Date: Tue, 20 Feb 2001 15:10:41 +0100 From: mouss <usebsd@free.fr> To: Matt Dillon <dillon@earth.backplane.com> Cc: "Andrey Simonenko" <simon@comsys.ntu-kpi.kiev.ua>, freebsd-hackers@FreeBSD.ORG Subject: Re: Staticaly allocated buffers in library. Is it correct? Message-ID: <4.3.0.20010220150656.060411a0@pop.free.fr> In-Reply-To: <200102192046.f1JKkl738082@earth.backplane.com> References: <Pine.BSF.4.21.0102171202110.400-100000@scorpion.cosmos.all.net> <96rash$1m1d$1@igloo.uran.net.ua> <4.3.0.20010219200743.054eae40@pop.free.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:46 19/02/01 -0800, Matt Dillon wrote: > Yes, but we are talking about simple stupid config files here. Programs > which actually tokenize an input stream typically do not use fgets(). > Tokenizers either use [f]lex, [f]getc(), read() (and handle the buffering > themselves), or mmap(). I used the tokenize() just as an example. I consider that every program that reads a line thinks it is a line and that the next fgets will read the _next_ line. but fgets doesn't guarantee that. so we have the following alternatives: - assume the file is well formed (no too long lines). - check that the lines are not too long. I personally prefer the second alternative. It has a cost, but this is more robust. How many times have we seen things assumed for some time, and then the code reused by someone else in another purpose but failing to check that the assumptions are no more true. This has often resulted in security problems. So I'd go for "trust BUT control". and this is even more important in library functions. cheers, mouss To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.0.20010220150656.060411a0>