[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gnulib] removing asctime_r, ctime_r from the time_r module

From: Eric Blake
Subject: Re: [bug-gnulib] removing asctime_r, ctime_r from the time_r module
Date: Mon, 24 Apr 2006 06:35:12 -0600
User-agent: Thunderbird (Windows/20060308)

Hash: SHA1

According to Bruno Haible on 4/24/2006 6:12 AM:
> Paul Eggert wrote on 2006-03-10:
>> I recently redisovered the fact that asctime_r and ctime_r, like
>> asctime and ctime, are unsafe functions in the same sense that gets is
>> unsafe: they can overrun their output buffers and there's no simple
>> way for the user to detect in advance whether this will happen.  So
>> GNU apps shouldn't use these functions, and I propose that we remove
>> these function emulations from gnulib, as follows.  Any objections?
> Unlike gets() and the termcap functions, these functions don't need a buffer
> of arbitrary size. Only the initially specified size was too small. The
> functions would be OK to use in GNU programs if a buffer of size 100 was
> used rather than a buffer of size 26, no?

That would work to avoid overflow, but then you are wasting buffer space
in the majority of usage patterns.  Besides, as the Austin group has
remarked, asctime_r and ctime_r also suffer from the fact that they do not
honor i18n, and have proposed to obsolete them in the next version of
POSIX even though they are still standardized by C99.  So you are better
off teaching programmers the mindset of using strftime anyways, even if
buffer overflow can be avoided with asctime or ctime.

- --
Life is short - so eat dessert first!

Eric Blake             address@hidden
Version: GnuPG v1.4.2.1 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


reply via email to

[Prev in Thread] Current Thread [Next in Thread]