Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 05 Jan 2001 02:06:53 +0000
From:      Brian Somers <brian@Awfulhak.org>
To:        Chris Faulhaber <jedgar@fxp.org>
Cc:        Will Andrews <will@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@Awfulhak.org
Subject:   Re: cvs commit: src/usr.bin/apply apply.c 
Message-ID:  <200101050206.f0526rB87964@hak.lan.Awfulhak.org>
In-Reply-To: Message from Chris Faulhaber <jedgar@fxp.org>  of "Thu, 04 Jan 2001 14:23:31 EST." <20010104142331.D47414@peitho.fxp.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
> On Thu, Jan 04, 2001 at 11:05:49AM -0800, Will Andrews wrote:
> > will        2001/01/04 11:05:49 PST
> > 
> >   Modified files:
> >     usr.bin/apply        apply.c 
> >   Log:
> >   BDECFLAGS; de-__P()-ify, ANSIfy, use snprintf() instead of sprintf(),
> >   especially on strings passed from argv; rename system() to exec_shell(),
> >   and make it static; use strlcpy() and make sure it works; use proper
> >   type (size_t) to be passed to malloc()/realloc().
> >   
> 
> All the snprintf/strlcpy 'fixes' you made are quite broken since the
> variables you apply sizeof() to are pointers:
> 
> 	char *c, *cmd, *p, *q;
> 
> ...
> 
> -		p += sprintf(cmd, "exec %s", argv[0]);
> +		p += snprintf(cmd, sizeof(cmd), "exec %s", argv[0]);
>  		for (i = 1; i <= nargs; i++)
> -			p += sprintf(p, " %c%d", magic, i);
> +			p += snprintf(p, sizeof(p), " %c%d", magic, i);

Also (and this bug was already there), s[n]printf() returns the length 
of what it would have liked to have put in the target, not what it 
actually wrote.  If the first s[n]printf() above ends up truncating, 
the second one will happily overflow.

s[n]printf() is poorly documented in this area.

> -- 
> Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
> --------------------------------------------------------
> FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>;                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101050206.f0526rB87964>