(), Marc-André Lureau, 2024/04/11
  - Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf(), Gerd Hoffmann, 2024/04/11
    - Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf(), Philippe Mathieu-Daudé, 2024/04/11
    - Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf(), Gerd Hoffmann <=
- [PATCH 02/12] hw/vfio/pci: Replace sprintf() by g_strdup_printf(), Philippe Mathieu-Daudé, 2024/04/10
  - Re: [PATCH 02/12] hw/vfio/pci: Replace sprintf() by g_strdup_printf(), Alex Williamson, 2024/04/12
    - Re: [PATCH 02/12] hw/vfio/pci: Replace sprintf() by g_strdup_printf(), Cédric Le Goater, 2024/04/15
- [PATCH 03/12] hw/ppc/spapr: Replace sprintf() by g_strdup_printf(), Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 04/12] hw/mips/malta: Replace sprintf() by g_string_append_printf(), Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 05/12] system/qtest: Replace sprintf() by g_string_append_printf(), Philippe Mathieu-Daudé, 2024/04/10
  - Re: [PATCH 05/12] system/qtest: Replace sprintf() by g_string_append_printf(), Thomas Huth, 2024/04/11
- [PATCH 06/12] util/hexdump: Rename @offset argument in qemu_hexdump_line(), Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 07/12] util/hexdump: Have qemu_hexdump_line() return heap allocated buffer, Philippe Mathieu-Daudé, 2024/04/10
- [PATCH 08/12] util/hexdump: Replace sprintf() by g_string_append_printf(), Philippe Mathieu-Daudé, 2024/04/10

Prev by Date: Re: [PATCH 00/12] misc: Remove sprintf() due to macOS deprecation
Next by Date: [PATCH v2 00/13] misc: Remove sprintf() due to macOS deprecation
Previous by thread: Re: [PATCH 01/12] ui/console-vc: Replace sprintf() by g_strdup_printf()
Next by thread: [PATCH 02/12] hw/vfio/pci: Replace sprintf() by g_strdup_printf()
Index(es):
- Date
- Thread