[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] Use string bounded functions
I'm all for this. Are we going to mark all the "bad" ones as deprecated for some time? -JX On Jan 29, 2007, at 6:10 AM, Christoph Egger wrote: On Monday 29 January 2007 11:52, Keir Fraser wrote:On 29/1/07 10:10, "Christoph Egger" <Christoph.Egger@xxxxxxx> wrote:The attached patch replaces sprintf with snprintf and strncpy with strlcpy.There are various cases where no NULL-terminated strings are guaranteedand eventual possible overflows. This patch fixes them.BTW: Since Xen kernel has its own string functions, can't we just remove sprintf() and strncpy()? IMO, Xen should not inherit the historical Crelicts.This makes plenty of sense. Strncpy() in particular is dangerous andstrlcpy() is always preferable. So I'd be happy to see strncat/ strncpy die.sprintf() is also dangerous. snprintf() is better. sprintf() should also die.There are a few uses remaining (particularly in arch/ia64) that you'll haveto fix first.Yeah. But due to lack of hw, I can't even build test for ia64 and ppc.So when I send the patches, intel and ibm have to verify first that they don'tbreak anything.And please add 'signed-off-by' attribution when you post patches!Will do. Christoph _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |