[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: commit ee46f6404b033f4d1312c6b52a207ec2da99d94b

From: Ben Pfaff
Subject: Re: commit ee46f6404b033f4d1312c6b52a207ec2da99d94b
Date: Wed, 29 Jul 2009 08:55:43 -0700
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.3 (gnu/linux)

John Darrington <address@hidden> writes:

> Regarding Jason's latest commit to master, ("Merged changes from 
> branch interaction-review"): 
> I get nervous when I see memcpy used, because :
> 1) Its use of void * arguments circumvents type checking.
> 2) It offers no protection against buffer overflow.
> The patch below fixes the first problem (you'll have to re-run make -f Smake).

I don't mind using a function that provides more type-checking,
but for that purpose u8_cpy() is a better choice than
u8_strncpy(), since it has less overhead.  It also won't stop at
a null byte, which matches the behavior of most of our current
code.  (It might make sense to change that behavior, but I would
want to do it as a conscious choice all at one time, not
accidentally bit by bit, if possible.)

> Regarding the second problem, (specifically, I can't see anything to ensure
> that result->val will be large enough to contain  the concatenated string)
> I suggest an assertion similar to assert (offset < val_width);

result->val should be large enough because it should have been
created by interaction_variable_create(), which sums up the
widths of the values that are to be concatenated.
Ben Pfaff

reply via email to

[Prev in Thread] Current Thread [Next in Thread]