Date: Wed, 13 Dec 2000 09:06:07 +0000 (GMT) From: Terry Lambert <tlambert@primenet.com> To: phk@critter.freebsd.dk (Poul-Henning Kamp) Cc: tlambert@primenet.com (Terry Lambert), kris@citusc.usc.edu, des@ofug.org (Dag-Erling Smorgrav), arch@FreeBSD.ORG Subject: Re: Safe string formatting in the kernel Message-ID: <200012130906.CAA27235@usr08.primenet.com> In-Reply-To: <79446.976697492@critter> from "Poul-Henning Kamp" at Dec 13, 2000 09:51:32 AM
next in thread | previous in thread | raw e-mail | index | archive | help
> >I've been a fan of this approach, ever since I fixed a memory > >leak in the failure path (submitted via Matt Day in 1997). It > >is much more robust; I've been troubled by the mount option > >cruft in BSD, and the more string stuff goes into the kernel, > >the less happy I become with it. > > I don't necessarily see that as a bad thing :-) > > The main trouble is bad syscall API design: All strings should be > passed by pointer+length, rather than asciiz sematics. DEFINITELY. This would let you do the allocation based on peeking at the size prior to copying the whole string in. Count prefix strings are one thing the C language has been missing for years. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012130906.CAA27235>