Date: Fri, 05 Jan 2001 02:06:53 +0000 From: Brian Somers <brian@Awfulhak.org> To: Chris Faulhaber <jedgar@fxp.org> Cc: Will Andrews <will@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@Awfulhak.org Subject: Re: cvs commit: src/usr.bin/apply apply.c Message-ID: <200101050206.f0526rB87964@hak.lan.Awfulhak.org> In-Reply-To: Message from Chris Faulhaber <jedgar@fxp.org> of "Thu, 04 Jan 2001 14:23:31 EST." <20010104142331.D47414@peitho.fxp.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, Jan 04, 2001 at 11:05:49AM -0800, Will Andrews wrote: > > will 2001/01/04 11:05:49 PST > > > > Modified files: > > usr.bin/apply apply.c > > Log: > > BDECFLAGS; de-__P()-ify, ANSIfy, use snprintf() instead of sprintf(), > > especially on strings passed from argv; rename system() to exec_shell(), > > and make it static; use strlcpy() and make sure it works; use proper > > type (size_t) to be passed to malloc()/realloc(). > > > > All the snprintf/strlcpy 'fixes' you made are quite broken since the > variables you apply sizeof() to are pointers: > > char *c, *cmd, *p, *q; > > ... > > - p += sprintf(cmd, "exec %s", argv[0]); > + p += snprintf(cmd, sizeof(cmd), "exec %s", argv[0]); > for (i = 1; i <= nargs; i++) > - p += sprintf(p, " %c%d", magic, i); > + p += snprintf(p, sizeof(p), " %c%d", magic, i); Also (and this bug was already there), s[n]printf() returns the length of what it would have liked to have put in the target, not what it actually wrote. If the first s[n]printf() above ends up truncating, the second one will happily overflow. s[n]printf() is poorly documented in this area. > -- > Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org > -------------------------------------------------------- > FreeBSD: The Power To Serve - http://www.FreeBSD.org -- Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org> <http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org> Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101050206.f0526rB87964>